011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:19 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3b44}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="020687540200000000defffff4000000"], 0x10}}, 0x0) openat$cgroup(r0, &(0x7f0000000040)='syz0\x00', 0x200002, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x400000000000117, 0x0) [ 2437.102472][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:19 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="ba4300b00bee660f3a172e0010000f32652e0f0866b83c4a00000f23c80f21f866350c0030000f23f83e0b450eb804010f00d00f01f60f3800210f01cf", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x1, 0x14000) ioctl$VT_SETMODE(r3, 0x5602, &(0x7f0000000080)={0xc5, 0x20, 0x6, 0xe92, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2437.208553][T14826] binder: 14822:14826 got transaction with invalid offset (0, min 0 max 0) or object. [ 2437.300822][T14872] kvm_set_msr_common: 12 callbacks suppressed [ 2437.300839][T14872] kvm [14803]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x10 [ 2437.318520][T14826] binder: 14822:14826 transaction failed 29201/-22, size 0-12288 line 3241 [ 2437.321680][ C1] net_ratelimit: 14 callbacks suppressed [ 2437.321688][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2437.338865][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2437.344781][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2437.350599][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:19:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xda0]}) 19:19:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x580001c0]}) 19:19:19 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11]}) [ 2437.535616][T15027] kvm [15012]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xa000 [ 2437.561645][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2437.567645][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:19:20 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000080)='./file0\x00', 0x0) getitimer(0x1, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="947042b208a6f126b6b2004b8e78313114eba805afbe888998cef3eff93e2f82c90000000000f4"], 0x27) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x100082) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000000)) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, &(0x7f0000000740)) pwritev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f00000005c0)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) sendfile(r0, 0xffffffffffffffff, &(0x7f0000000240), 0x20000102000007) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000300)=0x3ff) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000ac0)={{{@in=@loopback}}, {{@in=@loopback}, 0x0, @in6=@mcast1}}, &(0x7f0000000780)=0xfffffebd) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x800, 0x0) write$FUSE_LSEEK(r1, &(0x7f0000000200)={0x18, 0xfffffffffffffffe, 0x4}, 0x18) r2 = semget(0x2, 0x3, 0x239) syz_open_dev$amidi(&(0x7f0000000340)='/dev/amidi#\x00', 0x4, 0x2000) ioctl$VIDIOC_QUERYCAP(r1, 0x80685600, &(0x7f0000000280)) semctl$IPC_RMID(r2, 0x0, 0x0) r3 = accept$alg(r0, 0x0, 0x0) connect$l2tp(r0, &(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x3, 0x3, 0x1, 0x0, {0xa, 0x4e20, 0x0, @loopback, 0x332e}}}, 0x32) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f00000001c0)=0x2) 19:19:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2437.763345][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}) [ 2437.883891][T15246] binder: 15244:15246 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60050000]}) 19:19:20 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12]}) [ 2437.965359][T15246] binder: 15244:15246 transaction failed 29201/-22, size 0-12288 line 3241 [ 2438.098961][T15274] kvm [15272]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2438.121731][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2438.127679][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:19:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200]}) 19:19:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2438.308479][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2438.440034][T15568] binder: 15566:15568 got transaction with invalid offset (0, min 0 max 0) or object. [ 2438.489990][T15567] kvm [15565]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2438.513131][T15571] binder: BINDER_SET_CONTEXT_MGR already set [ 2438.536745][T15568] binder: 15566:15568 transaction failed 29201/-22, size 0-12288 line 3241 19:19:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61050000]}) 19:19:20 executing program 1: r0 = syz_open_dev$dmmidi(&(0x7f0000000180)='/dev/dmmidi#\x00', 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x80045700, &(0x7f0000000300)) r1 = getuid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000040)=0xc) write$FUSE_ATTR(r0, &(0x7f0000000080)={0x78, 0x0, 0x2, {0xf85, 0x6, 0x0, {0x2, 0x7, 0x3f, 0x1, 0xfffffffffffffffa, 0x6, 0xac4, 0x8, 0x7f, 0x38, 0x2, r1, r2, 0x9, 0xaef}}}, 0x78) 19:19:20 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b]}) [ 2438.585019][T15571] binder: 15570:15571 ioctl 40046207 0 returned -16 19:19:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b00]}) [ 2438.715250][T15588] kvm [15580]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2438.803714][T15635] kvm [15585]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x1b 19:19:21 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2438.895409][T15791] kvm [15787]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2438.914358][T13304] binder: undelivered TRANSACTION_ERROR: 29201 19:19:21 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000040000000081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x3, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x10000000002, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000420081aee405e9a4000000000000c6ff07d800400300000000000000000000", 0x23}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000180)=""/101, 0x65}, {&(0x7f0000000200)=""/86, 0x56}, {&(0x7f0000000280)=""/91, 0x5b}, {&(0x7f0000000300)=""/4096, 0x1000}], 0x4}, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) [ 2438.943684][T15867] kvm [15585]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x1b 19:19:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70050000]}) 19:19:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e01]}) 19:19:21 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34]}) [ 2439.257999][T16008] binder: 15992:16008 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:21 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0xf82f000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:21 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000140)) r2 = syz_open_pts(r1, 0x0) ioctl$TCSETAW(r1, 0x5441, 0x0) dup2(r1, r2) [ 2439.332614][T16008] binder: 15992:16008 transaction failed 29201/-22, size 0-12288 line 3241 [ 2439.344880][T16053] kvm [16050]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x100 [ 2439.401755][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2439.407607][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2439.496563][T16124] binder: BINDER_SET_CONTEXT_MGR already set 19:19:21 executing program 5: r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x3, 0x180) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080)) syz_open_dev$loop(&(0x7f0000000580)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000cc0)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000d00), 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2001, 0x0, &(0x7f00000000c0)) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a45320, &(0x7f0000000640)={{}, 'port0\x00', 0xd7ffb85c3231897d, 0x40000, 0x2, 0x4, 0xffff, 0x1, 0xffffffff}) gettid() r2 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r3, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r3) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) 19:19:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3400]}) [ 2439.563449][T16124] binder: 16122:16124 ioctl 40046207 0 returned -16 [ 2439.563455][T13304] binder: undelivered TRANSACTION_ERROR: 29201 19:19:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x71050000]}) 19:19:22 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a]}) [ 2439.714854][T16134] kvm [16132]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:22 executing program 1: timer_create(0x0, &(0x7f00000005c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000580)) r0 = gettid() r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) prlimit64(r0, 0x7, &(0x7f0000000000)={0x3f, 0x9}, &(0x7f0000000040)) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0x40189206, 0x20000000) read$rfkill(r1, 0x0, 0xffffffaa) setsockopt$IP_VS_SO_SET_EDIT(r1, 0x0, 0x483, &(0x7f0000000200)={0x5e, @loopback, 0x4e23, 0x2, 'sed\x00', 0x20, 0x8, 0x46}, 0x2c) dup2(r1, r1) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000180)={@empty, 0x3, 0x2, 0xff, 0xe, 0x4, 0x9dcf}, &(0x7f00000001c0)=0x20) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000100)={&(0x7f00000000c0)=[0x4f, 0x5, 0x80000000, 0x4], 0x4, 0x1, 0x90c, 0x3f, 0x3ff, 0x1, {0x80000000, 0x1, 0x7, 0x2, 0x3, 0x7, 0xfffffffffffffd64, 0x3ff, 0x3ff, 0x962, 0x8, 0x6, 0x7, 0xffffffffffffba09, "2c85f46a0e4de798cb0fe1753a2b10fa9c77eaf50aa3d91fa16b8b50c4274c5d"}}) syz_open_procfs(r0, &(0x7f0000000080)='cmdline\x00') tkill(r0, 0x2000000000000015) 19:19:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a00]}) 19:19:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x72050000]}) [ 2440.073123][T16384] binder: 16381:16384 got transaction with invalid offset (0, min 0 max 0) or object. [ 2440.111834][T16384] binder: 16381:16384 transaction failed 29201/-22, size 0-12288 line 3241 19:19:22 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b]}) 19:19:22 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x100, 0x20000) accept$packet(0xffffffffffffffff, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000400)=0x14) sendmsg$can_bcm(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x1d, r2}, 0x10, &(0x7f0000000500)={&(0x7f0000000480)={0x7, 0x0, 0xd654, {0x0, 0x7530}, {0x0, 0x7530}, {0x2, 0xfff, 0xcc9, 0x2}, 0x1, @can={{0x0, 0x1, 0x1, 0x4}, 0x1, 0x3, 0x0, 0x0, "68d646c88ce27229"}}, 0x48}, 0x1, 0x0, 0x0, 0x81}, 0x11) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x100000001, 0x601) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000001c0)=0x100000000000002, 0x3c0) sendmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x400102, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r3, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f00000002c0)={0xb0, r4, 0x704, 0x70bd2c, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x4c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xd2}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x38c8}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x1}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x2}]}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast2}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_team\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3ff}]}, 0xb0}, 0x1, 0x0, 0x0, 0x20040800}, 0x40080) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000380)=0x4000001, 0x4) getgid() sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000280)="a0", 0x1}], 0x1}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080)=0x1, 0xffffffe8) close(r0) r5 = shmget(0x0, 0x4000, 0x2, &(0x7f0000ff9000/0x4000)=nil) shmctl$SHM_LOCK(r5, 0xb) 19:19:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b00]}) 19:19:22 executing program 5: r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x3, 0x180) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080)) syz_open_dev$loop(&(0x7f0000000580)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000cc0)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000d00), 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2001, 0x0, &(0x7f00000000c0)) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(0xffffffffffffffff, 0xc0a45320, &(0x7f0000000640)={{}, 'port0\x00', 0xd7ffb85c3231897d, 0x40000, 0x2, 0x4, 0xffff, 0x1, 0xffffffff}) gettid() r2 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r3, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r3) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) 19:19:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2440.489115][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2440.558435][T16687] binder: 16686:16687 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74010000]}) [ 2440.623845][T16687] binder: 16686:16687 transaction failed 29201/-22, size 0-12288 line 3241 19:19:23 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}) 19:19:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001]}) 19:19:23 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000680)=""/190, 0xbe}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/rt_acct\x00') ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000100)={0x3, 0x1000, 0x3, 'queue1\x00', 0x7f}) preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f0000000000)={0x3, 0x3, 'client1\x00', 0xffffffff80000000, "8eab080e55dcb4b5", "02b6929d65ff7da6d04a831576150e1f636ae4db88264f71d7f8b2705a759fb3", 0x6, 0xdbf}) 19:19:23 executing program 5: r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000400)={0x5}) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f0000000000)={0x400}) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000080)=0x3251ccaf, &(0x7f00000000c0)=0x4) 19:19:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2440.981451][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x75010000]}) 19:19:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800]}) 19:19:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) r1 = fcntl$getown(r0, 0x9) membarrier(0x3, 0x0) ptrace$pokeuser(0x6, r1, 0x0, 0x7) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2441.112488][T16960] binder: 16952:16960 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:23 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x49]}) [ 2441.189161][T16960] binder: 16952:16960 transaction failed 29201/-22, size 0-12288 line 3241 19:19:23 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x2}) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) getsockopt$sock_int(r1, 0x1, 0x2f, 0x0, &(0x7f0000000080)=0xffffffffffffff1a) syz_execute_func(&(0x7f0000000000)="c481fa7e8732000000410f38015f00dac6c4c1fa16cd8fe820cdfbc2d17700c4629d3bd60fc0f00f01d6c4c232f75a08") 19:19:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4900]}) [ 2441.440722][T14773] binder: release 17041:17190 transaction 1173 out, still active 19:19:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x76010000]}) 19:19:23 executing program 5: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000040)={0x0, 0x1, 0x6, @dev}, 0x10) r1 = perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x1, 0x0, 0x5, 0x1f, 0x0, 0xd10, 0x8, 0xd, 0x1, 0x3, 0x6, 0x3, 0x1, 0x9a, 0x2, 0x3, 0x10000, 0x200, 0x8, 0x28, 0xff, 0x4, 0x1, 0x100, 0xffffffffffffff3b, 0x592, 0x1, 0x0, 0x8000, 0xffffffffffffffc0, 0x7, 0x6, 0x3, 0x4, 0x1, 0x8, 0x0, 0x8, 0x0, @perf_config_ext={0x101}, 0x800, 0x2, 0xd572, 0xf, 0x9, 0xff, 0x1}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0xa) ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0x7) 19:19:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) r1 = fcntl$getown(r0, 0x9) membarrier(0x3, 0x0) ptrace$pokeuser(0x6, r1, 0x0, 0x7) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2441.600452][T14773] binder: send failed reply for transaction 1173, target dead [ 2441.632065][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:24 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x79]}) [ 2441.755864][T17304] binder: 17288:17304 got transaction with invalid offset (0, min 0 max 0) or object. [ 2441.808140][T17304] binder: 17288:17304 transaction failed 29201/-22, size 0-12288 line 3241 19:19:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6005]}) 19:19:24 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x77020000]}) 19:19:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6105]}) 19:19:24 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b]}) 19:19:24 executing program 5: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='fuse\x00', 0x0, &(0x7f0000000480)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f00000030c0), 0x1000) r1 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x1, 0x2000) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000080)={0x0, 0x1, 0x7450, 0x3, 0x100000001, 0x8}) write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, 0x2}, 0x50) read$FUSE(r0, 0x0, 0x0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000140)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) [ 2442.182545][T30091] binder: send failed reply for transaction 1176 to 17263:17392 [ 2442.197663][T30091] binder: undelivered TRANSACTION_ERROR: 29201 19:19:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) r1 = fcntl$getown(r0, 0x9) membarrier(0x3, 0x0) ptrace$pokeuser(0x6, r1, 0x0, 0x7) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2442.302253][T17633] binder: 17631:17633 got transaction with invalid offset (0, min 0 max 0) or object. [ 2442.390050][T17633] binder: 17631:17633 transaction failed 29201/-22, size 0-12288 line 3241 [ 2442.452629][T17627] kvm_set_msr_common: 14 callbacks suppressed [ 2442.452654][T17627] kvm [17624]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x8b 19:19:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7005]}) 19:19:24 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x79000000]}) [ 2442.580852][T17750] kvm [17624]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x8b [ 2442.647263][T17797] kvm [17770]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x500 [ 2442.677219][T17806] kvm [17791]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) r1 = fcntl$getown(r0, 0x9) membarrier(0x3, 0x0) ptrace$pokeuser(0x6, r1, 0x0, 0x7) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2442.743627][T13304] binder: send failed reply for transaction 1179 to 17688:17703 [ 2442.766420][T13304] binder: undelivered TRANSACTION_ERROR: 29201 19:19:25 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e]}) [ 2442.853461][T17997] binder: 17996:17997 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7105]}) 19:19:25 executing program 5: getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @initdev, @multicast2}, &(0x7f0000000180)=0xc) r1 = syz_open_dev$media(&(0x7f0000000080)='/dev/media#\x00', 0x3, 0xdeb1bddf4e8c2407) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f00000001c0)={0x3, 0x0, 0x1, 0x1, 0x9}) bind$rxrpc(r1, &(0x7f00000000c0)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x24) ioctl$TIOCLINUX7(r1, 0x541c, &(0x7f0000000100)={0x7, 0x10000}) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="05000071100c00001a38e8fb14603263ea77df"], &(0x7f0000000280)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, [], r0}, 0x48) syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0xfffffffeffffffff, 0x4000) [ 2442.942023][T17997] binder: 17996:17997 transaction failed 29201/-22, size 0-12288 line 3241 19:19:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a010000]}) [ 2443.125281][T18035] kvm [18032]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2443.125564][T18031] kvm [18024]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x500 [ 2443.166027][T18030] kvm [18028]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x9e 19:19:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2443.264659][T18206] kvm [18028]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x9e [ 2443.271943][T13304] binder: send failed reply for transaction 1182 to 18008:18017 [ 2443.297321][T13304] binder: undelivered TRANSACTION_ERROR: 29201 19:19:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) fcntl$getown(r0, 0x9) membarrier(0x3, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b010000]}) 19:19:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7205]}) 19:19:25 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RAUTH(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000200)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000140), 0x1c) waitid(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$int_in(r1, 0x5421, &(0x7f0000000380)=0x801) lsetxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x0, 0x2) r2 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x2, 0x10000) ioctl$DRM_IOCTL_MODESET_CTL(r2, 0x40086408, &(0x7f0000000280)={0x800, 0x3}) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0)='tls\x00', 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100), 0x28) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) sendfile(r1, r3, &(0x7f0000000000)=0x300, 0x10000) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000001c0)=0x80000001) [ 2443.561708][ C1] net_ratelimit: 14 callbacks suppressed [ 2443.561717][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2443.573320][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2443.579197][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2443.585056][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:19:26 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0]}) [ 2443.670878][T18387] binder: 18381:18387 transaction failed 29189/-22, size 0-0 line 2994 [ 2443.707077][T18451] kvm [18441]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x500 19:19:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) fcntl$getown(r0, 0x9) membarrier(0x3, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2443.801686][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2443.807671][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2443.905739][T18561] binder: 18560:18561 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7401]}) [ 2443.949550][T18561] binder: 18560:18561 transaction failed 29201/-22, size 0-12288 line 3241 19:19:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f040000]}) [ 2444.083556][T18588] kvm [18587]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x100 19:19:26 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1]}) 19:19:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2444.289387][T14773] binder: send failed reply for transaction 1186 to 18563:18682 [ 2444.336782][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2444.361658][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2444.367648][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:19:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7501]}) 19:19:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) fcntl$getown(r0, 0x9) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2444.394352][T18874] binder: 18871:18874 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000c0]}) [ 2444.491888][T18874] binder: 18871:18874 transaction failed 29201/-22, size 0-12288 line 3241 19:19:26 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, 0x0, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) clock_nanosleep(0x2, 0x1, &(0x7f0000000280)={0x0, r3+10000000}, 0x0) write$cgroup_int(r2, &(0x7f0000000980), 0xffffff4d) ptrace(0x4208, r0) recvmsg$kcm(r1, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x2, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0xffffff77}], 0x1, &(0x7f00000001c0)=""/17, 0xffda}, 0x0) tkill(r0, 0x1004000000016) 19:19:26 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2]}) 19:19:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7601]}) 19:19:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2444.874376][T13304] binder: undelivered TRANSACTION_ERROR: 29201 [ 2444.907445][T18973] binder: 18889:18973 transaction failed 29189/-22, size 0-0 line 2994 19:19:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80040000]}) 19:19:27 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce]}) [ 2445.018903][T19178] binder: 19168:19178 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) fcntl$getown(r0, 0x9) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7702]}) [ 2445.101957][T19178] binder: 19168:19178 transaction failed 29201/-22, size 0-12288 line 3241 19:19:27 executing program 5: r0 = creat(&(0x7f0000000300)='./file0\x00', 0x2000000000) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xfdffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) fstat(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000680)={0x0, r1, 0x0, 0x3, &(0x7f0000000640)='uid'}, 0x30) sched_getparam(r4, &(0x7f00000006c0)) pipe(&(0x7f0000000700)) stat(&(0x7f0000000140)='./file1\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_inet_SIOCRTMSG(r0, 0x890d, &(0x7f0000000780)={0x0, {0x2, 0x4e20, @broadcast}, {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x4e22, @multicast2}, 0x40, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000740)='hwsim0\x00', 0x7, 0x3, 0xd1a5}) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000003c0)={{{@in6=@loopback, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@ipv4={[], [], @multicast1}}}, &(0x7f00000002c0)=0xe8) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='fuse\x00', 0x80, &(0x7f0000000580)={{'fd', 0x3d, r2}, 0x2c, {'rootmode'}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@allow_other='allow_other'}], [{@uid_eq={'uid', 0x3d, r6}}, {@hash='hash'}, {@uid_lt={'uid<', r7}}]}}) umount2(&(0x7f0000000000)='./file1\x00', 0x2) ioctl$RTC_WIE_OFF(r0, 0x7010) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000340)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id'}, 0x2c, {'group_id', 0x3d, r5}}) 19:19:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7900]}) 19:19:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2445.468287][T14773] binder: send failed reply for transaction 1192 to 19270:19319 19:19:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2445.531458][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80050000]}) 19:19:28 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10a]}) [ 2445.641703][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2445.647622][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2445.666130][T19477] binder: 19471:19477 got transaction with invalid offset (0, min 0 max 0) or object. [ 2445.749936][T19477] binder: 19471:19477 transaction failed 29201/-22, size 0-12288 line 3241 19:19:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a01]}) 19:19:28 executing program 5: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f000001d000)={0x0, 0xfffffeeb}, 0x0) 19:19:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x810000c0]}) 19:19:28 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11e]}) 19:19:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b01]}) [ 2446.128036][T14773] binder: send failed reply for transaction 1195 to 19467:19577 [ 2446.165671][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:28 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$isdn(0x22, 0x3, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f0000000200)={'veth1_to_bond\x00', {0x2, 0x4e20, @remote}}) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vga_arbiter\x00', 0x40, 0x0) sendmsg$rds(r1, &(0x7f0000002740)={&(0x7f0000000340)={0x2, 0x4e22, @remote}, 0x10, &(0x7f0000002400)=[{&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000001380)=""/4096, 0x1000}, {&(0x7f0000002380)=""/99, 0x63}], 0x3, &(0x7f0000002680)=ANY=[@ANYBLOB="58000000000000001401000008000000c9faffff09000000", @ANYPTR=&(0x7f0000002440)=ANY=[@ANYBLOB='?\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000002780)=ANY=[@ANYBLOB="01fcff7fffffffff993f7a9e06d4303761f4dca6c152cce0c9501c135685954d884be3fb1006355318d26db977366a71"], @ANYBLOB="4c05000000000000ff01000000000000020000000000000002000000000000000200000000000000ffff0000000000001800000000000000140100000c0000000200000000000000480000000000000014010000010000000000000080000000", @ANYPTR=&(0x7f00000024c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="ba00000000000000", @ANYPTR=&(0x7f0000002640)=ANY=[@ANYPTR=&(0x7f0000002580)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB='d\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000002600)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB='5\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="020000000000000011000000000000000800000000000000"], 0xb8, 0x1}, 0x20008000) sendto(r0, &(0x7f0000000240)="94814b6c9dc15ba42975f18a540ca611a838747c08d2ab556bcb0392", 0x1c, 0x40, &(0x7f0000000280)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x2, 0x2, 0x0, 0x0, {0xa, 0x4e22, 0x10000, @rand_addr="a4212735734bc0475335b87ee55538e4", 0x8001}}}, 0x80) r2 = socket(0x810, 0x803, 0x2) getsockopt$EBT_SO_GET_INIT_ENTRIES(r2, 0x0, 0x83, &(0x7f0000000140)={'broute\x00', 0x0, 0x4, 0x7c, [], 0x6, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}], &(0x7f00000000c0)=""/124}, &(0x7f00000001c0)=0x78) sendto(r2, &(0x7f0000000000)="120000001200e7ef007b0000f4afd7030a7c", 0x12, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000020c0), 0x400000000000112, 0x0, &(0x7f0000003700)={0x77359400}) [ 2446.307133][T19813] binder: 19812:19813 got transaction with invalid offset (0, min 0 max 0) or object. [ 2446.365106][T19813] binder: 19812:19813 transaction failed 29201/-22, size 0-12288 line 3241 [ 2446.412882][T14773] binder: release 19807:19820 transaction 1198 out, still active 19:19:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f04]}) 19:19:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x820000c0]}) 19:19:29 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x140]}) 19:19:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2446.773159][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2446.779624][T14773] binder: send failed reply for transaction 1198, target dead 19:19:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004]}) [ 2446.825577][T20118] binder: 19964:20118 transaction failed 29189/-22, size 0-0 line 2994 [ 2446.837920][T20160] binder: 20149:20160 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x830000c0]}) [ 2446.931957][T20160] binder: 20149:20160 transaction failed 29201/-22, size 0-12288 line 3241 19:19:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2447.092760][T14773] binder: release 20228:20233 transaction 1202 out, still active 19:19:29 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x174]}) 19:19:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8005]}) 19:19:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2447.224804][T13304] binder: release 20291:20365 transaction 1203 out, still active 19:19:29 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2447.300487][T13304] binder: send failed reply for transaction 1202, target dead [ 2447.335478][T13304] binder: send failed reply for transaction 1203, target dead [ 2447.407203][T13304] binder: undelivered TRANSACTION_ERROR: 29201 [ 2447.420981][T20429] binder: 20428:20429 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x840000c0]}) [ 2447.449758][T20433] binder_alloc: 20428: binder_alloc_buf size 8 failed, no address space [ 2447.530293][T20437] kvm_set_msr_common: 24 callbacks suppressed [ 2447.530310][T20437] kvm [20436]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:29 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x175]}) 19:19:29 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2447.579404][T20433] binder_alloc: allocated: 12288 (num: 1 largest: 12288), free: 0 (num: 0 largest: 0) 19:19:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8501]}) [ 2447.698591][T20433] binder: 20430:20433 transaction failed 29201/-28, size 0-0 line 3147 [ 2447.708785][T20429] binder_alloc: binder_alloc_mmap_handler: 20428 20004000-20007000 already mapped failed -16 19:19:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x85010000]}) 19:19:30 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x2, 0x0) ioctl$EVIOCGPROP(r0, 0x80404509, &(0x7f0000000040)=""/23) ioctl$EVIOCSKEYCODE_V2(r0, 0x80284504, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x0, "2eef045c5d0aaf6e5e7d9480b9f25ad1afde1e66b9eb439d44ce92dcc5291de8"}) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm_plock\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f0000000380)) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffff9c, 0x84, 0x6, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e22, 0x5, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x1ff}}}, &(0x7f0000000280)=0x84) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000002c0)={r2, 0x8, 0x5d9dc503, 0x80000001, 0x3, 0x1ff}, &(0x7f0000000300)=0x14) r3 = socket$tipc(0x1e, 0x5, 0x0) ioctl$sock_TIOCOUTQ(r3, 0x5411, &(0x7f0000000080)) syz_open_dev$admmidi(&(0x7f0000000340)='/dev/admmidi#\x00', 0x7, 0xa000) r4 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x800, 0x0) ioctl$VIDIOC_G_SELECTION(r4, 0xc040565e, &(0x7f0000000140)={0x7, 0x0, 0x4, {0x0, 0x728, 0xa07, 0x8}}) 19:19:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8601]}) 19:19:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2448.037681][T13304] binder: undelivered TRANSACTION_ERROR: 29201 19:19:30 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x176]}) 19:19:30 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2448.143879][T20726] kvm [20659]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x100 [ 2448.176093][T20765] binder: 20762:20765 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86010000]}) [ 2448.330257][T20822] kvm [20771]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x76 19:19:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8701]}) 19:19:30 executing program 5: truncate(&(0x7f00000000c0)='./file0\x00', 0x8fe) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$usb(0x0, 0x7ffe, 0x0) mmap$perf(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2, 0x80010, r0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000240)={{{@in6=@initdev, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@dev}}, &(0x7f0000000340)=0xe8) r3 = geteuid() fstat(r1, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) fstat(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000480)={{{@in=@multicast2, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@local}}, &(0x7f0000000580)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000005c0)={0x0, 0x0}, &(0x7f0000000600)=0xc) getresuid(&(0x7f0000000640)=0x0, &(0x7f0000000680), &(0x7f00000006c0)) lstat(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000007c0)={0x0, 0x0, 0x0}, &(0x7f0000000800)=0xc) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000840)={0x0, 0x0, 0x0}, &(0x7f0000000880)=0xc) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000008c0)={0x0, 0x0, 0x0}, &(0x7f0000000900)=0xc) r13 = getegid() r14 = getegid() getgroups(0xa, &(0x7f0000000940)=[0x0, 0xee01, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xee00, 0xee01, 0xee00, 0xee01]) setxattr$system_posix_acl(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='system.posix_acl_default\x00', &(0x7f0000000980)=ANY=[@ANYBLOB="00010000000000000000000000000000", @ANYRES32=r2, @ANYBLOB="02000000", @ANYRES32=r3, @ANYBLOB="02000100", @ANYRES32=r4, @ANYBLOB="02000400", @ANYRES32=r5, @ANYBLOB="02000400", @ANYRES32=r6, @ANYBLOB="02000100", @ANYRES32=r7, @ANYBLOB="02000100", @ANYRES32=r8, @ANYBLOB="040005000000000008000200", @ANYRES32=r9, @ANYBLOB='\b\x00\a\x00', @ANYRES32=r10, @ANYBLOB="08000500", @ANYRES32=r11, @ANYBLOB="08000200", @ANYRES32=r12, @ANYBLOB="08000100", @ANYRES32=r13, @ANYBLOB="08000200", @ANYRES32=r14, @ANYBLOB="08000200", @ANYRES32=r15, @ANYBLOB="10000500000000002000040000000000"], 0x94, 0x3) r16 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r16, 0x0, 0x0) ioctl$VIDIOC_G_SLICED_VBI_CAP(r16, 0xc0745645, &(0x7f0000000a40)={0x375f, [0xc344, 0xf3e, 0x3, 0x5, 0x2, 0xa49, 0x100, 0x8, 0x101, 0x5, 0x6, 0x6, 0x5, 0x81, 0x3, 0xfd5e, 0x7, 0xeb, 0x5, 0xfffffffffffffff9, 0xac30, 0x7f, 0x10000, 0x10001, 0x9, 0x4, 0x3939f149, 0x1, 0x3ff, 0x5, 0x9, 0x401, 0x2, 0x204ef823, 0x2, 0x200, 0x0, 0x5, 0x4, 0x8001, 0x7fffffff, 0x7, 0xffffffff, 0x7fffffff, 0x6eb, 0x781cdfa4, 0x518dcbd5, 0x1], 0xf}) ioctl$sock_ifreq(r16, 0x8991, &(0x7f0000000000)={'bond0\x00@@\xea\xff\xff\x80\x00\x00\x02\x00', @ifru_names='bond_slave_1\x00'}) statfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)=""/176) ioctl$sock_ifreq(r16, 0x8990, &(0x7f0000000040)={'bond0\x00\x00@\a\x00\x00\x00\x00\x14\x00\xfc', @ifru_names='bond_slave_1\x00'}) [ 2448.430341][T20968] kvm [20771]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x76 19:19:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2448.572389][T13304] binder: undelivered TRANSACTION_ERROR: 29201 [ 2448.630427][T21084] kvm [21083]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x100 19:19:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x87010000]}) 19:19:31 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2448.681199][T21087] binder: 21086:21087 got transaction with invalid offset (0, min 0 max 0) or object. [ 2448.681295][T20993] bond0: Enslaving bond_slave_1 as an active interface with an up link 19:19:31 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17a]}) [ 2448.741813][T21087] binder_transaction: 2 callbacks suppressed [ 2448.741832][T21087] binder: 21086:21087 transaction failed 29201/-22, size 0-12288 line 3241 [ 2448.862967][T21107] kvm [21106]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8705]}) [ 2449.078971][T21155] kvm [21131]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x7a 19:19:31 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x87050000]}) [ 2449.148360][T21374] kvm [21373]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x500 19:19:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2449.208981][T13304] binder: undelivered TRANSACTION_ERROR: 29201 [ 2449.227618][T21409] kvm [21131]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x7a 19:19:31 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c40)={0xffffffffffffffff}) r1 = socket(0x200000000000011, 0x3, 0x0) io_setup(0x8, &(0x7f0000000100)=0x0) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000140)={0xffff, {{0xa, 0x4e20, 0x0, @remote, 0x8}}, 0x1, 0x2, [{{0xa, 0x4e22, 0x3f, @ipv4={[], [], @multicast2}, 0x1ff}}, {{0xa, 0x4e21, 0x8, @rand_addr="7b810052cb0a04a11b6c6862f67d3a4f", 0x2}}]}, 0x190) io_submit(r2, 0x2, &(0x7f0000000980)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0xffffffffffffffff}]) [ 2449.310237][T21416] binder: 21415:21416 got transaction with invalid offset (0, min 0 max 0) or object. [ 2449.342341][T21416] binder: 21415:21416 transaction failed 29201/-22, size 0-12288 line 3241 [ 2449.353377][T21414] kvm [21413]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:31 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b00]}) 19:19:31 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17b]}) 19:19:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, &(0x7f00000002c0)={0x4, 0x0, &(0x7f0000000500)=[@enter_looper], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b000000]}) 19:19:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2449.784538][T13304] binder: undelivered TRANSACTION_ERROR: 29201 [ 2449.801651][ C1] net_ratelimit: 14 callbacks suppressed [ 2449.801660][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2449.813289][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2449.819149][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2449.825131][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:19:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900d]}) 19:19:32 executing program 5: r0 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x800000, 0x2000) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e20, 0x5, @empty, 0x7}}, [0x200, 0x10000, 0x3ff, 0x1, 0xfffffffffffffffa, 0x2, 0x2, 0x4b, 0xfff, 0x40, 0x800, 0x8, 0x2, 0xd855, 0x3ff]}, &(0x7f0000000180)=0x100) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000001c0)={r1, 0x3, 0xfffffffffffffff9, 0x1ff}, 0x10) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) io_setup(0x3, &(0x7f0000000000)) [ 2449.895691][T21746] binder: 21745:21746 got transaction with invalid offset (0, min 0 max 0) or object. [ 2449.921873][T21746] binder: 21745:21746 transaction failed 29201/-22, size 0-12288 line 3241 19:19:32 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x185]}) [ 2450.041652][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2450.047564][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2450.138447][T13304] binder: release 21731:21853 transaction 1215 out, still active 19:19:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:32 executing program 5: r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000900)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x10) sendmsg$xdp(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000080)='J', 0x1}], 0x1}, 0x0) sendto$inet(r0, &(0x7f0000000a00)="ba671368d1010000004900000001000000018be49e9301442865319997d0efdb2f54b6a10c7327757482bfce945c2a91fb8dfafc1d3f56bc543ab87321e12cca08a744a2d128b00634bc882151d36809229a96bc3437ef159489384ade077ba295eac2882dbfd3781dd4d4e609c42628dbb709b3eb1fa030009045dd98b9e6d77b6cec9ceb685595d43995e0f04c32260943add79831e661c6a351dedc8b9d220fbf9fb6e44fb6a629ce9a82025124fec9f3ee751f7da0cd7e799be88ddbdac20b48e890ff81d7fa28c2d017d7932f2569038740461accd4582f576e4fdb6150a3399f8266bc19eb943648ad1ad81420ed6c382436e474390c8995e829e4f9df43eed85a60b9ee254e31eb62900857fa134e76cc64880334adbff069a2e5e647d2ed36a96b23834b6f6ca6b8113baf4cf30347fbb7ffc30aea99872cc0dba03b07d3347b2d257edbe2733c26b7337a79962d8ce85469e3bcbe0e4a48a6ae69d13f2d4b5155b390ef67aa714b82b6313ee277cb8986eca5db2e97cb1ae2243bba80274f614ece521baef443394b4c161cb9ae926e21892578b49cfd6efe1cb1572148c10d92218ed73ec116a18de80ac42d2726a4523a764fc6dc356c5fbbf9d2c947ae3bc9a3dc76099f3257c8d5952876151b0326d8cb1d5683ee4ad5ded9a34c00ac1b03f34627ec18a7c2e92c87b7896549cfab5eb55fa85a970994bd4b22b5f0d045e241256d06f485a47b4a55ed389bc1734541232cd41908b5cfa4b8fcfcafce500a0c7ae99767713a98e7927aa69f6ccd7daea62f19ceb82559f41899c9a9aee99113e7e64b5f8b9824be9fdbfa4dd4995673d882bb4daeb64413b334e114965d2ba3cea8051e692508701b9400cb12eae457f8b8549944091b729160939918d8fcae611a5ded665f770db637487a236da1a58ba7566668651a77171fc4fe506496d19059343dbe4f426625d3f2b705f54581372361770bf5a9098a9fafefaf546426b294239ac33e3186e4d58ad2fa995a6ad4dc074e7cca11aead109563b2076c7c6e9f57ec63df960804e2e7f9d8444de9550cca3df7834d864e9777291c2e1f6205de2e43dc995ab8bb1515a365efc2830fa3e7a1dd137f550d6035212bc1f51c3b4ceea430df49ffc9210084ef156ad7e0d219efd6c116693735b44521d389969a3a65617cd2fd6e14060601cee4cd054cf36fe048b57d1d9ee3cad2a73552449926b4a6b03fbe9c0ec68357e1fbe52ed77b67f5870c0aefb7ee8236747e0d67a26725fb515544cbbe8464da94cfd8c0b94bb4e51a263b1749bd0a7cf651931f806d1b928d1f9994f1ad4d50e6a5cd7a8e4e687f8564fdacc864013d095ba9d5709eced3c28eabda476d177a7836400a01e02beeb5a6636d4064fdda344967ad8682d14b87c71727cb66be27d1d39191f4223c545b62fb4860262ba8076a65dbc194cee1df846c584b7bbe9dce6e6895b2cbbb64b03b55548b845cc3de2f939ef918421af9a5e9157e837651245299c03992d0ddee06bd22a31522aca0f309b1feccebc0b1c0ed9d21c19bfd15cd313ff64394fd6a10904890c9f6d646b026f27253e8f584c3ffd20ad67e8b62ed7676706d40bc5c80e376980b", 0x480, 0x0, 0x0, 0x0) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f00000001c0), 0x4) socket$inet(0x2, 0xa, 0x3) 19:19:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9104]}) 19:19:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900d0000]}) 19:19:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2450.441492][T13304] binder: undelivered TRANSACTION_ERROR: 29201 [ 2450.459424][T21991] binder_alloc: 21745: binder_alloc_buf, no vma [ 2450.479806][T21991] binder: 21969:21991 transaction failed 29189/-3, size 0-0 line 3147 [ 2450.483310][T13304] binder: send failed reply for transaction 1215, target dead [ 2450.501186][T22017] binder: 22006:22017 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:32 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x186]}) [ 2450.573943][T22017] binder: 22006:22017 transaction failed 29201/-22, size 0-12288 line 3241 [ 2450.601662][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2450.607645][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:19:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e00]}) 19:19:33 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000880)='/dev/uinput\x00', 0x100080000000002, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000240)='/dev/admmidi#\x00', 0x5, 0x0) ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f0000000280)) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) write$uinput_user_dev(r0, &(0x7f0000000bc0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x45c) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x600800, 0x0) write$UHID_CREATE2(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000003600030008000000080000000002000005000000bcfca81c086adc21c1ac80ce336d46915edb34e557dffb29d8cb69d09bcaf916e4a253bd696bc488b0f63c2aadd97ad60e0b91"], 0x14e) ioctl$UI_DEV_CREATE(r0, 0x5501) r3 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x6, 0x400000) ioctl$TUNGETIFF(r3, 0x800454d2, &(0x7f0000000040)) 19:19:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x91040000]}) [ 2450.772768][T14773] binder: release 22193:22196 transaction 1219 out, still active 19:19:33 executing program 1: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2451.013133][T13304] binder: send failed reply for transaction 1219, target dead [ 2451.041356][T13304] binder: undelivered TRANSACTION_ERROR: 29201 19:19:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa001]}) [ 2451.118135][T22427] binder: 22420:22427 got transaction with invalid offset (0, min 0 max 0) or object. [ 2451.147604][T22427] binder: 22420:22427 transaction failed 29201/-22, size 0-12288 line 3241 19:19:33 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x187]}) 19:19:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e000000]}) 19:19:33 executing program 1: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:33 executing program 5: r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x6751, 0x4dd98f13b7cbf890) ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f0000000140)={0xa, 0x0, [{0x8000001d, 0xfffffffffffffffd, 0x3ff, 0x1, 0x4}, {0x40000004, 0x63, 0x5, 0x1, 0x97d}, {0x0, 0x100000001, 0x10001, 0x6, 0x10001}, {0x1, 0x180, 0x9, 0x1, 0x1}, {0x80000001, 0x3ff, 0x4, 0x7, 0x401}, {0x7, 0x10000, 0x5, 0x400}, {0x2, 0x7fff, 0x1, 0x6, 0x1}, {0x2, 0x7, 0x5, 0x1, 0x5}, {0xd, 0x9, 0xcc08, 0x0, 0x10000}, {0xc0000019, 0x96dc, 0xffffffffffff08c7, 0x1ff, 0x4}]}) r1 = socket$inet6(0xa, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000040)={'bridge\x00', &(0x7f0000000240)=@ethtool_gfeatures={0x3a, 0x6, [{0x1, 0xffff, 0x64ca, 0x7fffffff}, {0x4, 0x9d7, 0x1, 0x100}, {0x80000001, 0x1f, 0x1, 0x101}, {0x100000000, 0x7, 0xfffffffffffffdc3, 0x80000001}, {0x4, 0x4548, 0x8, 0x500000000000}, {0x55f8a400, 0xcfc5, 0x3f, 0x80000001}]}}) 19:19:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00d]}) 19:19:33 executing program 1: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2451.592139][T13304] binder: undelivered TRANSACTION_ERROR: 29201 19:19:34 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a0]}) [ 2451.682683][T22781] binder: 22778:22781 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f000040]}) [ 2451.772634][T22781] binder: 22778:22781 transaction failed 29201/-22, size 0-12288 line 3241 19:19:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000]}) 19:19:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 2451.881710][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2451.887589][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:19:34 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="5500000018007fafb72d1cb2a4a280930206000000a843096c2623690f00080004000c0816000b770000a3c728f1c46b7b31afdc1338d544", 0x38}], 0x1}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000001e00090100000000000000000700140100000000040000000000800018000a00"], 0x1}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f00000000c0)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="3eedab622bbd29d231dbf4a7f67d8bd18f8ee38c189d65c69cda5dfa84dacef9ae4f008687184cff44014fa2064b8b307259a192eaae04725b52f4328813b059ee71d885cdbfd87c8e676edc8ba3743e80211bd1be892832c174c8a0f039e9322065e42928a6406ae7c3ad8e2756ba9c945f43200d4f78e9bf51a48327ab0d179015b2a97db7a4f7df23409e8f8d74bf98da1234fc9c3a34e2161c79391b906223437323614241e110c001cd25f4b8995b686cc96ba533aa240d8d868f13236ec05a768059df343bf69b503cacb9d5e209a361d5a944a4015b6236f4059712f41c1d8a9c1025069af5cf73", 0xeb}, {&(0x7f0000000300)="b599e8dd4510a122274c08161116a29664f4660810a300d3acf58d6ca68a9d639e569238994738870a8c11038560dbca3b3793111a5d5e856ec1fb5439ba08720827936be06767e1f1db2b141a413fb863f9be84441a31f10679195e44d29ff05e1655767531dca7d17fa667ebb627fe5e50744842ca3e24335dbcf4430709adc87ce7b8bd7b3f641694b3428db7d970dde7cfef8df47c63a16001d0180bb4b36611a88484964d14ee", 0xa9}, {&(0x7f00000003c0)="d3e7e9f5432c0acfcda1474bbb5b3f199c91dbbb45b91c9f939f8cbe1e7353d7f7efac6277b70b42a4f43818b71ffe2b83fffc8b81f4763294b0ec09594ab335452e6cd7f105afa6a22697736d99de6fbbaed53e084db66c61f5b7c31532e4b2e1b88f2b14fb34ed8cab8264cefd67225dc6433120bd7cdf417e5a31d3ad22b822fd45fe23d0045939e6ee993c9476c25feebef6269694f01bbd85304adc3948a5d1431d6267eb2716b4c75fe48ae3047a7b406781ec6bfff876c9", 0xbb}, {&(0x7f0000000480)="cc8cf5ce0668dc9c0301d9a0ef057a025a9b0ee233b3cfedde58d45a68a3ebd0381aeec7e1d8a676cbe73e45938c635b9503e4940365a14f41708278a280d6fcb2f503a01f640d5582800a515526917d9496975e8b5e34c44d26a08b2b6f7d7ccf08b98ccac5ed651e00c9bb45cc29063701661e4567ff0b164e62b243b1017771a2afaaab0aa2120928dc11689101396df3d4d4bbe09689e0c1db9ec2d1a750b0fbe9f4c966a02b91298fc338f8a426f3e57f06ac48c47063a1b6f851b60ef30bf4a9edd9679fe018f25f9a5d8f6cc94972f5cfb71be02c73", 0xd9}, {&(0x7f0000000580)="2b939a97f6acb76486d1eb43b31e8c2ce28bcb40acac327e7af9b74a443037b8d6efabeda0f41a1c11a55be8f57ca3f84975fcf44572169231a5bf6ed49d481128f9918b06dffceaac6eeb63fff9b533dfd764e62471d4f739eaff3ae2ab4fa52685688f6faf44244d675e5fd4868ab469a9faef5af7c7a2917d7b62cbf8b2e6f927a538e47f4cbf5ce9aea90c8ff1dfaf5fcc3a711310c33a9341d51ddb7b08205c60dd49c4b93f8f234fcffba443df16e411024889ad635e111b4a978dbf292656bd29f440dbbecaff0ca158ad6322e97e2de7694c8cc5af0f1fbccb24c81c82576c", 0xe3}, {&(0x7f00000006c0)="d42c6924ffd0b20895ef1008d60d1e8ef4a5795b5b1612aca34ca4b7d920ff8ea061a6a8208fd3158cc656992d7907b15a8ca28e1ea1af151444f0f8beaff28d64c2a98ff5ec38d1dcba1ca5ed1210febb5e4d3263d8c837fafd291d231fad68705b905575c4c80e8436ab658d084e65cebae0d3057f531bb63a632ab39e2fc94218149c51eb62f95f17040b0f4b94e92a858cce54ca5fccfd54bbd182c67b50c5cd0b6e1a7f64a599a1eb7329ffd3f36180722cd78d01e1ea5a829b2f045460daf29be00a0dbd5c210f9583b7f6e12d59bca53073913f7e1ce660ece0c4f84b2accc86b679ecba1df14", 0xea}], 0x6, &(0x7f00000007c0)=[@op={0x18, 0x117, 0x3, 0x1}, @op={0x18}, @op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x4}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x4277}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x7e}], 0xc0, 0x40}], 0x1, 0x400c000) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) getrandom(&(0x7f0000000880)=""/241, 0xf1, 0x2) [ 2452.082918][T22991] netlink: 'syz-executor.5': attribute type 10 has an invalid length. 19:19:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:34 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c0]}) [ 2452.165166][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2452.179122][T23022] binder: 22948:23022 ioctl c0306201 0 returned -14 19:19:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc100]}) 19:19:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0010000]}) 19:19:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 2452.294898][T23108] binder: 23106:23108 got transaction with invalid offset (0, min 0 max 0) or object. [ 2452.376505][T23108] binder: 23106:23108 transaction failed 29201/-22, size 0-12288 line 3241 19:19:34 executing program 5: r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f00000000c0)=0x1, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000012c0)='syz_tun\x00', 0x269) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, 0x0, 0x0) sendto$unix(r0, 0x0, 0x0, 0x8000, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x2000, 0x0) ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000080)) sendmsg$unix(r0, &(0x7f0000000900)={&(0x7f0000000180)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000000040)=[{&(0x7f0000001900)="839c8636", 0x4}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, 0x0}}], 0x4000000000002c5, 0x0, 0x0) syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0x0, 0x4000) [ 2452.534139][T23167] binder: 23148:23167 ioctl c0306201 0 returned -14 19:19:34 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d9]}) 19:19:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc200]}) 19:19:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 19:19:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2452.679612][T13304] binder: undelivered TRANSACTION_ERROR: 29201 19:19:35 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00d0000]}) [ 2452.763659][T23389] kvm_set_msr_common: 15 callbacks suppressed [ 2452.763674][T23389] kvm [23387]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xd9 [ 2452.843237][T23413] binder: 23410:23413 ioctl c0306201 0 returned -14 [ 2452.945604][T23550] kvm [23387]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xd9 19:19:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce00]}) 19:19:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000540)="bf"}) 19:19:35 executing program 5: r0 = syz_open_dev$amidi(0x0, 0x0, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x8, 0x2, 0x2, 0x0, r0}, 0x2c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_TIOCOUTQ(r0, 0x5411, 0x0) clock_gettime(0x0, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) mlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000) r1 = add_key$keyring(&(0x7f00000003c0)='keyring\x00', &(0x7f0000000400)={'syz'}, 0x0, 0x0, 0xfffffffffffffff8) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000000c0)=0x0) ptrace(0x4218, r2) keyctl$instantiate(0xc, r1, &(0x7f0000000100)=ANY=[@ANYBLOB="6e4e1dea0a98add1366c747465643a070000007374e363757367725669643a4c65203030303030303030dbc8ed1cfd49587e3a41303030eceeee3c823606b0f9b040af063c2aa8d278a9266334d64bd01a0cf246468c20cb48d6a0ddd910ed17484aae877153043959be6c3c42fffd6f792ac985d541cc6bb63b5d2d06feddfcc68d9055238b000000000000b2a2e6004713aed95f55390800000031ec7c2bcea6c5c8035606a251f71f2832ac478aa2877e51098f0148"], 0x1, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r0, 0x800442d2, 0x0) ioctl$TUNGETFILTER(r0, 0x801054db, 0x0) r3 = bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) bpf$MAP_CREATE(0x4, &(0x7f0000000080)={0x3, 0x0, 0x73fffe, 0x0, 0x20820000, r3}, 0x2c) 19:19:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:35 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb0000040]}) [ 2453.184163][T23713] kvm [23712]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x277]}) [ 2453.227261][T23719] binder: 23714:23719 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2453.321953][T23719] binder: 23714:23719 transaction failed 29201/-22, size 0-12288 line 3241 [ 2453.366496][T23723] kvm [23721]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd004]}) [ 2453.427089][T23736] kvm [23730]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x77 [ 2453.538270][T23926] kvm [23730]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x77 19:19:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2453.616762][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd901]}) 19:19:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb7000040]}) [ 2453.690852][T24041] binder: 24040:24041 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:36 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2ff]}) 19:19:36 executing program 5: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x149082, 0x40) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x1, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x1004030, 0x0) [ 2453.752803][T24041] binder: 24040:24041 transaction failed 29201/-22, size 0-12288 line 3241 19:19:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2453.938866][T24080] kvm [24079]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x100 [ 2454.017921][T24077] kvm [24076]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xff 19:19:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2ff8, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2454.059011][T13304] binder: undelivered TRANSACTION_ERROR: 29201 [ 2454.096991][T24287] kvm [24076]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xff 19:19:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380), 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2454.142733][T24308] binder: 24307:24308 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000000]}) [ 2454.232515][T24308] binder: 24307:24308 transaction failed 29201/-22, size 0-12288 line 3241 19:19:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe006]}) 19:19:36 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x308]}) 19:19:36 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f123c123f3188b070") r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm-control\x00', 0x0, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000380)='/dev/zero\x00', 0x44101, 0x0) perf_event_open$cgroup(&(0x7f00000002c0)={0x0, 0x70, 0x103, 0x80000001, 0x9e14c3, 0x6, 0x0, 0x0, 0x4864, 0xc, 0x1, 0x5, 0x202f, 0x101, 0x7, 0x71, 0x9, 0x3f, 0x5, 0x7, 0x80, 0x2, 0x1, 0xfffffffffffffc00, 0xfffffffffffffffc, 0x400, 0x7, 0xfffffffffffffe00, 0x1, 0x0, 0x3, 0xff, 0x6, 0x6ff, 0x5, 0x2, 0x0, 0xedd, 0x0, 0x7, 0x2, @perf_bp={&(0x7f0000000280), 0x1}, 0x848, 0x3, 0x2, 0x5, 0xffffffffffff8001, 0x8000, 0x3ff}, r1, 0x10, r2, 0xf) r3 = dup(r0) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r0, &(0x7f0000000140)={0x10002000}) socket$rxrpc(0x21, 0x2, 0xa) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYBLOB="17000000ca32858f5adc3bbbbfeebb4a44ce32967d88d83c75f0b8"], &(0x7f0000000040)=0x1f) ioctl$RTC_PLL_SET(r3, 0x40207012, &(0x7f00000000c0)={0xff, 0x2, 0x4, 0x1, 0x3, 0xfff, 0xffffffffffffac18}) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000080)={r4, 0xfffffffffffffff8}, 0x8) accept$inet(r3, &(0x7f0000000200)={0x2, 0x0, @remote}, &(0x7f0000000240)=0x10) r5 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000001c0)={0x6, 0x1, 0x1}) 19:19:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380), 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2454.428889][T24359] kvm [24358]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2454.612148][T13304] binder: undelivered TRANSACTION_ERROR: 29201 19:19:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff02]}) [ 2454.691370][T24579] binder: 24576:24579 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380), 0x1, 0x0, &(0x7f0000000540)="bf"}) [ 2454.825952][T24579] binder: 24576:24579 transaction failed 29201/-22, size 0-12288 line 3241 19:19:37 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47f]}) 19:19:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000080]}) 19:19:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff0b]}) 19:19:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:37 executing program 5: socket$inet_smc(0x2b, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x4e21, @remote}, 0x10) sendmsg$rds(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0) recvfrom(r1, 0x0, 0x0, 0x2a0, 0x0, 0x0) ioctl$BLKPBSZGET(r0, 0x127b, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21}, 0x10) ioctl$PPPIOCSMRRU(r0, 0x4004743b, &(0x7f0000000440)=0x4750) socket$inet_tcp(0x2, 0x1, 0x0) shutdown(0xffffffffffffffff, 0x1) setuid(0x0) 19:19:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000081]}) [ 2455.242198][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2455.342581][T24920] binder: 24916:24920 transaction failed 29189/-22, size 0-0 line 2994 19:19:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10040]}) 19:19:37 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x480]}) [ 2455.388806][T24923] binder: 24921:24923 got transaction with invalid offset (0, min 0 max 0) or object. [ 2455.415634][T30091] binder: undelivered TRANSACTION_ERROR: 29189 19:19:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2455.481811][T24923] binder: 24921:24923 transaction failed 29201/-22, size 0-12288 line 3241 19:19:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100c0]}) 19:19:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000082]}) 19:19:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x491]}) [ 2455.816565][T30091] binder: undelivered TRANSACTION_ERROR: 29201 19:19:38 executing program 5: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x200, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/qat_adf_ctl\x00', 0x10002, 0x0) syz_open_dev$swradio(&(0x7f00000002c0)='/dev/swradio#\x00', 0x1, 0x2) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snapshot\x00', 0x2000, 0x0) pipe2(&(0x7f0000000380)={0xffffffffffffffff}, 0x800) ioctl$VT_WAITACTIVE(r0, 0x5607) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x1f, 0x8000) ioctl$UI_DEV_CREATE(r1, 0x5501) getgroups(0x0, 0x0) lstat(&(0x7f0000000bc0)='./file0\x00', 0x0) r2 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x82) r3 = memfd_create(&(0x7f0000000100)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r3, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) sendfile(r2, r2, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r2, 0x4c01) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000000140)="3a535f03168af7ad7bc33ad5b8a76044d0126576543898c5a217974f2ab74c548a56160dd5c52cc314f2d85beaa61dda5aea6e7700c50754e0de8ff1baf14c95d5938a417d1bb8fede62c79e47430572da1f23ffd01d0fe2913bef81dd309848e58f2666944d57fa8c42dc5cd9ae99d932cc02b7743dd14b00af2faa4f5e8cf0be9cbc25a47ad5f194625ed033c3a734d4d75c17430d643a68f6b8b60c8e8fa9b43a243cc2159d90dcc2bbec", 0xac, r2}, 0x68) [ 2455.877131][T25040] binder: 25032:25040 transaction failed 29189/-22, size 0-0 line 2994 [ 2455.925008][T25249] binder: 25244:25249 got transaction with invalid offset (0, min 0 max 0) or object. [ 2455.932786][T30091] binder: undelivered TRANSACTION_ERROR: 29189 19:19:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2456.041652][ C1] net_ratelimit: 14 callbacks suppressed [ 2456.041661][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2456.053225][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2456.059148][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2456.065020][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2456.109417][T25249] binder: 25244:25249 transaction failed 29201/-22, size 0-12288 line 3241 19:19:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000]}) 19:19:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000083]}) [ 2456.253445][T30091] binder: release 25369:25379 transaction 1240 out, still active [ 2456.281657][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2456.286407][T30091] binder: undelivered TRANSACTION_COMPLETE [ 2456.287578][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:19:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d0]}) 19:19:38 executing program 1 (fault-call:2 fault-nth:0): r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2456.560741][T30091] binder: send failed reply for transaction 1240, target dead [ 2456.590755][T25600] FAULT_INJECTION: forcing a failure. [ 2456.590755][T25600] name failslab, interval 1, probability 0, space 0, times 0 [ 2456.610869][T30091] binder: undelivered TRANSACTION_ERROR: 29201 [ 2456.624655][T25677] binder: 25675:25677 got transaction with invalid offset (0, min 0 max 0) or object. [ 2456.681822][T25600] CPU: 1 PID: 25600 Comm: syz-executor.1 Not tainted 5.1.0-rc2 #36 [ 2456.689772][T25600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2456.689781][T25600] Call Trace: [ 2456.689809][T25600] dump_stack+0x172/0x1f0 [ 2456.689839][T25600] should_fail.cold+0xa/0x15 [ 2456.689863][T25600] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2456.689889][T25600] ? ___might_sleep+0x163/0x280 [ 2456.722802][T25600] __should_failslab+0x121/0x190 [ 2456.722825][T25600] should_failslab+0x9/0x14 [ 2456.722843][T25600] kmem_cache_alloc_trace+0x2d1/0x760 [ 2456.722859][T25600] ? kasan_check_read+0x11/0x20 [ 2456.722878][T25600] ? do_raw_spin_unlock+0x57/0x270 [ 2456.722907][T25600] ? _raw_spin_unlock+0x2d/0x50 [ 2456.737969][T25600] binder_get_thread+0x1db/0x7c0 [ 2456.737991][T25600] ? __might_sleep+0x95/0x190 [ 2456.738013][T25600] binder_ioctl+0x1e5/0x183b [ 2456.757750][T25600] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2456.757777][T25600] ? binder_thread_write+0x2820/0x2820 [ 2456.757799][T25600] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2456.757831][T25600] ? retint_kernel+0x2d/0x2d [ 2456.788038][T25600] ? do_vfs_ioctl+0xca/0x1390 [ 2456.792739][T25600] ? write_comp_data+0x1e/0x70 [ 2456.797527][T25600] ? binder_thread_write+0x2820/0x2820 [ 2456.803019][T25600] do_vfs_ioctl+0xd6e/0x1390 [ 2456.807651][T25600] ? ioctl_preallocate+0x210/0x210 [ 2456.812783][T25600] ? __fget+0x381/0x550 [ 2456.816968][T25600] ? ksys_dup3+0x3e0/0x3e0 [ 2456.821684][T25600] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2456.828121][T25600] ? fput_many+0x12c/0x1a0 [ 2456.832573][T25600] ? tomoyo_file_ioctl+0x23/0x30 [ 2456.837529][T25600] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2456.843809][T25600] ? security_file_ioctl+0x93/0xc0 [ 2456.848952][T25600] ksys_ioctl+0xab/0xd0 [ 2456.853134][T25600] __x64_sys_ioctl+0x73/0xb0 [ 2456.857843][T25600] do_syscall_64+0x103/0x610 [ 2456.862460][T25600] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2456.868373][T25600] RIP: 0033:0x458209 [ 2456.872384][T25600] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2456.892009][T25600] RSP: 002b:00007fb8e36d2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2456.900539][T25600] RAX: ffffffffffffffda RBX: 00007fb8e36d2c90 RCX: 0000000000458209 [ 2456.908582][T25600] RDX: 00000000200004c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 2456.916837][T25600] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2456.925017][T25600] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb8e36d36d4 19:19:39 executing program 5: r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0xc) writev(r2, &(0x7f0000fb5ff0)=[{&(0x7f0000000080)="1f", 0x1}], 0x1) dup2(r0, r1) openat$dir(0xffffffffffffff9c, 0x0, 0x101200, 0x0) r3 = openat$vsock(0xffffffffffffff9c, 0x0, 0x2000, 0x0) r4 = openat$dlm_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(r3, 0x114, 0x7, &(0x7f0000000540)={@tipc=@nameseq={0x1e, 0x1, 0x0, {0x0, 0x0, 0x4}}, {0x0}, &(0x7f0000000240)}, 0xa0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x10) fstat(0xffffffffffffffff, 0x0) setsockopt$inet_udp_int(r4, 0x11, 0xb, &(0x7f0000000000)=0xe193, 0x4) syz_open_dev$loop(0x0, 0x0, 0x0) 19:19:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000]}) 19:19:39 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000084]}) [ 2456.933015][T25600] R13: 00000000004bf49a R14: 00000000004d0e80 R15: 0000000000000004 [ 2456.943214][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2456.949283][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2456.961776][T25677] binder: 25675:25677 transaction failed 29201/-22, size 0-12288 line 3241 [ 2457.031680][T25600] binder: 25599:25600 ioctl c0306201 200004c0 returned -12 19:19:39 executing program 1 (fault-call:2 fault-nth:1): r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:39 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x560]}) 19:19:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000]}) 19:19:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2457.407871][T30091] binder: undelivered TRANSACTION_ERROR: 29201 19:19:39 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000100]}) 19:19:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2457.497797][T25980] binder: 25972:25980 got transaction with invalid offset (0, min 0 max 0) or object. [ 2457.621494][T25980] binder: 25972:25980 transaction failed 29201/-22, size 0-12288 line 3241 19:19:40 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x561]}) 19:19:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d564b]}) 19:19:40 executing program 5: r0 = socket$key(0xf, 0x3, 0x2) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$VHOST_GET_VRING_BASE(r1, 0xc008af12, &(0x7f0000000280)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020700090200000000000000c9da2ef6"], 0x10}}, 0x0) [ 2457.862250][T26188] kvm_set_msr_common: 22 callbacks suppressed [ 2457.862267][T26188] kvm [26167]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x4b00 [ 2457.899034][T26142] kvm [26140]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x61 19:19:40 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000101]}) [ 2457.914140][T14773] binder: release 26003:26036 transaction 1245 out, still active [ 2457.943311][T14773] binder: undelivered TRANSACTION_COMPLETE 19:19:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x2, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2457.984630][T14773] binder: send failed reply for transaction 1245, target dead [ 2458.007083][T26233] kvm [26140]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x61 [ 2458.023343][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2458.085297][T26236] kvm [26235]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2458.121922][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2458.127754][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2458.160723][T26243] binder: 26242:26243 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) [ 2458.234185][T26243] binder: 26242:26243 transaction failed 29201/-22, size 0-12288 line 3241 19:19:40 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x570]}) 19:19:40 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000102]}) [ 2458.317896][T26325] kvm [26324]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xff00 [ 2458.499346][T26396] kvm [26386]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2458.549646][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2458.556641][T26451] kvm [26449]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x70 [ 2458.605079][T26490] binder: 26482:26490 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}) 19:19:41 executing program 5: r0 = socket$rxrpc(0x21, 0x2, 0xa) sendto$rxrpc(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$rxrpc(0x21, 0x2, 0xa) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x0, 0x0) sendmsg$inet_sctp(r2, &(0x7f0000000200)={&(0x7f0000000080)=@in={0x2, 0x4e24, @remote}, 0x10, &(0x7f0000000180)=[{&(0x7f00000000c0)="5b654519094c53966714dc7a58600dfbb80c3da4142e4c3a569de102fd038cef2410e56d3ee66ea607a757e04b7560a1e35b5afdc4de646df7129917ae35623382dc7e86bb17746ee5aaa304ecb52c5f64a6953829837ab47dce799b20bf7f6a7b841c30c4212f4a3e1473f98eb24165b60ebd38c65dc0305e9d0c461a9f1638abfe6b105398ed804b0a34e7a773d53ec693bb0f4b41d36f993d8fb0ee8a8734d31b1f73602bf00de8f37199c9f5", 0xae}], 0x1, &(0x7f00000001c0)=[@authinfo={0x18, 0x84, 0x6, {0x6}}, @prinfo={0x18, 0x84, 0x5, {0x30, 0xff}}], 0x30, 0x4004}, 0x10) bind$rxrpc(r1, &(0x7f0000000000)=@in6={0x21, 0x3, 0x2, 0x1c}, 0x77) [ 2458.706457][T26594] kvm [26449]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x70 19:19:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2458.838120][T26677] kvm [26671]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:41 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000103]}) [ 2458.912673][T30091] binder: undelivered TRANSACTION_ERROR: 29201 19:19:41 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x571]}) [ 2459.004550][T26700] binder: 26698:26700 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10100c0]}) [ 2459.060032][T26700] binder_transaction: 1 callbacks suppressed [ 2459.060054][T26700] binder: 26698:26700 transaction failed 29201/-22, size 0-12288 line 3241 19:19:41 executing program 5: seccomp(0x1, 0x0, &(0x7f0000000280)={0x5, &(0x7f0000000000)=[{0xffffffffffffff4a, 0x4, 0x8, 0x8}, {0x5, 0x100000000, 0x7, 0x9}, {0x2, 0x4, 0x1, 0x8}, {0x7c05ae2b, 0x3, 0xfffffffffffffffd, 0x2}, {0x1000, 0x3, 0x5, 0x1ff}]}) 19:19:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5450, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2459.208267][T26834] kvm [26807]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc000 19:19:41 executing program 5: r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x60, 0x0) ioctl$KVM_SET_NESTED_STATE(r0, 0x4080aebf, &(0x7f0000000300)={0x3, 0x0, 0x2080, {0xf000, 0x6000, 0x2}, [], "75863b8b84c1ba783bacb78b82a8796e14016772fbd4566df4cad99ba2489c564a6eb1a319004ccb12ba00f0e110c623a82978db8afada417250b315852cadbc25ef62d12db4b5ee4317968064a4a43a6c0bde75ad026f56188da3bbcc36ab9bebc61154941fb56f99a1a8e4222e0ef99f9613d06bc4a9b74cd7a37db6bbe1c4d18e34938e3392f3bdec30d57599dcee574845a18d3f8fd37e480da13a7f2d54d1249bd374a4392608e21d73f0a3e1d9a80490ce80c4deb599409726eacc9074724a042453cb12e815548448461a7f4a663a4be93acb33f9253105490b8c3b2aecb2ac537c5cbe16f8e699e6336acd2a7bad782bba379e1393fa53d05d06225f2fd5a777b66f712372ae7661b47dde4741188b2740b0201e1fd1e5e10ffc5cf73c8d9c87327a3ed2f211fb9dbdd193db6abd6840555b6603d9cff3c64ea24025c1b470927ba033853fde6107ad73adf8c659d70a4403f27c82fe27e1c237133e77fbbcccff34364271380103e6bd43938e5c60da499dd57eb75de84d441cb8bd1b769aaa3f2fd374c01d08dc64b308539597b80f67b98e55dcebce128897227032a17229c8c0e624da48f9ef0c413e2aae962658f9333e3641245aed8b14c1fdad1fb819735c0399110855f03dfbb24fb7a126deba65affe15c79a4e813dbc743e6bd561fec07da98723020cbc0b0c3927be6886ad972cbaa04334fddcd0e402c0ccb8939c6b5b54947f3113512822c357c1cd03db431f808eb1a73d4a96cf3b18d3f3486082c9147f54ae25e2e34b2ea192066c56246240fe9a5df7c3e0a6e8734b023e3d84920559e54f947ab7be7bb48a357dd01c356375e47b6b760f0a237f02e45bccfe7c2d29398aa9893ba6273fde6eb7a056a22a0d4ad3a44c83138e0140007adb9668e839b74dca5e0b4060e7935124a41a7046c574328d0912702e43f869e6c31ca8d16c736c32b62cd18e7c11171f2b3717ffb27e04c625b7dd29f0bfeaba78aea2d7d7ea087c1b9a0e6094c0ef23dd1d144f71b4860cab1fbf83deeb35b4114d596dea459c0fe75d2c13bc840c62a18e93fbf195c43d8be95fde5ec292dc2ae7bd359cbdb624a1bea98d06519b39587a21f4942ba61ce0e19c950d5ce621cfee2c34d512faed57c9e1357563bc2e13947cef45849ebab21e0d37e14ee582c8143b5a2797809061900a2296ec76bc75db9725ffacb6ad9a9d17ee505b01ebed4240a812ec452fe954564b3c0a2a250cec1d9bfe0e1b99a5e633e3b5dc66a031df28943c08e89176df5e7e4b6a8055d5419942b82c7e9c6c9e3102155726cdc4d8a0af24267be000b70b36871a03adeab6982ad094552e6aca6a488a38dd1754617a8938b481ea84694a6c86519a34574e2d5a34c0384d99d45729d72e6a2f52b191d46c7991eac0b373551b97fb9c6ea0a23658b85824a60ace5fb52fadd52388b26e44eb84d17ec9140e74841b8b10691dff59f6ab413962bc57acbf6b0e965b1433fcea1ce31792315337333aa0877fec41fb6f607b2b133d1fa14bc4bbee903d031247905bc5bf5835f649d59319f5cfdb9e5b955d614693cbef4e7f1327d0302ca530c007d5bd606eaf1e5fdd2e0cc3ce59ba298fc6b8906e1e2f538ba7d6009cf0ac34fe7df014d475bb48bdc5941f262e9900ab711cc8d2c94da8beda6846f22707c1f9532b1ae58c4ad4f7e9fa3c15949f91f1ef0ada8a396c76cfac66e3c2645b3dde6a10f2aa26f9ef7e6df68c88d40c58ce6e97f74cac86cb75cabf366611828b9658d9353ebd29520f49c3f756489f079bfc30e1b64d847dbeb916710fa9c4eb0e5078984a70cc4fd80d3b8765ec48b2aa885cf305cd5f3e943ab240f5ea6173c7db47c350179ce2482caaab86e883f7c703d6160f3f6ce84ceee0ecd687987f48d95827faa4aeae6649828c2f99d7851c44249eb7f88925007ad72a6b995480361b0bd39a1c8a88d88d49c5c5584b4da1e872526dca95402fcb5a4198e054a88159a7ee05d2db5d661f24c546208e67e71c8b28f5235b3e11d100ee46beaf2a613c7b3e5ebe40091e9a718e469fddb45b966a196b418d35c23929a24e02dacf7a4546561694639283bbca02e2d07ff5e2c49df3a8868d9a215e968bc890bc9dceadcd1643b72ddba0b76402ef938f1ef73589db4a95e3f617e8e9721c7dc37f0752086769d150326774514042a3fef355d9bbc123834ee4a33987c4bf196e333613d3c87a56689396e2670c75b522ae0c9b33709a7e82cb35fabd7e17ff796db87b772c32a63a0956ec9117458fdfbc2552a8b7dc295183d1eefcf1d01b1da804e65832133b1414356997d684624496b998d862805987991e33a27cc2b0742f643319c68aa10536c7aeb79c3d0741d0d39496c78f5197974cf75d27d88eb1e92ca775c01e3ef8ee5807a1dc8da2530c8ca8cf462ead3d5331efca9e337760e48a19f6d9c889a06a64cefcf8fc082c6a9532d5b57546e7ee3a5abc66f28f057e72d3d8726964cf4a5fb57dbcba6190680eeb769fe09060ecb608fd5729f6548972234f6f67946adbdf1124ff07bc0eb46f122d92a1d6481fdece5814a59ee1dd5d65cc65e81c72cc519ac61098cb713ca2ce0b20740021de5e5619cd1ef841b907e6d0712ec3d19215f8f214c7b707146ae95d2d79b724f9c26d5ea1c00a7aee0d9eeaf327a97829900c7561de19cdc83160da5d00727aa84fe8aa8dc1e6d50b72005b297a1c3cd0c5c8df286545a83b333b4a2905f6895124a89b8e23d58689aa2bbc906b3dfffde1cf848dc1af13ce2e50452cb8a764f86930320c75e1228928987c6963b83516e17bb490f67fc401cdfd6b64a35dc9d035bf1095d950b0adc33c21db8751a44e0e5e20038781f6ec9afdfbcd95c4a3e11c60a4c47a698cf2a48a2ad45d209a7e86279743f707abaf1fdd3cbab0f5ca2c1409b37302e18b89fab56844270569ccdba8d13ae42593c4a2fb5974ec75b6942ae7268ea054693fea6fe54ed8a2dcc295c2580860ae1739ee91c11a0712b9e87aff6b0e928a360e677350c7ffcae98b6e14aea145bffdd0c8c95f0e76758d1c6318d1357b4d4d04dc052854b46906118bb6f51f43e395e2a7a571f6a7fde872cb8347f727deb360b7aa677ccf3f00e03eb5bfe01d0292acdb52e398b9bcc1d0ebdec055a8de5817b487835968cdbc9a610107b66fba78dc2201fbfdc3eb52534983f876416aaf2935e7c3f605a994917fed5b4d9d1a2184415903b12c1ee8f1466b86f891396b229310be1a0c8eb3fbe8bd3c3167ce76199b74d058819b74cc6e51c5cabb57eb35c816b6044451602efb1102b07b2e4b21bccf6ade8a0ff4a326980fc4c9eaa306977b6dc2d8bcbf164aa8a4e0f031bc772b600ec5df388f92ca931a81ffb537895c3e0029af71ed99f99ffe72cba03fa6219505f19d48eac85ac628533f269d5b36942e472ae942dfb629296901ec89efd3e7269d55d5476467a4841318849d9cc877169fb9798ffd6abd980eae2ef31d4914d8e134f338c24e9d5680eb97f19f4bc6450b4132e652dd61409f6e76a789778ee584cce3750b820c8ec89c44c6eadc7e2a7519ffbb181c29ab5dbbe9a6e2657f10c8ed8ffbb8391a7b7f2323a4cbb0fde96fef2b1ccac0caf947a8a4079a73d93c77c270861c2c1acab2138a579eb117dd3411b7b1564822e2bc4a7f58b932347b5a620e2196ee0ba7db012cdb0e5dddabf22f2f5d0202469b9745bfd63e04934903877c9edb76ef6d1f4a7d24610155346ce679b615ba61d61188aa64566698f9b01f7a9e02a3ad12005456293a5b8ad92df60714c6712b010d78d3ea3f568f091bbce17d6cc6ddb8c9be6a2c745eb836fe403297dc27bfade5c12fbd8c2d8a921db173620afcd6cc2a99e53d5b909adbd7ac1e7fa6d6fc3e9b3fe968b968aad4bc81cf4e4a6baf97bbecbc7a838e9fe399edd2f401c2772cd1ac32276d8f4d74d2730171869c6420d33c6e4a5d8ccdfce008ed70396ef8fb9882b5d0801e9396a32bb0fc08a8811fa12600bbbc21f633a4447f0ae81d33d1396d8c667aa0ac14a01f630bfbd940992326f9a88ea0f62a8103f69fa1834a5944f622b11c68618ed8101720a46e883f2dd0b1e26a4ec3ad55913a778799b221d4edc096bfd5d2adb6075b462467802c926974e02d6d1c9d3d027fa99914a55e8e2e9f77e50ac668643ceaaa3a5f81efcaf71cda81bac452e2d87cf7c7156bbda8fb7be257d46d7e1536cfc4626f4141ac9af8b819ca2db3418f9f0d5ca9fb4997cbd98b5ff0968c792096e7da6dff507ec2dc449e4d97f1ffa5c3ae0574941999a876ab4e6bb53c386e34375ba6468b445649ceefe5a6ed2e4b03ffdc443472cf022f8c947165ae31d441afbfd6c478e63073541b46639fd8d61203da69e8208e17cd8a334b077bff87ba8a8df4acfb6e7e337643f9ca222ea0da7c2824859d550ccddb0d0eb1bf1810feafd8bbffc97c679aed611a52d07d042de1e06e67cfe7d1d74b55448a3a6fc61756a4a26365355f455f47d7b306be6eb9b18e47493c7611c22e1362e877ff4b241597a5bb815fba09aed5c3b5b897939aedac81fb18358ace5adf1404c7d95e76586db7828a082520dde4ac09d9648fede47fc44653c957ff4f1fb2c3ded2bb2da1b109bcfb9deef413e6e9c9c38380345d58056e0cc952ac1c9b2d56b3aee1223075e22c5ed704d5ea0a06a2b37c6a06115f1b532c4c7313d5fc7977c49fa2ad0dfbb2105f0cb4408a1d2e4d3d5a4f53e786bc1560b8cf982cbdc51b2020a7255c6e8901a30c4a925119d22ea068d27bbb4d05207da7a0a5a006916e9c95301161188c4558d9c4572a68db0b91c70581381dd1b7974b32381a0cf5b1f6fc2e00358a628e08f6e78d946d4c772f7feed00074d7739cd2c1c5c0fff3ec54252179b48bcee16c636fba50cf098d697af6eac599e1feff77826c261737518dc9afb43e5b35c028e9e66c39a9a2c2595913d6fef120d85777c9bcdfb2b75ac0e1c0d5124c00f0d8bc3e372cbd3c4f01e15164c6b557684a2a3d65da1dac512e006e2b6fbcdaf53804e62c2ed7607f398b2ad8ea45e0a0d55a53e62dbe7885b7e94b2f6881a05c00c6452c2da02a2db9533eaf09b7f6fba82ae53f9f7bb4bbc65df1362d54850c93229514367a55b71bc5e3552ad102a29a4c83f6e0bdce0f660f9d09d761949064d3f06f9485ad7e9ce8982feea54cfe145b0950eb9ccd893c6608b5400fe2499dc8bf8753616f9489cc0e31db9f72821c20c371c0df74c776b639795ef420d2e21a053809b9ca151af4009ea1d9106c3679304bc85e80c8a57a79a5c38098ab7b671170ce416907cf91f69195adc304a8fac032c17d33dc321f706a7aa054850db7bd2803b765bd182e9a716459953d67ea7e6c4a8ea6b34e4c0567fc6b71d8c70534ec3b9dd365e9c29a5bd7f0b7f22ac3d2400b43db285997028245a1c86ba9fb7a30cbd9c851ea47d630af2cc8f42657c5954bdf6408ff7580df611373f299961ff9268845783e47914e8f33c392d6e5cfb2b064d10866fce714cb0dfe617a9e216d00e75f818cd115ae68f2b5c0dcd8e7c66b0efd711d3f95a62aa0b6ac0bc89b946e1aea0ae48bb9f03cfc2443026d61eb44197d90b531f16b9f65a0168f67b3158a930d142f4932f4c663149d7a82bfa63e9a2766ab4b0662b62d1e6946fad05bb3a3691290aafcb1c3943830f6ada02c7cc4f35f04fd922b1bf73bccfa8f87559f0ef4635b21f070de5113f158ce7d7d28f7a3bae33aa8", "3b02a1d7a4cf3b541b0f2d4537ca01dd6a714f4a715b0372ef602e9876d9b70db1dfdb112f0be9ad0635816c6d0074667a20e372b75ae382338833aa1ce87caf1da0b0648ff252872e66ea51da4795b87cbe1cd6fcf916d3da7378ac72010a6928fc96bc11fd8910e40a9490d4d259abaed4bbce854e2c786c176ad8007e30094fb58722041567953bb6c45bef9f5e219c5ed6f1083b0f22d5b167d6c1e745c209b7669782986699d1985598861c3da2083b62125d94d359a27424cd520a565bf379716bf1542ceb18c44e437af407032c33c54f4bbcf8812da57898603cc0a6ded5f9b634f48eec587c2c132e6eca8d7a58ecbe01483413d56a19959a4f65fe24f60c5e068636f20dbeaee3d849280d9f717cd2226d2dbc1cc18aa6ebfa4b9a88e5d961ba3f9d6d7abff224290b867a1159d99c43f1891d8a3855f1d6e7a0c9ec87d7a09bbb1149404cb6cd1c814212ec858b2fd1da81f93a7db2efb9d6b3079044c351c23797e938c43512084af2c25c53bf69fd1d4165383da197131a74221657cf35ff5128f4ca575e4108afaaf8fe750d4cb750f4cc9e3b2b453b50b3d21335f5f5ea2fc4559b13f8f925511b0854e09d354932fc37a237953dac51293b0483da83805d7b33da2e45397cbbfd0b1bd05259325d63295d3604e4eaa595beaf38fb61e4b9d6e28b113132899c39e5e9e1435aa1790d0c7c0ead1d7fced36ba309bfa0d48cdb422705b34c8a61b27a9c9e78cc0445205e59b80ab5458e774777e66c4d2dd61097cfac6c8658af8f83ca7f93798e360390cd7ebc85504402c2470ce961f1e2ff7d80e6594662b438b4ba4456541dc3b3b50323865e1c19b47d148d5c2ffe0d2e9d0868c3eababab41d78df8e34adc6aa874a675cacebc057a3a13764ef75e7cb479bb9aa0f988781ee43fac98790e2d35c7cfd017b2a855ec898aeda9c3f0ad72332888c058cd1082f90300bf1ef01039fc813c06bfa2fba4404eb9caf33d342e14136c86a0f06fdd80fbf5160d1acd6e84a450645b7acc54cc0a2f3566e99f29fe02192f38448c6311d8529049cf4dcab93f3e8f31ace5e439c5078c5f20812dfa4d1a63439bc71dba7061c1d34a7e57eb64bd20657e0bca6f30e096a2131313923a8fc84a94d91a47a3c36b70926573d3d4845ccc318556e59c435c86d1c225c0df991ebf31ad27d1b33cbeba926f5d5e89a7cf495c7b35daac6a25dda54b6c074b2075ea8452754ef90607e9d2cca4b5e930eaee505543d03514148744a3324463d8b86b7723b69fd7bd4a8e0fe05567ff0ab81f638506d761b9a6443a12c14a832cb1efc6c984b4d24deac77c00412a1e57745dc3fd899735381ce2987eb3c63fe26c9b5ecf11697c3549acd75397b1ee3cddb848429142fdff550b1faa0a140a9870ff562a4c3c2ceefaba6636690da0b67cd43381ad966127b1333614977bf8cec0d4435d6b3233a85c2f8ef3fb4163a0e538663f8755f81899c7aafdac0adfb854ec254ebd87745673bc8845a8e70278de72a3e0c41dc769d1a71df08e24f6f7ace68fdfe3f4f9c1ed7417b299e6abb1710b9c6867687dbd39f7785681dda9ce7065548424ffb2393a7a2fbb310797e674ded208d9e3a5bde8e54adc499f8ca1a675e74891fbd96cbcf7e77da01a303c2dbcbba358276e6dcc68ae07b863dd9370e362fed0bb1cc6fb828f6572f382e91e837b0eaacd9a954ddb9a55d0d7a65cf3100915d517802882e94d30f36a3c0aa128a0c90934efcb2ca8198bcd434c8f2656306726c0ef967853385561c9f4124b195542b3d729c6a2eb67e8698196711f39e4c68aa0a72036b143700128b80f7e73cfe79db9ec0e9b9963bd081ebdfa41e5a843b0734b0e25b4951982505b3413dfa88a1ac7a6a9cd5d5ba243ab0021a122ff07029c7057b3a0f4e8b9cd63762959cc7409b8fc86211df545bce6f11f051cd2aa22d7ca3f807475d031f69ada33ee612ef365d058eb4d8d434d6b87603109b7ec407db7112e7b4abeb02e13d96dd80b3e3e2e3f35e39eca1d4e8fb35eeb5f69e3750b641d285ed80b66420b9cdcdd6e98c98d2542a4a0cdfb7cbe13f8d392e5f05d93d3928f10a84f0bca08914b43754ce60a2ba4afc79c8f856732f476284c5768d0e23a593c886ef3cc5e049e99eb473e987a95daa275f9afe4f6a60211d2d9f78615149e1efba91287d90acee3377e5dcfe8c412df200736310b149add32e15119ff35ab62ecfb6ef64b9ba29a283996be72a019455e9f3d8ce8cc337a09f4c637a691543393b4bfe4617d05e4a4acad73c4219ae9b58c54a29c244a6ca737a64d5158b5b011f0972087e6577b5c59f01af054073b7221db01beffc6693d2ea677cc54156393362a5fe465d2d4fa8c0a17e798b83c7bd8e3b715c0bffdb7ef3327f02caa0b4153f3ea31246a87c7d14be2b89e1490a559e910008bf2316183988bc65fbcc46bfef304a498d7a59bbfe3f341cc77d9fce1de887baf17229c0748bf76e89c97454c99b59350a121cb947ec74eae92f74440c2c15fcee80188cbf25b6f76186a07e8fd22de05398d207da7922b52e02874dc70c8d4dc2ad7f90c85ede87bbd60002361624bbc3d3ba64c2630e52bddc4feaa4ebb7571e1e2f15f0a7644eaf3419ac05921af33d598bcbdcbf00e598cbc2bfd46466580a6eaab2f5d44a40ad2ee59b6a51ca20aa81a5444f1824bfce2196d1a0f451ac9dbffbf1cdd4b2916189c4504723645c2cf7ee357f65d1189b17115d6d12a719588d1ebfd287a7f9b39ad152596473d4f1a8c61b1982fae213aaf40fe3af50936413d31eab9061239129a70e75083ea347a635054e968d4a1ad3a17b96a8a74e5a29f91dc3d9b046037c288ad1ff261e9871250ca3577e56a7766a483cc5d148ea01b0530afe2e4670d7b02aa82de5e2c9c469a5249279e0426e65584a7111ba1981f7d7e018b34aa6388678096796a101fa014df16b182983349ef958a9456b1d489930f1d087b3e686633e2669cc0140bdd2a2fe7851c2f8d694b3aa54fd7a145b862b433e1149c7878553e852f512473ee6908ef4618b6da02e59ff7b0214cd7eb0ba56ee0b7f75fcf14dc005ad0cd63f43945cb4feb325b773b82816af2793cc963b99facfe75cd4525c5cb4297777a2d8e8970ec9c0a84ff3979d8227b87bbc1c4180ee97863d15c9fe81ec2eb50b19d873205a96a296494bc4be90f73a09db79206cca5ccfa15306032094ee047baad1b9bf41523ccacb39b7c6425b321d73ef183f225a49f65c8caa86e0d817f0677fc411358710907b2d4fbba936a505e0dca22de0f774ac882d548894ba9f35723cf51715347bc74507a461902287132bbb76d9e8d9a2f2f7896895b2df507e3902e11c66bb71e35aca6f6a3c66ba81594992c8b570b24899552385d7345012e66360a465f43f4c4fd54d60769fb8bfc6cfaeee6d7b1c616ea3656f2337c6e887e2721e6541c95bc5e79539785ccc2a0555333cc103aee83f63794a4309ed801f9773fb99e068b31e9427c1c20d34e62255cdbde14e77ef8eea5de868a3d13a20016c59a4ad66a8d3e66af3d398cb74060aa647d3ecf72c5b9993e722ed2431f810f8863ee3f7e6b2b07416c7ad4692996aa340663b06d79c1d931c39164cdae48f089b3a056ef4eb6b705ad6743c2ac3852a55735919393789a257fa4d7d4b3be52b39bb2b11484e03c3fc30e214c82e9000cec85b38f7f0d0d8a387aebbf839385ecd583e80195d40c52d66fac9522e8c0cdf4bac2b489485739d501e307febfe6e244195b220aef19f9497924ed209bd447958b09a78d3c7dfb5f617a1b2c114c0190796fe510068fb0eb48f540e81b8d343a618274fbe030eff057a9c8afca854ac8e83fc857cf30dce47bd1e49074adbb10ce3a8f039727c79b7d55473ccb2e4c11f6cbc181ee7ead9eb7c7150eadb575a652323639921a76fa1df6e0bb79b675b468611ae9f13c2aa974a80f1c834a9f256253fcb390f0c29403e24e96a8201b10a27e355ca33bb1543f19209f7250ff732c04283bee9ed5c898c7f560336a684eb15f06385fc47324f355759c45c52f5958bcc654e512458eb355ebe99e84f412105260330a8961bfeb9cc2fe851778128a234dca508c7a6067dea31d1f39e42675b3ca675e3411cd4f624105c8d2c4f1cb5423b4e027a344e37c7c10effd559add377e080782870d77d2bcc6d37eea8f3a988f6da69fdaded050d8e1062d439fe17fc81192e6e4a65c0fcf6d38e70091c40cc95da9f79e50298d004ac68ef41a64c30f7c586d2f2186f951a427ba1513c3bce2bbb83560e10b264f9325dfabc9b2e7fe84b2f5a20cc6d097460ebd8285ef46f5112185e06b385cba0893b2f43d3bed85d6060d1ce367524473f3740e20082167140281c23b9152bb20a637fb4a59968166a28ddc1f554008661a97e7970e2424bfd19e46a1f73674f69bde290d88d717f15c368eb0531c7f8283d29b67c28dcc220c3c4d0324b94b1bff0edb1869696204815629e1a42a7aeb6fb48119b8094742f173b3c69524260f687c7e87a2efe903f12ffaa1763fff6510ece9db5e5cb68b1591baf1f93756405cc0546e674c2e6379f9763a7b7573b1b1d4120e62a5f90068dccbf69953fe8f442b2b19ecf617a8779331178516adac2f0e147f140c503bea43bc80ab922562f0294a8e83b8cce93b7920b9d65c1e5b106a1a0d5c27e3eec592e5f9b69f7061db59866ac5a7aec441fe6a6c3d1ced2ea64ed3c267bae11d0dcd988a38ae8f1fa23f95f4fbd9a35592a02089f2a66168e62bee5d8c9fc013712987ea06460b821c805c4008291e25fbfc37bb5a0652f8413b038b61759aa8f21eca82a2a1b317b2aee33dd607da7f6dcd908c1c4558cd7cee82072c819540a3672eb2a9999abe55d8034278be41a70774a8a71c0ab06bc487d5d7347934ce2636aeadf752299dea150f0a2dbe8fc1048741a69ebc25db67c4d2de81b5168eefe469de192e8282fb95fa87b23d0d57348a9a0b58da69b762191ce67e00bb07c01ae8248401279d9974a8f1b6921457ce71413453586908e1dab88527132663790647f10aaf4d1488540a0b7d144976c5ba4941f985fcb958dbeb5a778f0548bbd05e93e94d67b3bd9a6938856727498a2cff1f839a52b6c9b75369b1de855b9b03813ba04239874881f5a1457b24731913364ecaad8c0a3faf163b970d3a3fabdc576018040ee6bb45683f78f75b90a60f0231d4f725a69bb0cefb5f4d2bed013ff931eed7760f057838eb9dadf837de7f767402a1ffa5563d7f11769d7e13354e16afed81015c49fd955eae5c7a8104a4f701ca76e4bd60857cd187f9e09c0d518a766fd9d814ea32ed3c47e3b997e519c60df88419f2378cbfa29109700ecae8413f2f7ed9c233d0a0cfd65714ac27cacc5e548376488a735ff75e7d2d39e979733a6bb9a8b5c946392fc15576906cff40c3767e60fef89a626ca17614b24391a0d2a5f80540d473f5d8408f277cebfce7e3ba96f986b1c2197d44d5a3118d36adaab1a8fd52d01445d7228ec7b0c4bbbd6787cead49f1529f51d92959ea160f1cecde3b0f5763c609dbe345c18c3e1638948cf532b5359f07dfea5a14596e4e994ae05406c7e631b5cad4f292be8d21b9fbd840305c3ae3c5b57b6dc1695156597cba0e241c35a28d773a84b36a0f6d0960b6308952874d8906d439057cafcf2799b37d9e975c53b352d962695e599ddda6bbb8a745037c4a09cddd346d0f03dc6fa793426fca3acf286"}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clock_gettime(0x0, 0x0) rt_sigtimedwait(&(0x7f0000000080)={0x200000000000000}, 0x0, &(0x7f00000002c0)={0x0, 0x989680}, 0x8) wait4(0x0, 0x0, 0x0, 0x0) write$binfmt_elf64(r2, 0x0, 0xfffffd4b) 19:19:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf82f, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:41 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010000]}) [ 2459.444621][T30091] binder: undelivered TRANSACTION_ERROR: 29201 [ 2459.493209][T27014] binder: 27013:27014 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14d564b]}) 19:19:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5451, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:41 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x572]}) [ 2459.573518][T27014] binder: 27013:27014 transaction failed 29201/-22, size 0-12288 line 3241 19:19:42 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000200)=0xffffffffffffff01, 0x4) r3 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x3dd, 0x40c00) ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000180)={0x400, 0x10001}) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000080)={0x3}) r4 = dup3(r0, r1, 0x0) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x1) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, 0x0, 0x0) signalfd4(0xffffffffffffff9c, 0x0, 0xfffffffffffffccf, 0x42000000) munlockall() madvise(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x9) sync_file_range(0xffffffffffffffff, 0x201, 0x200, 0x4) ioctl$KVM_GET_VCPU_EVENTS(r4, 0x8040ae9f, &(0x7f0000000000)) getsockopt$inet_sctp6_SCTP_NODELAY(r4, 0x84, 0x3, &(0x7f0000000100), &(0x7f0000000140)=0x4) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, 0x0, &(0x7f00000002c0)) 19:19:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5452, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x580]}) 19:19:42 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010003]}) 19:19:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}) 19:19:42 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2460.093310][T27302] binder: 27296:27302 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5460, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2460.177950][T27302] binder: 27296:27302 transaction failed 29201/-22, size 0-12288 line 3241 19:19:42 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010004]}) 19:19:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x587]}) 19:19:42 executing program 5: r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video37\x00', 0x2, 0x0) r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x3, 0x2) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x3f, 0xfffffffffffffe01, 0x65ca, 0x80, 0x0, 0xad, 0x801, 0x3, 0x2, 0x0, 0x6, 0x2, 0x5, 0x7f, 0x10001, 0x3, 0x4, 0x0, 0xffffffff99a04046, 0xa249, 0x6, 0x6, 0x1f, 0x7, 0x0, 0x15, 0xcfb, 0x1, 0x3ff, 0x6, 0x1, 0x200, 0x46, 0x0, 0xdd2c, 0x0, 0x0, 0x9, 0x2, @perf_config_ext={0x4, 0x81}, 0x1, 0x100, 0x2, 0x8, 0x8, 0xe04, 0x8b48}, 0x0, 0x4, r1, 0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_DECODER_CMD(r0, 0xc0485660, &(0x7f0000000140)={0x1}) 19:19:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20100c0]}) 19:19:42 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2460.605023][T14773] binder_release_work: 1 callbacks suppressed [ 2460.605032][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2460.731885][T27694] binder: 27691:27694 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24d564b]}) 19:19:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010007]}) 19:19:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e0]}) [ 2460.844286][T27694] binder: 27691:27694 transaction failed 29201/-22, size 0-12288 line 3241 19:19:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046207, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2461.081682][ C0] net_ratelimit: 12 callbacks suppressed [ 2461.081690][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2461.093399][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:19:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30001c0]}) 19:19:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2461.146284][T27866] binder: BINDER_SET_CONTEXT_MGR already set 19:19:43 executing program 5: r0 = accept4$unix(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x6e, 0x800) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f00000000c0)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x80) ioctl$VIDIOC_S_TUNER(r1, 0x4054561e, &(0x7f0000000280)={0x9, "2cf0ad9ad779db37224e64c9f37202bf8f7738ba0c93c87e5992d3467e0f4d3d", 0x1, 0x540, 0x7, 0x5, 0x2, 0x1, 0x4f5, 0x4}) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='status\x00') preadv(r2, &(0x7f0000000480), 0x10000000000001c2, 0x0) [ 2461.201985][T27866] binder: 27851:27866 ioctl 40046207 200004c0 returned -16 [ 2461.202014][T30091] binder: undelivered TRANSACTION_ERROR: 29201 19:19:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803]}) 19:19:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010015]}) [ 2461.283844][T28018] binder: 28016:28018 got transaction with invalid offset (0, min 0 max 0) or object. [ 2461.329023][T28020] binder: BINDER_SET_CONTEXT_MGR already set [ 2461.402420][T28020] binder: 27851:28020 ioctl 40046207 200004c0 returned -16 [ 2461.412158][T28018] binder: 28016:28018 transaction failed 29201/-22, size 0-12288 line 3241 19:19:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30100c0]}) 19:19:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:44 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2461.742121][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa01]}) 19:19:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40049409, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2461.886239][T28244] binder: 28242:28244 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:44 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc001001b]}) [ 2461.963791][T28244] binder: 28242:28244 transaction failed 29201/-22, size 0-12288 line 3241 19:19:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34d564b]}) [ 2462.281712][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2462.289768][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2462.296119][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2462.302100][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:19:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbff]}) 19:19:44 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2462.373989][T30091] binder: undelivered TRANSACTION_ERROR: 29201 [ 2462.502641][T28511] binder: 28510:28511 got transaction with invalid offset (0, min 0 max 0) or object. [ 2462.521676][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2462.527679][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2462.603199][T28511] binder: 28510:28511 transaction failed 29201/-22, size 0-12288 line 3241 19:19:45 executing program 5: r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{}]}) r1 = syz_open_dev$vcsn(&(0x7f0000000180)='/dev/vcs#\x00', 0x6, 0x0) ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f00000001c0)=r1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) memfd_create(&(0x7f00000009c0)='/dev/s.d/sy\xf6F\xf7-\x056\x9deq\x00\x86;\xbb\xf0o\x9e\xc62\xfd\xa9\xbacn\xb4`\xc6\xf1\xf0\xf8\x11\xbc\xd7W\xc45T\xde\x05{\x18Ll\xb3r\x9dN\xc4\xf1\x99\x9aS\xf2\xe9D\x93\xe6\xee\xe7W\x02\x9f)\xb5\xa1l\x98\x87A\xc7\"\xed\xb9a[\x93\x8e\"P\xd9\xd4_mm\xef\xd7W\x19\xc5|ataO\x8a\xa0\xd9!9\x84\x9e0CW\'p\xd5y\x04\xeal\x01\x10\xb3\xa5\xf1\x04M\n;4\xad\xd0s\xde\xc9\xe0c\\q\xe8\xbd\xd6\xcc\xe7\xceW\xb6\xa5\x14\x01\x13\xd2%i\xa1\r\xf2\xc0\\d\x8cx\xd4\xa8\xc6\x10\x80_\xdaA\xe9\xa4hv\"\xcc\xe4\xf7\x01g\x81@}f\bu\x1d\xa0\xdat\x90\x9d}\xb2K\xec\xa6\x19\xeb\xd4\xed\xb0]J\x1d\x8f^*I36M\bW\x80(\x88+\x16\xc4\xdc\x1c_qd\xb2\xaa\xadL\xfa\xc9\x17\x0f\xae\\D\xf1v\x04\x99\x0f\x80\xec?\xa3\xe1g\x83\x9fG\"\xfd\x85\"h\xc0\xe3\x89\xae\xaa40\'7\xcd\xe6\x86\xff\xbco\xd9\xfc\xc5l\xf8S\xf7\x1b\x86\xe0f\xad\xfc\x94\xc2\xc8\x8eCnO\xa1x\xbf\xb9z\x1a\a\r\xbbF~\xf5S\x8ab\xfeO}\xee\x82tX\xcc9Q\x11\x9e\xe4 \xedE\x14(8\b\xd3\x86A\x958-+\xa2\xa3\xf9\x97\xbe{\x9f}1\xa6\xc2\bF.\xc2\xf3|\x94\xcc|~0\xe5\x10\xe5\xa4{g\xf5H\xb3\xec\x89:\xbb\xe79\x94KdSoi\xbe\xec\x81\xdbP\xb3', 0x0) r2 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r3 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000200)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r1, &(0x7f0000000280)={0x12, 0x10, 0xfa00, {&(0x7f0000000100), r4, r1}}, 0x18) dup2(r3, r2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) write$sndseq(0xffffffffffffffff, 0x0, 0x0) fstatfs(0xffffffffffffffff, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)='.', 0x1}], 0x1}, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\\\x00\xbdh\x00', 0x43732e5398416f1a}) r6 = getpid() mq_notify(r1, &(0x7f00000002c0)={0x0, 0x36, 0x2, @tid=r6}) 19:19:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4018620d, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40001c0]}) 19:19:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc001001f]}) 19:19:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00]}) [ 2462.753047][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2462.880308][T28696] binder: 28695:28696 got transaction with invalid offset (0, min 0 max 0) or object. [ 2462.987127][T28696] binder: 28695:28696 transaction failed 29201/-22, size 0-12288 line 3241 [ 2463.019657][T28705] kvm_set_msr_common: 16 callbacks suppressed [ 2463.019674][T28705] kvm [28704]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44d564b]}) [ 2463.038219][T28723] binder: BINDER_SET_CONTEXT_MGR already set [ 2463.077303][T28723] binder: 28678:28723 ioctl 4018620d 200004c0 returned -16 19:19:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010020]}) [ 2463.161664][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2463.167693][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2463.177152][T28849] binder: BINDER_SET_CONTEXT_MGR already set [ 2463.194300][T28878] kvm [28823]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x4b00 [ 2463.217313][T28890] kvm [28704]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2463.231777][T28849] binder: 28678:28849 ioctl 4018620d 200004c0 returned -16 19:19:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4020940d, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2463.359129][T30091] binder: undelivered TRANSACTION_ERROR: 29201 19:19:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70001c0]}) [ 2463.477467][T29066] binder: 29064:29066 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd90]}) [ 2463.574140][T29066] binder: 29064:29066 transaction failed 29201/-22, size 0-12288 line 3241 [ 2463.686561][T29139] kvm [29114]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc000 [ 2463.721962][T29115] kvm [29099]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x90 [ 2463.785787][T29217] kvm [29114]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc000 [ 2463.810312][T29219] kvm [29099]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x90 [ 2463.829022][T30091] binder: undelivered TRANSACTION_ERROR: 29201 19:19:46 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) vmsplice(r0, &(0x7f00000016c0)=[{&(0x7f0000000300)}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x8, 0x2) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x200000, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) sendmsg$can_raw(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x1d, r2}, 0x10, &(0x7f0000000140)={&(0x7f0000000100)=@can={{0x3, 0x8, 0xf21, 0x5}, 0x2, 0x1, 0x0, 0x0, "36065eaf9a27cc9d"}, 0x10}, 0x1, 0x0, 0x0, 0x40}, 0x240000c0) socket$bt_hidp(0x1f, 0x3, 0x6) 19:19:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:46 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010058]}) 19:19:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:46 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xda0]}) 19:19:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8010040]}) [ 2464.022152][T29226] binder: 29225:29226 got transaction with invalid offset (0, min 0 max 0) or object. [ 2464.045291][T29226] binder: 29225:29226 transaction failed 29201/-22, size 0-12288 line 3241 [ 2464.214500][T29269] kvm [29267]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x4000 19:19:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2464.285750][T29473] kvm [29267]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x4000 19:19:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:46 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010117]}) [ 2464.358763][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2464.436634][T29535] binder: 29533:29535 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:46 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000440)={'vcan0\x00', 0x0}) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f00000000c0)=0x2, 0xc6) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/17, 0x2000, 0x1000}, 0x48) r4 = syz_open_dev$audion(&(0x7f00000001c0)='/dev/audio#\x00', 0x6, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffff9c, 0x84, 0x11, &(0x7f0000000200)={0x0, 0x5}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x6d, &(0x7f0000000100)=ANY=[@ANYRES32=r5, @ANYBLOB="380000001c9090ecffe22d58ba446db2f4dc9a1e897e0fb454601bdc839f8646d5795b88e42783fa2a142a38950ce7ac6d180139b03de2ecf1fb31fc6d03bae2780cdad54a5431b6bd82"], &(0x7f0000000340)=0x40) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f00000008c0)=0x8, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f00000002c0)=0x80, 0x4) bind$xdp(r3, &(0x7f0000000300)={0x2c, 0x0, r2}, 0x10) dup3(r1, r3, 0x0) 19:19:46 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}) 19:19:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8030000]}) [ 2464.562133][T29535] binder: 29533:29535 transaction failed 29201/-22, size 0-12288 line 3241 19:19:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2464.685672][T29635] kvm [29616]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:47 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2464.854182][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2464.892375][T29829] binder: 29827:29829 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010140]}) 19:19:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa010000]}) 19:19:47 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200]}) [ 2464.980939][T29829] binder: 29827:29829 transaction failed 29201/-22, size 0-12288 line 3241 19:19:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x2, &(0x7f00000001c0), 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setflags(r3, 0x2, 0x1) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000040)={0x0, 0x2d6, 0xa44, 0x8000, 0x10001, 0x6, 0x100, 0x10000, {0x0, @in={{0x2, 0x4e22, @empty}}, 0x8, 0x1ff, 0x9, 0x800, 0x5b1}}, &(0x7f0000000100)=0xb0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000140)={r4, 0x4ddd, 0x4}, &(0x7f00000001c0)=0x8) ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, &(0x7f0000000000)={0x5, [0xb9, 0x81, 0x400000000000, 0x5, 0xdcec]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r5 = socket(0x1, 0xf, 0x372) getsockopt$inet_sctp_SCTP_ASSOCINFO(r5, 0x84, 0x1, &(0x7f0000000200)={r4, 0x7, 0x4, 0xff, 0x1, 0x8}, &(0x7f0000000240)=0x14) 19:19:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620b, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:47 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010141]}) 19:19:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000]}) [ 2465.373096][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:47 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b00]}) 19:19:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2465.474925][T30149] binder: 30147:30149 got transaction with invalid offset (0, min 0 max 0) or object. [ 2465.582278][T30149] binder: 30147:30149 transaction failed 29201/-22, size 0-12288 line 3241 19:19:48 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000001122080000000800fe8000000000000000000000000000bb000000002000ff00"], 0x28}}, 0x0) 19:19:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0011022]}) 19:19:48 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2465.921308][T30091] binder: undelivered TRANSACTION_ERROR: 29201 [ 2465.954087][T30419] binder: 30346 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2465.954100][T30419] binder: 30346:30419 ioctl c018620c 200004c0 returned -22 19:19:48 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000040)=0x800000000000) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x0, 0x4, 0x200) shutdown(r2, 0x200000002) 19:19:48 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e01]}) 19:19:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000]}) [ 2466.044170][T30556] binder: 30346 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 2466.044185][T30556] binder: 30346:30556 ioctl c018620c 200004c0 returned -22 [ 2466.067128][T30557] binder: 30553:30557 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0189436, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2466.216492][T30557] binder: 30553:30557 transaction failed 29201/-22, size 0-12288 line 3241 19:19:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc001102a]}) 19:19:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000]}) [ 2466.441651][ C1] net_ratelimit: 8 callbacks suppressed [ 2466.441660][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2466.453096][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2466.458937][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2466.464752][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:19:48 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:48 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3400]}) [ 2466.579703][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc020660b, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2466.659671][T30926] binder: 30900:30926 got transaction with invalid offset (0, min 0 max 0) or object. [ 2466.681667][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2466.687932][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:19:49 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3, 0x31, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x406, r1) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'team0\x00\xf9\xff\x00', &(0x7f0000002fc0)=@ethtool_link_settings={0x3}}) [ 2466.741949][T30926] binder: 30900:30926 transaction failed 29201/-22, size 0-12288 line 3241 19:19:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc001102c]}) 19:19:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x150001c0]}) 19:19:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a00]}) 19:19:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1000000]}) [ 2467.092871][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x8, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2467.166341][T31210] binder: 31209:31210 got transaction with invalid offset (0, min 0 max 0) or object. [ 2467.245181][T31210] binder: 31209:31210 transaction failed 29201/-22, size 0-12288 line 3241 19:19:49 executing program 5: syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x163882) r0 = syz_open_dev$sg(0x0, 0x0, 0x0) ioctl(r0, 0xfffffffff6d3e21b, &(0x7f0000000180)="3094a182c04ddcb8b275892bbd01d668683fb78823943447d27b804ba2cb0fd9620822c3ee0fc24db4e030b02656ce38c532769125b5627733e27dd685f9d826d9805d40c0bdc9c649605a9bac226cf3a796d65a001ba9ff2defb69c3e94a1916101fb8d169a3f57c0c6071c90db2e11915e4e2d259ab730e68e38cfa41da06911ba83c93d9a0baaa38bfd0494a508b5992db99d4e7b6de03ad65eee1494460bea99c082c7f5f09026c3490dd8c90d17d5ab17f9fbd13eef85abd2838a853935edbd445a73d0f1c84f20a9a79e24cf69716e734ccc0be44f80cfc09a961719e4d86cb1b3ce94f379ce") r1 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000340)=0x1c, 0x80000) getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, &(0x7f0000000380)=""/4096, &(0x7f0000001380)=0x1000) r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)=0x0) timer_settime(r3, 0x1, &(0x7f0000000300)={{}, {0x0, 0x9}}, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000140)={r4}) ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000100)) r5 = dup3(r0, r0, 0x80000) setsockopt$RDS_RECVERR(r5, 0x114, 0x5, &(0x7f0000000000), 0x4) ioctl$sock_inet_sctp_SIOCINQ(r5, 0x541b, &(0x7f0000000040)) timer_gettime(r3, &(0x7f00000013c0)) rt_sigqueueinfo(r2, 0x15, &(0x7f0000000280)) 19:19:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x170101c0]}) [ 2467.321611][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2467.327735][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2467.337360][T31271] binder: 31264:31271 unknown command 0 19:19:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b00]}) [ 2467.415062][T31271] binder: 31264:31271 ioctl c0306201 200004c0 returned -22 [ 2467.446634][T31302] binder: 31264:31302 unknown command 0 [ 2467.517254][T31302] binder: 31264:31302 ioctl c0306201 200004c0 returned -22 19:19:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b000000]}) 19:19:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x12, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:50 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2000000]}) [ 2467.648634][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2467.748642][T31564] binder: 31556:31564 got transaction with invalid offset (0, min 0 max 0) or object. [ 2467.826147][T31564] binder: 31556:31564 transaction failed 29201/-22, size 0-12288 line 3241 19:19:50 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001]}) 19:19:50 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b0001c0]}) [ 2467.994458][T31726] binder: 31561:31726 unknown command 0 [ 2468.034135][T31726] binder: 31561:31726 ioctl c0306201 200004c0 returned -22 19:19:50 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x800800, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x3, 0x10000020180) ioctl$SIOCGSTAMP(r1, 0x8906, &(0x7f0000000040)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x1b) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x100000000}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000280)={r2, 0xfffffffffffffffd, 0x6b, "de7bd07118161665ac48060d66a01e16baf332dde4a91e715e3ace4d3feaa60616ae9e3a1871842b443765a194baaa249ebbcfc15efd6603f33e584d0d2a624105fa00fee1939fbc67b893c61d12cc586b918e7277abd84f56a50c429c5ca21b4873c755489b37b5f740a7"}, 0x73) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0xa, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [], 0x6}}) 19:19:50 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce000000]}) [ 2468.100120][T31818] binder: 31561:31818 unknown command 0 [ 2468.131983][T31818] binder: 31561:31818 ioctl c0306201 200004c0 returned -22 [ 2468.154881][T31811] kvm_set_msr_common: 21 callbacks suppressed [ 2468.154896][T31811] kvm [31722]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x1 19:19:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2468.204959][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x1200, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2468.260501][T31828] kvm [31722]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x1 19:19:50 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e010000]}) [ 2468.353952][T31910] binder: 31886:31910 got transaction with invalid offset (0, min 0 max 0) or object. [ 2468.419493][T31910] binder: 31886:31910 transaction failed 29201/-22, size 0-12288 line 3241 19:19:50 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800]}) [ 2468.521653][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2468.527532][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2468.537786][T32009] kvm [32005]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:50 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0040000]}) [ 2468.721150][T32113] kvm [32110]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x321001, 0x21) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f0000000080)="9d27c94252aaadca16cfc3f4ce0dd803", 0x10) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = dup2(r0, r3) getpgid(0xffffffffffffffff) ioctl$UI_BEGIN_FF_ERASE(r4, 0xc00c55ca, &(0x7f0000000000)={0x8, 0xff, 0x537d}) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, 0x0, &(0x7f0000000200)) getpgid(0xffffffffffffffff) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000240)) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x0, 0x0, 0x36, 0x0, 0x7fffffff, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, 0x0, 0x0, 0x3, 0x1ff, 0x5, 0x0, 0x0, 0x0, 0xa28, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x1, 0x0, 0xae, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x1000, 0x8, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) write$P9_RREAD(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f00000002c0)='cpuset\x00') syz_open_dev$media(&(0x7f0000000280)='/dev/media#\x00', 0x0, 0x802) lsetxattr$security_selinux(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='security.selinux\x00', &(0x7f0000000300)='system_u:object_r:adjtime_t:s0\x00', 0x1f, 0x3) dup3(r3, r1, 0x0) 19:19:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x3f00, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:51 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f0001c0]}) [ 2468.773840][T32094] kvm [32055]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2468.805502][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2468.895319][T32162] kvm [32055]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2468.922470][T32198] binder: 32191:32198 got transaction with invalid offset (0, min 0 max 0) or object. [ 2468.949124][T32198] binder: 32191:32198 transaction failed 29201/-22, size 0-12288 line 3241 [ 2468.984149][T32213] kvm [32208]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc000 19:19:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9010000]}) 19:19:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x1000000, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:51 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4900]}) 19:19:51 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200001c0]}) 19:19:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2469.346010][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2469.409487][T32374] kvm [32373]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc000 [ 2469.446655][T32445] binder: 32433:32445 got transaction with invalid offset (0, min 0 max 0) or object. [ 2469.520147][T32445] binder: 32433:32445 transaction failed 29201/-22, size 0-12288 line 3241 19:19:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x8000000, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0060000]}) 19:19:52 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6005]}) [ 2469.764427][T32573] kvm [32563]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2469.885053][T32662] kvm [32661]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x5 [ 2469.911201][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x12000000, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x221001c0]}) 19:19:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf82f0000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:52 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff020000]}) 19:19:52 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6105]}) 19:19:52 executing program 5: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) r1 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0x0, 0x2) ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffff9c, 0xc058565d, &(0x7f0000000180)={0x6, 0xf, 0x4, 0x5010000, {}, {0x2, 0xe, 0x5, 0x7ff, 0x5, 0x0, "611962e1"}, 0x1, 0x7d67eb00b8539cbb, @planes=&(0x7f0000000140)={0x6, 0xea, @fd=0xffffffffffffffff, 0x2}, 0x4}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000240)={0x6, 0xffffffffffffffff}) ppoll(&(0x7f0000000440)=[{r0, 0x80}, {r1, 0x1018}, {r2, 0x21}, {r3}, {r4, 0x100}], 0x5, &(0x7f0000000480)={0x77359400}, &(0x7f0000000500)={0x6}, 0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x2, 0x0) r5 = openat$full(0xffffffffffffff9c, 0x0, 0x181000, 0x0) r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/dlm_plock\x00', 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0xfffffffffffffe32) getpgrp(0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x2000, 0x100) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0) ioctl$VHOST_NET_SET_BACKEND(r5, 0x4008af30, &(0x7f00000004c0)={0x2}) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000200), 0x8) ioctl$BLKREPORTZONE(r6, 0xc0101282, &(0x7f0000000340)=ANY=[@ANYBLOB="0010000000000000030000000000000003000000000000003a02000000000000070000000000000009ff081f00000000000000000000000000000000000000000000000000000000000000000000000006e690372b5e4f71f50000000000000006000000000000000001ff72000000000000000000000000000000000000000000000000000000000000000000000000810000000000000015b6000000000000bd6500000000000006020800000000000000000000000000000000000000000000000000000000000000000000000000"]) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0xaf02, 0x0) r7 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r7, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) openat$cuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cuse\x00', 0x2, 0x0) write$FUSE_LK(0xffffffffffffffff, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x1a8) listen(r5, 0x0) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) r9 = accept4(r7, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r8, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r9, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x1f4, @empty}}, 0x0, 0x0, 0x5400, 0x0, 0x54}, 0x98) [ 2470.229158][ T336] binder: 335:336 got transaction with invalid offset (0, min 0 max 0) or object. [ 2470.311377][ T336] binder: 335:336 transaction failed 29201/-22, size 0-12288 line 3241 19:19:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2a1001c0]}) 19:19:52 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7005]}) 19:19:52 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff0b0000]}) 19:19:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x3f000000, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2470.699186][T30091] binder: undelivered TRANSACTION_ERROR: 29201 19:19:53 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c1001c0]}) 19:19:53 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2) pipe2(&(0x7f0000000780)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) r2 = socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f00000007c0)={r2, 0x7, 0x7, "434289123cf74efd2cd2fbeff9a20f7d30bff5021c1ff8db4ce9cfa2370bd6176c536c868f044bf7357f304029863d18b38b42337f42a660772f0fcf36338bf3272beec3ccff665fee68f3ce9835c612d0f23dd33bde26dd436df88dba399aa5c70b40e78e85a53ea233a93e2a11c1af7bac8b6abc299191557cfb4717c97582a0a6e7f7c2b2449ece552a6ed6ef5236e5b2942a024af0a8f4d85f760ba86b954549cfda5c8346b9"}) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000200)=0x2b) r3 = dup(r0) write$FUSE_INIT(r3, &(0x7f00000000c0)={0x50, 0x0, 0x5, {0x7, 0x1d, 0x8000, 0x2000, 0x3, 0x0, 0x4, 0x1}}, 0x50) getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)=0x0) write$FUSE_ATTR(r2, &(0x7f0000000040)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4}}}, 0x78) [ 2470.842867][ T688] binder: 687:688 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0xfdfdffff, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2470.939693][ T688] binder: 687:688 transaction failed 29201/-22, size 0-12288 line 3241 19:19:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7105]}) 19:19:53 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 19:19:53 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34000000]}) 19:19:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0xfffffdfd, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7205]}) [ 2471.370469][T30091] binder: undelivered TRANSACTION_ERROR: 29201 [ 2471.470861][ T1112] binder: 1108:1112 got transaction with invalid offset (0, min 0 max 0) or object. [ 2471.481675][ C0] net_ratelimit: 12 callbacks suppressed [ 2471.481685][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2471.493410][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:19:53 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000]}) 19:19:53 executing program 5: r0 = socket$packet(0x11, 0x4, 0x300) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x30040, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000001c0)={'vcan0\x00', 0x0}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000380)={{{@in6=@mcast1, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@multicast2}}, &(0x7f0000000200)=0xe8) setsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000480)={{{@in6=@remote, @in6=@dev={0xfe, 0x80, [], 0xe}, 0x4e23, 0x10001, 0x4e22, 0x6, 0x2, 0x20, 0xa0, 0x3f, r2, r3}, {0x7692, 0x0, 0x100000000, 0xfffffffface6c752, 0x9, 0x5, 0x100000001, 0x8}, {0x80000000, 0x5, 0x2, 0x20}, 0x8, 0x6e6bbb, 0x2, 0x1, 0x3}, {{@in6=@remote, 0x4d2, 0xff}, 0xa, @in6=@empty, 0x3507, 0x7, 0x3, 0x6, 0x8, 0x9, 0x1}}, 0xe8) r4 = dup(r0) syz_emit_ethernet(0x42, &(0x7f0000000640)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa0806000186dd06100000aaaaaaaaaaaafe8000000000000000000000000000aaaaaaaaaaaa00fe8000000000000000000000000000aa46e64c435366a605ee7703"], 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r4, &(0x7f00000000c0)={0x16, 0x98, 0xfa00, {&(0x7f0000000000), 0x1, r5, 0x30, 0x0, @ib={0x1b, 0x2000000, 0x6, {"2361ef664a8f4e332fdf4e8115becfff"}, 0x4, 0xd27, 0xcb3}}}, 0xa0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r7 = syz_open_dev$sndseq(&(0x7f0000000600)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r7, 0xc0a85320, &(0x7f0000068f50)={{0x80}, 'por\xff\a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\xff\xff\xff\xff\xff\xff\xff\xef\x00\x00\x03\xff\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00', 0xc3, 0x80003}) r8 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x406, 0x0) r9 = dup2(r7, r8) read(r9, &(0x7f00000000c0)=""/85, 0x200003e1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0xc) fcntl$setownex(r1, 0xf, &(0x7f0000000580)={0x2, r10}) ioctl$FIONREAD(r4, 0x541b, &(0x7f00000002c0)) [ 2471.549550][ T1112] binder: 1108:1112 transaction failed 29201/-22, size 0-12288 line 3241 19:19:53 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a000000]}) 19:19:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x100000000000000, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:54 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7401]}) 19:19:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x800000000000000, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:54 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:19:54 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b000000]}) [ 2471.970963][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2472.047197][ T1415] binder: 1414:1415 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:54 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c000000000]}) [ 2472.132985][ T1415] binder: 1414:1415 transaction failed 29201/-22, size 0-12288 line 3241 19:19:54 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000440)='stat\x00]&\x14\xd3V\x85\xd2(\xaftH\x14\x99\xa8a\xd6\x82aI+\x91\xae\v\xd6\xdf\xba\xc4\x048\xe2\xf6\x9e\xb6\xa8\xc4]\x98\xff\xdb\x93\x16w\xc3\xc8\x9by\xf4\xe3E]\xa8\xd8\xff\x9d?\xf9\xb1a\x14\x84\x05#\xb3\x8bT\xdaz\xb5\xb93\xce\xde7\x8eg\x80\x90I~\xfe\x88\xe8\xfb;e]\xff\xceJF\x1f\xb8\xefYa\xc6b*\x8a\x9c^\x9e\xd5\t\xe6+Y\x16@\x96\x15O\x00\xb1$\xfd\xd0\x92O \fr\xdb\x03\xc1\xb9\xda\xb40xffffffffffffffff}) exit(0x0) r2 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$KEYCTL_PKEY_QUERY(0x18, r2, 0x0, &(0x7f00000000c0)='}$}\x00', &(0x7f0000000180)) capset(&(0x7f0000000640)={0x20080522}, &(0x7f0000000000)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r0, 0x111, 0x3, 0x1, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r1, r0, 0x0, 0x20000000001) 19:19:54 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}) 19:19:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x1200000000000000, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:54 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7501]}) 19:19:54 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2472.477611][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:55 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1004000000000]}) [ 2472.612829][ T1702] binder: 1700:1702 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:55 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000009f]}) [ 2472.681639][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2472.687499][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2472.693503][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2472.699302][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:19:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x3f00000000000000, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:55 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7601]}) [ 2472.807532][ T1702] binder: 1700:1702 transaction failed 29201/-22, size 0-12288 line 3241 [ 2472.921699][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2472.927644][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:19:55 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000b0]}) 19:19:55 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100c000000000]}) 19:19:55 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2473.218415][T30091] binder: undelivered TRANSACTION_ERROR: 29201 [ 2473.226997][ T1925] kvm_set_msr_common: 24 callbacks suppressed [ 2473.227012][ T1925] kvm [1924]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xb000 [ 2473.307830][ T1947] binder: 1945:1947 got transaction with invalid offset (0, min 0 max 0) or object. [ 2473.403280][ T1947] binder: 1945:1947 transaction failed 29201/-22, size 0-12288 line 3241 [ 2473.561641][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2473.567581][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:19:56 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffff84}, [@ldst={0x5, 0x0, 0x0, 0x0, 0x0, 0x80ffffff}]}, 0x0}, 0x48) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x10000, 0x0) ioctl$VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000080)=0x7ff) 19:19:56 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7702]}) 19:19:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0xfdfdffff00000000, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000b7]}) 19:19:56 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000]}) 19:19:56 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2473.693929][T30091] binder: undelivered TRANSACTION_ERROR: 29201 [ 2473.793023][ T2257] binder: 2255:2257 got transaction with invalid offset (0, min 0 max 0) or object. [ 2473.831493][ T2251] kvm [2250]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x630b, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2473.834033][ T2256] kvm [2254]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xb700 [ 2473.843906][ T2257] binder: 2255:2257 transaction failed 29201/-22, size 0-12288 line 3241 19:19:56 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7900]}) [ 2474.043014][ T2471] binder: 2421:2471 ERROR: BC_REGISTER_LOOPER called without request 19:19:56 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2474.088173][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2474.106948][ T2471] binder: 2421:2471 unknown command 0 [ 2474.147573][ T2471] binder: 2421:2471 ioctl c0306201 200004c0 returned -22 19:19:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000100]}) 19:19:56 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]}) [ 2474.246718][ T2553] kvm [2547]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2474.273723][ T2612] binder: 2421:2612 ERROR: BC_REGISTER_LOOPER called without request 19:19:56 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0xfffffffffffffff9, 0x0) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt(r2, 0x400000000000003a, 0x1, &(0x7f0000261f44)=""/188, &(0x7f0000953000)=0x1ca) ioctl$UI_DEV_DESTROY(r1, 0x5502) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000000c0)={0x0, 0xac, "6cddd1bf277322f12e8d219bba32ca583dfdf494fe04c2bf63e46eb24da3645d77ee9445c353c3fc2bb978b27a16067abec01162976e9e55bd32650a969277ec76866bf01eb61147958b84e508dfa8b808df1fdacdb0d52096a056afbaaccbdc87f834455836c05932b2a6a354d000bd2ee348e45df9b48002673374e4da663900c0b7c5af5c33573c7abf6197e0ae5a3c63e155a9e08bd9000c4c53517cc43966d85bb42e1345f7eebfd856"}, &(0x7f0000000000)=0xb4) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000180)=@sack_info={r4, 0xa7, 0x1}, &(0x7f00000001c0)=0xc) ioctl$BLKTRACESTART(r3, 0x1274, 0x0) [ 2474.328946][ T2673] kvm [2655]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2474.357591][ T2696] kvm [2547]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:19:56 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2474.401791][ T2612] binder: 2421:2612 unknown command 0 [ 2474.407515][ T2612] binder: 2421:2612 ioctl c0306201 200004c0 returned -22 19:19:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x630c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2474.554894][ T2807] binder: 2796:2807 got transaction with invalid offset (0, min 0 max 0) or object. [ 2474.590319][ T2807] binder: 2796:2807 transaction failed 29201/-22, size 0-12288 line 3241 19:19:56 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a01]}) 19:19:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000108]}) 19:19:57 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000]}) 19:19:57 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vga_arbiter\x00', 0x2001, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000380)='/dev/null\x00', 0x201, 0x0) r2 = accept4$unix(r1, &(0x7f00000002c0)=@abs, &(0x7f00000003c0)=0x6e, 0x800) r3 = syz_open_dev$midi(&(0x7f0000000180)='/dev/midi#\x00', 0x80000000, 0x8000) ioctl$VIDIOC_SUBDEV_G_SELECTION(r3, 0xc040563d, &(0x7f0000000240)={0x1, 0x0, 0x1, 0x1, {0x3, 0x9, 0xffffffffffff8000, 0x1}}) accept$unix(r2, 0x0, &(0x7f0000000140)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f0000000080)=""/18) prctl$PR_GET_UNALIGN(0x5, &(0x7f00000001c0)) [ 2474.693325][ T2814] binder: 2809:2814 unknown command 0 [ 2474.738734][ T2814] binder: 2809:2814 ioctl c0306201 200004c0 returned -22 [ 2474.764425][ T2816] kvm [2815]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x800 [ 2474.811772][ T2821] kvm [2820]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x1 [ 2474.813701][ T2819] kvm [2818]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2474.834312][ T2876] binder: 2809:2876 unknown command 0 [ 2474.841758][ T2876] binder: 2809:2876 ioctl c0306201 200004c0 returned -22 19:19:57 executing program 5: getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000140), &(0x7f00000000c0)=0x60) r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x8, 0x40) ioctl$VIDIOC_G_INPUT(r0, 0x80045626, &(0x7f0000000040)) [ 2474.906399][ T2927] kvm [2820]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x1 19:19:57 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2474.950060][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:19:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x630d, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40010000]}) 19:19:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b01]}) [ 2475.070818][ T3036] binder: 3026:3036 got transaction with invalid offset (0, min 0 max 0) or object. [ 2475.153572][ T3036] binder: 3026:3036 transaction failed 29201/-22, size 0-12288 line 3241 19:19:57 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000000000]}) [ 2475.393486][ T3059] binder: 3054:3059 unknown command 0 [ 2475.399058][ T3059] binder: 3054:3059 ioctl c0306201 200004c0 returned -22 19:19:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400101c0]}) 19:19:57 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x7ffe) r0 = socket$bt_rfcomm(0x1f, 0x0, 0x3) ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f0000000000)={'nr0\x00', 0x6}) 19:19:57 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2475.475649][ T3092] binder: 3054:3092 unknown command 0 [ 2475.481011][T30091] binder: undelivered TRANSACTION_ERROR: 29201 19:19:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f04]}) [ 2475.520371][ T3092] binder: 3054:3092 ioctl c0306201 200004c0 returned -22 [ 2475.597936][ T3394] binder: 3393:3394 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40046302, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2475.665558][ T3394] binder: 3393:3394 transaction failed 29201/-22, size 0-12288 line 3241 19:19:58 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d564b00000000]}) 19:19:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x410101c0]}) 19:19:58 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004]}) 19:19:58 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2475.992522][T30091] binder: undelivered TRANSACTION_ERROR: 29201 [ 2476.006452][ T3674] binder: BC_ACQUIRE_RESULT not supported [ 2476.047279][ T3674] binder: 3497:3674 ioctl c0306201 200004c0 returned -22 [ 2476.059909][ T3720] binder: 3714:3720 got transaction with invalid offset (0, min 0 max 0) or object. [ 2476.104242][ T3753] binder: BC_ACQUIRE_RESULT not supported [ 2476.110338][ T3720] binder: 3714:3720 transaction failed 29201/-22, size 0-12288 line 3241 [ 2476.135858][ T3753] binder: 3497:3753 ioctl c0306201 200004c0 returned -22 19:19:58 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semget$private(0x0, 0x3, 0x200) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000380)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000002880)=[{&(0x7f0000000680)="7027244a93b90a1de7bfc1ed0e95876df0d074347d046d60f44959b7fdfcd5e61a703636c5ebe0773ad10ea9bc3018566824463898e81aad5629e71e5d30f2b5b68d8a497d8f19d491f51d8585f2e0eeed54220fbe69d7d01491f2edd5c5cfc90c22d5e048fcdab7e8e413dc479c7bf4b4fc86e17013aca658aade625505ebc392cac63082c42cbcd02827e2a0ad26f559ef4c1cfb60a8ee9c9b5412935bc290d54f34c4d04e06839006ac9ce34c1738b9951ffae2fa452b08d3d7e1803a1c868489e5a63f710937692c7ee58f334cccd05805c5cef9103dcd01e4ffd34e389b26498318c74651b5b86b3af64e16545f85235d33e171b4112479ede24d83d1f161b933d261eefca2c28faa27b7911f1bb07e0b836aa5253aa1a8cef07170f3f750fd807f3dcf176f31d902f17f688490364d596f2623499e2221a9f81a7a9ddd3062f7ca1055ea8b555e8b1a9272e977ce051d77cbf9c89625b1981becba833adaedc1328b3c2a8071078ec5c04467e9cca168fa01937e7f568fae5cdff21bba6fb056434b04d9c3ce5e59d84983e8a7dab117c376d3e7de357d456fc172f2f5b189afd8a5221f9b141b", 0x1aa}], 0x1}, 0x0) mount(&(0x7f0000000000), &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, &(0x7f00000001c0)) ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f00000001c0)) mount(&(0x7f0000000ac0)=ANY=[@ANYBLOB="59bcd55d0f604617327607c508dd272cb83f314629bae8b7d1cf8062f4faf14cab73fe6aec050000002efb0c5698c4fd5f4c8cceb9d40fe187840013804304111ff7c52c60080254b11061b60a4adf1b0052024521645e4017cb80205e9632b2e4b0a475b4517177743f82ca31f5c5ebf4501cf9d307d850486b6c2393cffcef08b66cefa0a65cb3"], &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='securityfs\x00', 0x100021, &(0x7f0000000480)) r2 = syz_open_dev$sndpcmc(&(0x7f0000000540)='/dev/snd/pcmC#D#c\x00', 0x3, 0x7ffff) r3 = mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000000, 0x10, r2, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000400)={r3}) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f0000000480), &(0x7f0000000580)=0x4) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000500)='/dev/rfkill\x00', 0x2000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r4, 0xc08c5334, &(0x7f00000005c0)={0x1ff, 0x3ff, 0x1, 'queue1\x00', 0x81}) fsetxattr$trusted_overlay_upper(r4, &(0x7f0000000280)='trusted.overlay.upper\x00', &(0x7f0000000b80)=ANY=[@ANYBLOB="00fb1c05c3d4ab0f9ed20a6ad0263d0058e283c2b0e5c5c9eaf9ac89aad32fe66c834dbef1ee7db7843213df388bddcb3c1c4dae92ab1e4dddb70cb31d1da22f3bea20169da8d650912abb1fb6daba"], 0x1c, 0x2) write$input_event(r4, &(0x7f0000000a80)={{0x0, 0x7530}, 0x2, 0x3, 0xfffffffffffffffd}, 0x18) accept$packet(0xffffffffffffff9c, &(0x7f0000000300)={0x11, 0x0, 0x0}, &(0x7f0000000340)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000a40)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4008}, 0xc, &(0x7f0000000a00)={&(0x7f0000000940)=@newqdisc={0x98, 0x24, 0x620, 0x70bd2c, 0x25dfdbff, {0x0, r5, {0xfff3, 0xffff}, {0xb, 0x3}, {0x0, 0xfff3}}, [@TCA_RATE={0x8, 0x5, {0x4, 0x400}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x7}, @TCA_STAB={0x1c, 0x8, [@TCA_STAB_DATA={0xc, 0x2, [0x2, 0x4, 0x57a0, 0xd360]}, @TCA_STAB_DATA={0xc, 0x2, [0x2, 0x1, 0x0]}]}, @qdisc_kind_options=@q_dsmark={{0xc, 0x1, 'dsmark\x00'}, {0x14, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x8, 0x2, 0xffffffffffffff7f}, @TCA_DSMARK_DEFAULT_INDEX={0x8, 0x2, 0x9}]}}, @TCA_RATE={0x8, 0x5, {0xfffffffffffffffd, 0x2}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x1}, @TCA_RATE={0x8, 0x5, {0x1, 0xcb1}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x7}, @TCA_RATE={0x8, 0x5, {0x3, 0xff}}]}, 0x98}, 0x1, 0x0, 0x0, 0x800}, 0x0) close(r4) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000900)={0x1d, 0x0, 0x80000000}) setxattr(&(0x7f0000000840)='./file0\x00', &(0x7f0000000440)=@known='system.posix_acl_default\x00', &(0x7f00000004c0)='proc\x00', 0x5, 0xffffffffffffffff) r6 = socket$alg(0x26, 0x5, 0x0) listen(r6, 0x100000000000080) bind$alg(r6, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0xfffffffffffffff0) close(r0) r7 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video35\x00', 0x2, 0x0) fcntl$setstatus(r1, 0x4, 0x40400) ioctl$VIDIOC_S_FMT(r7, 0xc0d05604, &(0x7f0000000080)={0x2, @pix_mp}) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f0000000880), &(0x7f00000008c0)=0x4) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000200)) 19:19:58 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) 19:19:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40046304, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:19:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000]}) 19:19:58 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8005]}) 19:19:58 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2476.456294][T30091] binder: undelivered TRANSACTION_ERROR: 29201 [ 2476.474533][ T3879] binder: 3871:3879 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 2476.557308][ T3952] binder: 3916:3952 got transaction with invalid offset (0, min 0 max 0) or object. [ 2476.603800][ T3879] binder: 3871:3879 unknown command 0 [ 2476.612359][ T3952] binder: 3916:3952 transaction failed 29201/-22, size 0-12288 line 3241 19:19:59 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x49000000]}) [ 2476.694835][ T3879] binder: 3871:3879 ioctl c0306201 200004c0 returned -22 [ 2476.718647][ T4080] binder: 3871:4080 unknown command 0 19:19:59 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}) 19:19:59 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8501]}) [ 2476.782991][ T4080] binder: 3871:4080 ioctl c0306201 200004c0 returned -22 [ 2476.841665][ C1] net_ratelimit: 8 callbacks suppressed [ 2476.841673][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2476.853155][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2476.859011][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2476.864844][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:19:59 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2476.910955][T30091] binder: undelivered TRANSACTION_ERROR: 29201 19:19:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2476.986803][ T4240] binder: 4230:4240 got transaction with invalid offset (0, min 0 max 0) or object. [ 2477.002413][ T4240] binder: 4230:4240 transaction failed 29201/-22, size 0-12288 line 3241 19:19:59 executing program 5: socket$alg(0x26, 0x5, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil) shmget(0x1, 0x4000, 0x280, &(0x7f0000ffb000/0x4000)=nil) r2 = shmget(0x3, 0x1000, 0x10, &(0x7f0000ffd000/0x1000)=nil) shmget$private(0x0, 0x1000, 0x54000042, &(0x7f0000ffb000/0x1000)=nil) shmctl$IPC_INFO(r2, 0x3, 0x0) r3 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r3, 0x12, 0x2, 0x0, 0x0) bind$rds(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="2e000000060000000000000000000000000080800000"], 0x16) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_udp_SIOCINQ(r3, 0x541b, &(0x7f0000000400)) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0xfec0) sendmsg$rds(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, &(0x7f0000000840), 0xffffffffffffff0, &(0x7f00000002c0)=[@mask_cswp={0x58, 0x114, 0x9, {{}, &(0x7f0000000e80), &(0x7f0000000ec0), 0x0, 0x0, 0x0, 0x0, 0xffffff7f}}], 0x58}, 0x0) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r1, 0x0) openat$ashmem(0xffffffffffffff9c, 0x0, 0x200, 0x0) r4 = syz_open_dev$radio(0x0, 0x2, 0x2) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r4, 0xc0605345, &(0x7f0000000200)={0x200, 0x1, {0x1, 0x1, 0x8001, 0x6, 0x20}}) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, &(0x7f0000000040)) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000080)={0x0, 0x7fff}, &(0x7f00000000c0)=0x8) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r7) openat$random(0xffffffffffffff9c, &(0x7f0000000340)='/dev/urandom\x00', 0x2000000000, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r1, 0x84, 0x79, 0x0, 0x305) ioctl$SIOCGIFHWADDR(0xffffffffffffffff, 0x8927, 0x0) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, 0x0, 0x0) [ 2477.081696][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2477.087975][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2477.099085][ T4290] binder: 4267:4290 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 2477.123839][ T4290] binder: 4267:4290 unknown command 0 19:19:59 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b564d00]}) [ 2477.148234][ T4290] binder: 4267:4290 ioctl c0306201 200004c0 returned -22 [ 2477.250176][ T4373] binder: 4267:4373 DecRefs 0 refcount change on invalid ref 0 ret -22 19:19:59 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10100c000000000]}) 19:19:59 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2477.313439][ T4373] binder: 4267:4373 unknown command 0 19:19:59 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b564d01]}) [ 2477.379180][T30091] binder: undelivered TRANSACTION_ERROR: 29201 [ 2477.397816][ T4373] binder: 4267:4373 ioctl c0306201 200004c0 returned -22 19:19:59 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8601]}) [ 2477.497477][ T4455] binder: 4454:4455 got transaction with invalid offset (0, min 0 max 0) or object. 19:19:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40086303, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2477.575739][ T4455] binder: 4454:4455 transaction failed 29201/-22, size 0-12288 line 3241 [ 2477.721616][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2477.727617][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2477.737410][ T4613] binder: 4557:4613 BC_FREE_BUFFER u0000000000000000 no match 19:20:00 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14d564b00000000]}) 19:20:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b564d02]}) [ 2477.844582][ T4613] binder: 4557:4613 unknown command 0 19:20:00 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2477.933155][ T4613] binder: 4557:4613 ioctl c0306201 200004c0 returned -22 [ 2477.958799][T31125] binder: undelivered TRANSACTION_ERROR: 29201 19:20:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8701]}) [ 2478.018230][ T4776] binder: 4557:4776 BC_FREE_BUFFER u0000000000000000 no match [ 2478.065735][ T4814] binder: 4813:4814 got transaction with invalid offset (0, min 0 max 0) or object. [ 2478.076920][ T4776] binder: 4557:4776 unknown command 0 19:20:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b564d03]}) [ 2478.111791][ T4776] binder: 4557:4776 ioctl c0306201 200004c0 returned -22 [ 2478.156013][ T4814] binder: 4813:4814 transaction failed 29201/-22, size 0-12288 line 3241 19:20:00 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r3 = gettid() r4 = getpgrp(r3) timer_delete(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000340)=r4) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0xe8bb9090d3eac778) bind$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, &(0x7f0000000140)={{0x8, 0x5, 0x8001}, 0x4, 0x44, 0x23e8, r4, 0x3, 0xfffffffffffffffb, 'syz0\x00', &(0x7f0000000080)=['bdev\\\x00', '{\x00', 'selfprocmime_type\x00'], 0x1a, [], [0x9, 0x6, 0x3ff, 0x8b9]}) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$KDDISABIO(r0, 0x4b37) sendto$inet6(r2, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x2}, 0x1c) splice(r2, 0x0, r1, 0x0, 0x1000000000000010, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) inotify_init1(0x0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) syncfs(0xffffffffffffffff) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, 0x0) write$P9_RLOPEN(0xffffffffffffffff, 0x0, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) sendto$packet(r2, &(0x7f0000000340), 0xfffffffffffffd4d, 0x57, 0x0, 0x0) 19:20:00 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}) 19:20:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x4008630a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2478.305833][ T4850] kvm_set_msr_common: 22 callbacks suppressed [ 2478.305848][ T4850] kvm [4848]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x1 [ 2478.391898][ T4904] kvm [4848]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x1 [ 2478.417393][ T4880] kvm [4867]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2478.470366][ T4896] binder: BC_ATTEMPT_ACQUIRE not supported [ 2478.482673][ T4896] binder: 4892:4896 ioctl c0306201 200004c0 returned -22 [ 2478.537054][ T5011] binder: BC_ATTEMPT_ACQUIRE not supported 19:20:00 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:01 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8705]}) [ 2478.580585][ T5011] binder: 4892:5011 ioctl c0306201 200004c0 returned -22 [ 2478.603332][T30091] binder: undelivered TRANSACTION_ERROR: 29201 19:20:01 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b564d04]}) [ 2478.709674][ T5118] binder: 5103:5118 got transaction with invalid offset (0, min 0 max 0) or object. 19:20:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40086310, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2478.771514][ T5118] binder: 5103:5118 transaction failed 29201/-22, size 0-12288 line 3241 19:20:01 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20100c000000000]}) [ 2478.851118][ T5143] kvm [5125]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x5 19:20:01 executing program 5: capset(&(0x7f0000002ffa)={0x20080522}, &(0x7f0000002000)) capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000000c0)={0x0, 0x1, 0x2, 0x0, 0x14}) [ 2478.921663][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2478.927523][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:20:01 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x580001c0]}) [ 2478.977237][ T5251] kvm [5125]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x5 [ 2478.987362][ T5257] binder: 5183:5257 BC_DEAD_BINDER_DONE 0000000000000000 not found 19:20:01 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x200000000000011, 0x3, 0x8) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', 0x0}) bind$packet(r1, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14) sendmmsg(r1, &(0x7f0000000d00), 0x400004e, 0x0) [ 2479.040806][ T5221] kvm [5209]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2479.050734][ T5257] binder: 5183:5257 unknown command 0 [ 2479.064510][ T5257] binder: 5183:5257 ioctl c0306201 200004c0 returned -22 19:20:01 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2479.141071][T31125] binder: undelivered TRANSACTION_ERROR: 29201 [ 2479.188549][ T5304] binder: 5183:5304 BC_DEAD_BINDER_DONE 0000000000000000 not found [ 2479.204660][ T5291] kvm [5290]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc000 19:20:01 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b00]}) [ 2479.247336][ T5341] binder: 5333:5341 got transaction with invalid offset (0, min 0 max 0) or object. [ 2479.267585][ T5304] binder: 5183:5304 unknown command 0 [ 2479.282582][ T5291] kvm [5290]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc000 [ 2479.312091][ T5304] binder: 5183:5304 ioctl c0306201 200004c0 returned -22 [ 2479.319850][ T5341] binder: 5333:5341 transaction failed 29201/-22, size 0-12288 line 3241 19:20:01 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24d564b00000000]}) 19:20:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x400c630e, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:01 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60050000]}) [ 2479.439301][ T5401] kvm [5400]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2479.542198][ T5526] kvm [5400]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:01 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2479.612839][ T5558] binder: 5527:5558 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 2479.622555][T31125] binder: undelivered TRANSACTION_ERROR: 29201 [ 2479.666202][ T5558] binder: 5527:5558 unknown command 0 [ 2479.695897][ T5558] binder: 5527:5558 ioctl c0306201 200004c0 returned -22 [ 2479.723888][ T5604] binder: 5600:5604 got transaction with invalid offset (0, min 0 max 0) or object. 19:20:02 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61050000]}) 19:20:02 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30001c000000000]}) [ 2479.765152][ T5618] binder: 5527:5618 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 2479.777479][ T5604] binder: 5600:5604 transaction failed 29201/-22, size 0-12288 line 3241 19:20:02 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900d]}) [ 2479.861413][ T5618] binder: 5527:5618 unknown command 0 [ 2479.895380][ T5618] binder: 5527:5618 ioctl c0306201 200004c0 returned -22 19:20:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x400c630f, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:02 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2480.108088][T31125] binder: undelivered TRANSACTION_ERROR: 29201 [ 2480.189789][ T5891] binder: 5883:5891 got transaction with invalid offset (0, min 0 max 0) or object. [ 2480.213992][ T5914] binder: 5876:5914 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 2480.241780][ T5891] binder: 5883:5891 transaction failed 29201/-22, size 0-12288 line 3241 [ 2480.252085][ T5914] binder: 5876:5914 unknown command 0 [ 2480.257559][ T5914] binder: 5876:5914 ioctl c0306201 200004c0 returned -22 19:20:02 executing program 5: preadv(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000300)=""/102, 0x66}], 0x5, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000040)=ANY=[@ANYBLOB="a721"]) r3 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x2, 0x2) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f00000000c0)={'ip6tnl0\x00', 0x2200}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) perf_event_open$cgroup(&(0x7f0000000100)={0x6, 0x70, 0x9c7c, 0x200, 0x7fffffff, 0x1, 0x0, 0x7, 0x40000, 0x8, 0xd241, 0x6, 0xffffffffffff0000, 0x3f, 0x8, 0xfffffffffffffa94, 0x1, 0xe4, 0x9, 0x0, 0x7, 0x4, 0x6c88c9d5, 0xe3a3, 0x6b, 0xf6, 0x100000001, 0x8, 0x10001, 0x9, 0x7, 0xff, 0x7, 0x2, 0x0, 0x1, 0x7, 0xffffffff, 0x0, 0x20, 0x1, @perf_config_ext={0x400, 0x100000000}, 0x0, 0xfffffffffffffff7, 0x9, 0x7, 0xa904, 0x80000001, 0x2}, r3, 0xa, r3, 0x2) 19:20:02 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70050000]}) 19:20:02 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9104]}) 19:20:02 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30100c000000000]}) [ 2480.376770][ T5973] binder: 5876:5973 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 2480.443336][ T5973] binder: 5876:5973 unknown command 0 [ 2480.505118][ T5973] binder: 5876:5973 ioctl c0306201 200004c0 returned -22 19:20:02 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2480.609528][T30091] binder: undelivered TRANSACTION_ERROR: 29201 19:20:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x71050000]}) 19:20:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40106308, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2480.725464][ T6200] binder: 6199:6200 got transaction with invalid offset (0, min 0 max 0) or object. [ 2480.792012][ T6200] binder: 6199:6200 transaction failed 29201/-22, size 0-12288 line 3241 [ 2480.822348][ T6232] binder: 6225:6232 BC_INCREFS_DONE u0000000000000000 no match 19:20:03 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e00]}) [ 2480.844927][ T6232] binder: 6225:6232 unknown command 0 [ 2480.860827][ T6232] binder: 6225:6232 ioctl c0306201 200004c0 returned -22 19:20:03 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34d564b00000000]}) 19:20:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x72050000]}) 19:20:03 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x4) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000000)=0x10044, 0x4) ioctl$VIDIOC_ENUMINPUT(r0, 0xc050561a, &(0x7f0000000080)={0xaa, "f63fc3ac570d5d5fac463b512601ddd2a96b3a4aaaa33acdc7b4ee333e669ac3", 0x2, 0x1, 0x0, 0x8b008, 0x4000400, 0x2}) [ 2481.006550][ T6306] binder: 6225:6306 BC_INCREFS_DONE u0000000000000000 no match [ 2481.069200][ T6306] binder: 6225:6306 unknown command 0 [ 2481.125774][ T6306] binder: 6225:6306 ioctl c0306201 200004c0 returned -22 19:20:03 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2481.172449][T31125] binder: undelivered TRANSACTION_ERROR: 29201 19:20:03 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa001]}) 19:20:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40106309, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2481.266754][ T6450] binder: 6446:6450 got transaction with invalid offset (0, min 0 max 0) or object. 19:20:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74010000]}) [ 2481.329292][ T6450] binder: 6446:6450 transaction failed 29201/-22, size 0-12288 line 3241 19:20:03 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40001c000000000]}) [ 2481.381365][ T6552] binder: 6550:6552 BC_ACQUIRE_DONE u0000000000000000 no match 19:20:03 executing program 5: r0 = socket(0x15, 0x80005, 0x0) r1 = add_key$user(&(0x7f0000000100)='user\x00', &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)="acf4b4abb248322857315e81e325c6a20510ca0b01899adda72eacd7dbe25876f3909f13558ee224bf22774665d103e25947af89201075bc8bdf8603fc84764799116e160e64bdaebeafa30cf580e96f320fbc498b535b59d3cc8eef7490f455d0d8d1ec7be2619eb90360a26881eb3e6dc569f4f9b01ae7f9b8c24c592284d3f82b74623a55b616c479a2cf47cd40ee09be00c503ebbdc89cdcbd33e35c423b849c0b65b9f629b55475538ee55bbfc43e077b2e36bc9110079cbe105154777eea6916564cbfecd882fa7c0f8021d984c6b83f80800bfe6b35d13ea22d2897e525bc1958", 0xe4, 0xfffffffffffffffe) r2 = request_key(&(0x7f0000000280)='ceph\x00', &(0x7f00000002c0)={'syz', 0x0}, &(0x7f0000000300)='em16.selinuxuser\x00', 0xfffffffffffffffb) r3 = request_key(&(0x7f0000000340)='syzkaller\x00', &(0x7f0000000380)={'syz', 0x2}, &(0x7f00000003c0)=':\x00', 0xfffffffffffffff9) keyctl$dh_compute(0x17, &(0x7f0000000400)={r1, r2, r3}, &(0x7f0000000440)=""/4096, 0x1000, &(0x7f0000001580)={&(0x7f0000001440)={'vmac(cast5)\x00'}, &(0x7f0000001480)="52cba15daa98bac6ad3f356f810b80efcd65f12e4535d8bb47c08d85cb7c7f2532b93b57fc2f311dc1d0017cd931d6d96ef6df045f5c193bc91026f5eee29c62e72e94ab3ebfb8f7c30e881a62635d6197e2d2a9ba8a8e68c7c9de29cbbc01474edbc51dee154a0fda4272fc2d1c1d9baa09b18b41cab02799f1bccea02936862d3f847a185ba1587f4e40509dbeaf0a23fb381adbcd7c3182682805005823e8d13915f1dc225940b5cbe347b68a5f9e90f936e27a067cebd88e695d177b0c90c82f056a8f90f76303ead7c5276a74b270c271b22b637d2b235727fd38e5e640aa1607fc6d5fddfd962b225e4084e02628a4e0fb64c6", 0xf6}) getsockopt(r0, 0x114, 0x2715, 0x0, &(0x7f000033bffc)) getsockopt$inet6_opts(r0, 0x29, 0x0, &(0x7f0000000000)=""/132, &(0x7f00000000c0)=0x84) [ 2481.489728][ T6552] binder: 6550:6552 unknown command 0 [ 2481.522029][ T6552] binder: 6550:6552 ioctl c0306201 200004c0 returned -22 [ 2481.607004][ T6712] binder: 6550:6712 BC_ACQUIRE_DONE u0000000000000000 no match 19:20:04 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00d]}) 19:20:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x75010000]}) 19:20:04 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf82f000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2481.695583][T31125] binder: undelivered TRANSACTION_ERROR: 29201 [ 2481.708406][ T6712] binder: 6550:6712 unknown command 0 [ 2481.756805][ T6712] binder: 6550:6712 ioctl c0306201 200004c0 returned -22 [ 2481.780039][ T6812] binder: 6811:6812 got transaction with invalid offset (0, min 0 max 0) or object. 19:20:04 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44d564b00000000]}) [ 2481.852108][ T6812] binder: 6811:6812 transaction failed 29201/-22, size 0-12288 line 3241 [ 2481.881655][ C0] net_ratelimit: 12 callbacks suppressed [ 2481.881665][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2481.893540][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x76010000]}) [ 2482.099666][ T7009] binder: 7007:7009 got reply transaction with no transaction stack 19:20:04 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000]}) 19:20:04 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2482.150482][ T7009] binder: 7007:7009 transaction failed 29201/-71, size 0-0 line 2899 [ 2482.179043][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:04 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x200, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000100)={0x210, r2, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0x10, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfc00000000000000}]}]}, @TIPC_NLA_NODE={0x10, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1000}]}, @TIPC_NLA_SOCK={0x3c, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x80}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1000}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1ff}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x200}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_LINK={0x74, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffffffffffc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x101}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_NET={0x3c, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xffff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7f}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}]}, @TIPC_NLA_NODE={0x34, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x20}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}]}, @TIPC_NLA_MEDIA={0xbc, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xaa6c}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x54}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8e5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffa}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x210}, 0x1, 0x0, 0x0, 0x4004800}, 0x80) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf) clone(0x0, 0x0, 0x0, 0x0, 0x0) 19:20:04 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70001c000000000]}) [ 2482.339383][ T7139] binder: 7138:7139 got transaction with invalid offset (0, min 0 max 0) or object. [ 2482.353742][ T7137] binder: 7007:7137 got reply transaction with no transaction stack [ 2482.403187][ T7139] binder: 7138:7139 transaction failed 29201/-22, size 0-12288 line 3241 [ 2482.412143][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2482.412576][ T7137] binder: 7007:7137 transaction failed 29201/-71, size 0-0 line 2899 19:20:04 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc100]}) 19:20:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x77020000]}) [ 2482.532071][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406308, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:05 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2482.693668][T31125] binder: undelivered TRANSACTION_ERROR: 29201 19:20:05 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x801004000000000]}) [ 2482.812664][ T7432] binder: 7428:7432 unknown command 1077961480 [ 2482.832298][ T7456] binder: 7455:7456 got transaction with invalid offset (0, min 0 max 0) or object. 19:20:05 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$ndb(&(0x7f00000000c0)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) io_setup(0x7, &(0x7f0000000140)=0x0) r3 = syz_open_dev$mouse(&(0x7f0000000300)='/dev/input/mouse#\x00', 0x7f, 0x100) io_cancel(r2, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x5, 0x2, r1, &(0x7f00000002c0)="3ca9cca0dfae02aacffe403b700fd42daed8407e33", 0x15, 0x80000000, 0x0, 0x1, r3}, &(0x7f0000000380)) r4 = dup3(r0, r1, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000100)) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, 0x0, 0x0) getsockopt$inet_mtu(r4, 0x0, 0xa, &(0x7f0000000080), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000240)=ANY=[@ANYBLOB="5a7de3a3ad303b108f1e47f200fe0000d2ba034a193ab0c2f6a71f766e4cb82afa66db53ca8c7501a63bc6794f35ddfc96f19b5bb3f2bf7313b406a3cf12f518a436354ccb01726479751cb2ddbd", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000000180)=0x28) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f00000001c0)={r5, 0x2}, &(0x7f0000000200)=0x8) 19:20:05 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x79000000]}) 19:20:05 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc200]}) [ 2482.858049][ T7432] binder: 7428:7432 ioctl c0306201 200004c0 returned -22 [ 2482.882316][ T7456] binder: 7455:7456 transaction failed 29201/-22, size 0-12288 line 3241 [ 2482.944650][ T7470] binder: 7428:7470 unknown command 1077961480 [ 2482.950995][ T7470] binder: 7428:7470 ioctl c0306201 200004c0 returned -22 [ 2483.081871][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2483.087753][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2483.093720][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2483.093757][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:20:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:05 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:05 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803000000000000]}) [ 2483.277793][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2483.321609][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2483.327581][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:05 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a010000]}) 19:20:05 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce00]}) [ 2483.457473][ T7837] kvm_set_msr_common: 24 callbacks suppressed [ 2483.457489][ T7837] kvm [7833]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2483.523570][ T7785] binder: 7784:7785 unknown command 1077961490 19:20:05 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc10c5541, 0xffffffffffffffff) [ 2483.570191][ T7785] binder: 7784:7785 ioctl c0306201 200004c0 returned -22 19:20:06 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2483.624220][ T7938] kvm [7887]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2483.653337][ T8047] binder: 7784:8047 unknown command 1077961490 19:20:06 executing program 5: r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000009400)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x5}, 0x1c) r1 = dup(r0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000000)=ANY=[@ANYBLOB="aa5a9c940d8e1d0c60aaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96017c6fe4e24d1fcafff87429e50b32881721afab694c3712c37ed0d96d2cc52e56ec93d13c4b03112b8feb2ba73facbbb16c30782b2c3aea1d7eb630c29a545ad6d7488c13895ec6f543bd841f7ab0"], 0x0) ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc0186419, &(0x7f0000000140)={0x3, &(0x7f00000000c0)=""/44, &(0x7f00000003c0)=[{0x3, 0xe1, 0xff, &(0x7f00000001c0)=""/225}, {0x41, 0xc1, 0xfffffffffffffff9, &(0x7f00000002c0)=""/193}, {0x4, 0x2, 0xb3, &(0x7f0000000100)=""/2}]}) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000440), &(0x7f0000000480)=0x4) ppoll(&(0x7f0000000180)=[{r0}], 0x20000000000000fc, 0x0, 0x0, 0xfffffffffffffef1) [ 2483.700178][ T8047] binder: 7784:8047 ioctl c0306201 200004c0 returned -22 [ 2483.713515][ T8055] kvm [7833]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2483.726582][ T8056] kvm [7887]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:06 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa01000000000000]}) [ 2483.763262][ T8062] binder_alloc: 8061: binder_alloc_buf size 12296 failed, no address space 19:20:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2483.869716][ T8062] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b010000]}) [ 2483.919465][ T8068] kvm [8067]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:06 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd004]}) [ 2483.961609][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2483.967563][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2483.977427][ T8062] binder: 8061:8062 transaction failed 29201/-28, size 3-12288 line 3147 [ 2484.071412][ T8158] kvm [8135]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2484.162176][T26388] binder: release 8099:8129 transaction 1343 out, still active [ 2484.198594][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2484.217130][ T8258] kvm [8174]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x4 [ 2484.227762][T26388] binder: release 8099:8273 transaction 1344 out, still active 19:20:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f040000]}) 19:20:06 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000]}) [ 2484.274249][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2484.328044][ T8385] kvm [8174]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x4 19:20:06 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2484.372976][T26388] binder: send failed reply for transaction 1343, target dead [ 2484.381081][T26388] binder: send failed reply for transaction 1344, target dead [ 2484.420504][ T8389] kvm [8388]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2484.430194][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:06 executing program 5: r0 = syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x401, 0x400000) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000380)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000400)={&(0x7f00000004c0)=ANY=[@ANYBLOB="7c000000078d0fe3506dc7d6c1e021fa189627953ba687db5a55137dfbbd14b21b925783f37bea634d880b661b8c64050000000131", @ANYRES16=r1, @ANYBLOB="040128bd7000ffdbdf25030000000800030040000000080002000300000008000400018000000800060008000000080002000000008008000300080000001400010000000000000000000000000000000001080002000500000008000200f9ffffff14000100fe880000000000000000000000000001"], 0x3}, 0x1, 0x0, 0x0, 0x440c0}, 0x40001) perf_event_open(&(0x7f000001d000)={0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = getpid() getpgid(r2) r3 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x80, 0x0) sendmsg$nl_crypto(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@upd={0xe0, 0x12, 0x2, 0x0, 0x0, {{'drbg_nopr_sha1\x00'}}}, 0xe0}, 0x1, 0x0, 0x0, 0x4}, 0x0) bind$rds(r4, &(0x7f00000003c0)={0x2, 0x4e20, @local}, 0x10) gettid() keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000180)=@chain={'key_or_keyring:', 0x0, ':chain\x00'}) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) [ 2484.466573][ T8394] binder: 8391:8394 got reply transaction with no transaction stack [ 2484.490567][ T8392] kvm [8390]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2484.506993][ T8397] binder_alloc: 8396: binder_alloc_buf size 12296 failed, no address space [ 2484.536633][ T8394] binder: 8391:8394 transaction failed 29201/-71, size 0-0 line 2899 [ 2484.571371][ T8397] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2484.591483][ T8397] binder: 8396:8397 transaction failed 29201/-28, size 4-12288 line 3147 [ 2484.596112][ T8451] binder: 8391:8451 got reply transaction with no transaction stack [ 2484.635011][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:07 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd901]}) [ 2484.644002][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:07 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000c0]}) 19:20:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:07 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x0, 0x0) ioctl$RTC_WKALM_RD(r1, 0x80287010, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000300), 0x4) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000500)={0x0, r1}) setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x15, &(0x7f0000000140)={0x2, 'bridge_slave_0\x00'}, 0x18) fchmod(r0, 0x11) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x105082) r4 = memfd_create(&(0x7f00000002c0)='\x00\x00\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x1) r5 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x200, 0x0) pwritev(r4, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x0) ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4) sendfile(r3, r3, &(0x7f00000ddff8), 0x102001400) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000200)={0x28, 0x2, 0x0, {0x2, 0x80000001, 0x100000000000}}, 0x28) r6 = dup2(r5, r2) ioctl$sock_SIOCGPGRP(r6, 0x8904, &(0x7f0000000240)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r6, 0xc1105511, &(0x7f0000000340)={{0x3, 0x7, 0x100, 0x3, 'syz1\x00', 0x1}, 0x0, 0x1, 0xdcc, r7, 0x2, 0x10001, 'syz1\x00', &(0x7f0000000280)=['\x00\x00\x00\x00\x8c\x00', '\x00\x00\x00\x00\x8c\x00'], 0xc, [], [0x10000000, 0x5, 0x0, 0x7fffffff]}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={0xffffffffffffffff}, 0x111, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r6, &(0x7f00000001c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000540), r8, 0x90de4ca6c446f9b}}, 0x18) 19:20:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000]}) 19:20:07 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2484.953271][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2484.992449][ T8724] binder: 8713:8724 got transaction to invalid handle 19:20:07 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe006]}) [ 2485.052679][ T8739] binder_alloc: 8726: binder_alloc_buf size 12296 failed, no address space 19:20:07 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80040000]}) [ 2485.118454][ T8739] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2485.183747][ T8833] binder: 8713:8833 got transaction to invalid handle 19:20:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000]}) 19:20:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:07 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:07 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80050000]}) 19:20:07 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff02]}) [ 2485.548933][ T9019] binder: 9018:9019 got transaction to invalid handle [ 2485.618432][ T9106] binder_alloc: 9086: binder_alloc_buf size 12296 failed, no address space [ 2485.641697][ T9106] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2485.685126][ T9149] binder: 9018:9149 got transaction to invalid handle 19:20:08 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x3f) setsockopt$inet6_int(r0, 0x29, 0x7, &(0x7f0000000000)=0xffffffff, 0x4) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x0, 0x0) 19:20:08 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x150001c000000000]}) 19:20:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x810000c0]}) 19:20:08 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff0b]}) 19:20:08 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:08 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f3188b070") unshare(0x400) r1 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x8, 0x0) prctl$PR_GET_DUMPABLE(0x3) ioctl$VIDIOC_G_OUTPUT(r1, 0x8004562e, &(0x7f0000000200)) [ 2486.172579][ T9386] binder_alloc: 9385: binder_alloc_buf size 12296 failed, no address space [ 2486.186624][ T9367] binder: 9284:9367 got transaction to invalid handle 19:20:08 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x170101c000000000]}) [ 2486.246755][ T9367] binder_transaction: 7 callbacks suppressed [ 2486.246776][ T9367] binder: 9284:9367 transaction failed 29201/-22, size 0-0 line 2994 [ 2486.258784][ T9386] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x820000c0]}) 19:20:08 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10040]}) [ 2486.366022][ T9386] binder: 9385:9386 transaction failed 29201/-28, size 7-12288 line 3147 [ 2486.376484][ T9450] binder: 9284:9450 got transaction to invalid handle [ 2486.421393][ T9450] binder: 9284:9450 transaction failed 29201/-22, size 0-0 line 2994 19:20:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x3f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x830000c0]}) 19:20:09 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000013c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe1bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/icmp6\x00') ioctl$VIDIOC_G_CTRL(r0, 0xc008561b, &(0x7f0000000000)={0x460, 0x101}) preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x6c00) 19:20:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b00000000000000]}) 19:20:09 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2486.714355][T14773] binder_release_work: 8 callbacks suppressed [ 2486.714363][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:20:09 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100c0]}) [ 2486.830731][ T9721] binder_alloc: 9719: binder_alloc_buf size 12304 failed, no address space [ 2486.920133][ T9721] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2486.979602][ T9720] binder: 9709:9720 got transaction to invalid handle [ 2486.985952][ T9721] binder: 9719:9721 transaction failed 29201/-28, size 10-12288 line 3147 19:20:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x840000c0]}) [ 2487.049690][ T9720] binder: 9709:9720 transaction failed 29201/-22, size 0-0 line 2994 19:20:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b0001c000000000]}) 19:20:09 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000]}) [ 2487.241635][ C1] net_ratelimit: 8 callbacks suppressed [ 2487.241650][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2487.253253][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2487.259137][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2487.264989][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2487.275310][T10043] binder: 9709:10043 got transaction to invalid handle 19:20:09 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:09 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)="4c3e37c5caed8a613d36db3a4a8df4ad96daa57a11ea5ff565073e66ab7e8d6b4e4d21835bfddc8165a3e2bd9d206945805c7d0b352d758114984be230fed7516842a6d29f2a66dcaf625e805b7793e43287e80366014ba517c6b59d", 0x5c}, {&(0x7f00000001c0)="ecaaa5a834a8664341008838ea51815622563e26f1f6df3f9f81d2b54d77b9a7ce6de27bfb127c341c653c38706ce585758bfd6a1577b3778989c880396db2e87211c2456c3996b229f95404f284607f683a33c48ee38cb32a23d1f6e809f016c53dcb3855a20e138ace9abbdb", 0x6d}], 0x2, &(0x7f0000000280)=[{0x108, 0x13b, 0x20, "390b213261139df5f2c481047876de176c1232962dd39401dd5d169b3646dc2bb3c20d924c9a91b17a271ccbb2181476a036637a4b39135de5440dfd27f385368b671d207160826ad474012259017959b403addec00e2501c532c0c0eeb44c73e2f66f535546842f70e308678f822274edc48a2a93d552199e54bf152e39fca4a79c45f3ea93c351513be7e5143391fd8e39bbe70dcf7a5f855159d120e9bd85d4f00d3544126b551a56cfd79d793208431b21412b3dfac966841aefa330689abc43701adfcbd0f143272fd0bc2c307a89f45d43966fc43188a7c64d1b004f9b86b94c81c9a9f2c3c790483a8e6699b99461"}, {0xe8, 0x88, 0x1, "bb6a5e63225761b87333fb1908cccd34ebde937a30748177f547fc9964b05fbb07814be66401320febb8da65c40c182c69697fd5c72a29e2e53a9e9a6964828c74f6e7141a22369d1222a4f294be80dd15a9b563dbb36ac6fe5181bc99f26fa366427ceb4c5749ff9fa86a50ace972eacf1cd2c4217dd63a1f25f20db48c7fc0ba935da51ed13902c2f05ec3dd7bdc8a9b4f78c6f1513d77eb6dfb7e2346b642254cbfb21e69dd87dc6b69cd57e1eaf53c8ebd0927cb544d8b417940e1d62eef1abace77095aac5dc713ca6861a615e678"}, {0x30, 0x84, 0x5, "46cd1c965aeee46d93659d66339905783fd50873882ffe376c82a5beddf8"}, {0x18, 0x10f, 0x1, "2040870143"}, {0x20, 0x100, 0x9, "2cd644e898e35f2288"}, {0x78, 0x10a, 0x7fffffff, "a28644bd6181934c8daab4bff906ab66cc3b66d37a9b6618ee2fea22517370ec8d67f41a3bdcacaef4321d48501397fb841c47aea01d5f7f56a926dd3a22a79ce6d49c2711ee77af5d73731bdd2193585f8adf2c733d6b2e09000e2015f9fd78e48b69"}], 0x2d0}, 0x40041) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") r1 = socket$inet(0x10, 0x400000000002, 0x0) sendmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="24000000180007041dfffd946f610500022881001f0000050400080008000f000400ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) [ 2487.301482][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2487.363444][T10043] binder: 9709:10043 transaction failed 29201/-22, size 0-0 line 2994 [ 2487.375311][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2487.394416][T10087] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 19:20:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x85010000]}) [ 2487.421141][T10114] binder_alloc: 10099: binder_alloc_buf size 12312 failed, no address space [ 2487.481635][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2487.487599][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2487.494149][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2487.536849][T10114] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e01000000000000]}) 19:20:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2487.599362][T10114] binder: 10099:10114 transaction failed 29201/-28, size 18-12288 line 3147 19:20:10 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000]}) 19:20:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86010000]}) [ 2487.805665][T10329] binder: 10240:10329 got transaction to invalid handle 19:20:10 executing program 5: setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000900)={0x0, @in6={{0xa, 0x0, 0x0, @mcast1}}}, 0x90) r0 = accept(0xffffffffffffff9c, &(0x7f00000048c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000004940)=0x80) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000004980)=0x407e, 0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgrp(0xffffffffffffffff) prctl$PR_CAPBSET_READ(0x17, 0x2) r2 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x12a80, 0x0) setpriority(0x0, r1, 0x10000) ioctl$PPPIOCDISCONN(r2, 0x7439) r3 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, 0x0, &(0x7f0000000280)) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', 0x0, 0x0, 0x0) setxattr$security_capability(&(0x7f0000000600)='./file0\x00', &(0x7f0000000240)='security.capability\x00', &(0x7f0000000780)=@v2, 0x14, 0x0) ioctl$EXT4_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000480)=0x20000) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, &(0x7f00000001c0)=ANY=[@ANYBLOB="1a18121270af21b565b23b3d54067470c7b6b5fcafc2585acd95df7b3530869a29dc42fa149fd1a7c74f60435fe23f017a8d795ff58e10ae50af6a05ddd49aa38bc2ca1efad25efd8711a24980454e09e80df11cbdabe35854b6c6c0ebd1774ddaceeec4690fba70563987ab1075387be7f3e3"], 0x0) ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f00000002c0)={0x10000, 0x0, &(0x7f0000ffc000/0x4000)=nil}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execve(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)=[&(0x7f00000003c0)='\xf6', &(0x7f0000000100)='security.capability\xf6', &(0x7f0000000440)='/dev/fullL'], &(0x7f0000000200)) [ 2487.847435][T10329] binder: 10240:10329 transaction failed 29201/-22, size 0-0 line 2994 19:20:10 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2487.928288][T10471] binder: 10240:10471 got transaction to invalid handle [ 2487.929899][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2488.015141][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2488.045420][T10477] binder_alloc: 10476: binder_alloc_buf size 12336 failed, no address space 19:20:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f0001c000000000]}) [ 2488.060224][T10471] binder: 10240:10471 transaction failed 29201/-22, size 0-0 line 2994 19:20:10 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000]}) 19:20:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x87010000]}) [ 2488.131610][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2488.137575][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2488.171832][T10477] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2488.217627][T10477] binder: 10476:10477 transaction failed 29201/-28, size 48-12288 line 3147 [ 2488.219804][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:10 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) getsockopt$inet_int(r0, 0x11, 0x67, &(0x7f00006ed000), &(0x7f0000000080)=0xfe22) getsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000000), &(0x7f0000000040)=0x8) getsockopt$inet_mreqsrc(r0, 0x0, 0x26, &(0x7f00000000c0)={@local, @broadcast, @local}, &(0x7f0000000100)=0xc) 19:20:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x87050000]}) [ 2488.487111][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2488.511987][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:20:10 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200001c000000000]}) 19:20:11 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000]}) [ 2488.637060][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:20:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b000000]}) 19:20:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:11 executing program 5: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x800000000008032, 0xffffffffffffffff, 0x0) perf_event_open$cgroup(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x800}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x3) rt_sigpending(&(0x7f0000000000), 0x8) r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x408200, 0x0) mq_timedsend(r0, &(0x7f0000001180)="6c55f1e34613c3a0e8f4526eee234fdcd8a50e8e973659477f9ee2b8e7cb36578b3cab6a71fa8f4e29a21e694754159586c1b32de03a2bde1584396757de7bf96ed1b0884f49531fa3cb0b0965e7bcf1904f3ccbb864ecf9fa4015bd9d25ad36ca51db3141118ea6e8197c35d422ef32fac33fdd3af952872a1a5f7786ca68f6eab61153924ee6ab0ebd1d8e6076a04d2d5597332ab3d1ab4ffe1cdacdb18da9be94763bc94c1e99da34b95b87f3fe733a", 0xb1, 0x0, &(0x7f0000000040)) ioctl$CAPI_GET_SERIAL(r0, 0xc0044308, &(0x7f00000000c0)=0xa1) mincore(&(0x7f00002a3000/0x4000)=nil, 0x4000, &(0x7f0000000180)=""/4096) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 19:20:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x221001c000000000]}) 19:20:11 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d564b]}) [ 2488.984115][T10948] kvm_set_msr_common: 26 callbacks suppressed [ 2488.984130][T10948] kvm [10939]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:11 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2489.139095][T11048] kvm [11045]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2489.260411][T11084] kvm [11046]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x4b [ 2489.280689][T11088] binder_alloc: 11072: binder_alloc_buf size 12368 failed, no address space 19:20:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900d0000]}) [ 2489.316434][T11088] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2489.326260][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2489.326316][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:20:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2a1001c000000000]}) [ 2489.431383][T11163] kvm [11162]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:11 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff]}) 19:20:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2489.633038][T11194] kvm [11174]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x91040000]}) [ 2489.729678][T11267] kvm [11266]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xff 19:20:12 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2489.894454][T11450] kvm [11266]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xff [ 2489.919744][T11458] binder_alloc: 11457: binder_alloc_buf size 12384 failed, no address space [ 2489.954179][T11458] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2489.996283][T14773] binder: release 11456:11459 transaction 1385 out, still active [ 2490.020100][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2490.045153][T14773] binder: release 11456:11489 transaction 1386 out, still active [ 2490.082621][T14773] binder: undelivered TRANSACTION_COMPLETE 19:20:12 executing program 5: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x0, 0x0) ioctl$BLKZEROOUT(r0, 0x80081272, &(0x7f0000000080)) r1 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x200, 0x1) ioctl$DRM_IOCTL_ADD_MAP(r1, 0xc0286415, &(0x7f0000000140)={&(0x7f0000fff000/0x1000)=nil, 0x8, 0x1, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2}) lsetxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x0) 19:20:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c1001c000000000]}) 19:20:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e000000]}) 19:20:12 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}) [ 2490.301021][T26388] binder: release 11579:11581 transaction 1387 out, still active [ 2490.322556][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:12 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2490.359720][T26388] binder: release 11579:11601 transaction 1388 out, still active 19:20:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2490.411139][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2490.444407][T26388] binder: send failed reply for transaction 1385, target dead 19:20:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f000040]}) [ 2490.503242][T26388] binder: send failed reply for transaction 1386, target dead [ 2490.526001][T11751] binder_alloc: 11750: binder_alloc_buf size 12392 failed, no address space [ 2490.545417][T26388] binder: send failed reply for transaction 1387, target dead [ 2490.571100][T26388] binder: send failed reply for transaction 1388, target dead [ 2490.585448][T11751] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2490.604840][T11778] kvm [11770]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x4000 19:20:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3400000000000000]}) [ 2490.651821][T14773] binder: release 11752:11764 transaction 1392 out, still active [ 2490.659820][T14773] binder: undelivered TRANSACTION_COMPLETE 19:20:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:13 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10100c0]}) 19:20:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:13 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2490.896171][T26388] binder: release 11938:11942 transaction 1394 out, still active [ 2490.898781][T11944] binder: BINDER_SET_CONTEXT_MGR already set [ 2490.967172][T11944] binder: 11943:11944 ioctl 40046207 0 returned -16 [ 2490.979842][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2491.002941][T26388] binder: send failed reply for transaction 1392, target dead 19:20:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2491.007447][T11982] binder_alloc: 11965: binder_alloc_buf size 12400 failed, no address space [ 2491.055899][T26388] binder: send failed reply for transaction 1393 to 11938:11939 [ 2491.092751][T11982] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2491.098043][T26388] binder: send failed reply for transaction 1394, target dead [ 2491.127821][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2491.154763][T26388] binder: release 12065:12092 transaction 1398 out, still active [ 2491.171978][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0010000]}) [ 2491.186066][T26388] binder: release 12065:12066 transaction 1397 out, still active [ 2491.200519][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:13 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14d564b]}) 19:20:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a00000000000000]}) [ 2491.319305][T12192] kvm [12189]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:13 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2491.374521][T26388] binder: release 12267:12275 transaction 1399 out, still active 19:20:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2491.425475][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2491.445736][T26388] binder: send failed reply for transaction 1397, target dead 19:20:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2491.492546][T26388] binder: send failed reply for transaction 1398, target dead [ 2491.556667][T26388] binder: send failed reply for transaction 1399, target dead [ 2491.567915][T12354] binder_alloc: 12340: binder_alloc_buf size 12408 failed, no address space [ 2491.592464][T26388] binder: send failed reply for transaction 1400 to 12267:12288 [ 2491.599072][T12341] binder: BINDER_SET_CONTEXT_MGR already set 19:20:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2491.614642][T12341] binder: 12339:12341 ioctl 40046207 0 returned -16 [ 2491.621740][T12354] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2491.631409][T12354] binder_transaction: 15 callbacks suppressed [ 2491.631430][T12354] binder: 12340:12354 transaction failed 29201/-28, size 116-12288 line 3147 [ 2491.652136][T26388] binder: release 12401:12403 transaction 1404 out, still active [ 2491.710072][T12420] kvm [12286]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x4b 19:20:14 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b00000000000000]}) 19:20:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00d0000]}) 19:20:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:14 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}) 19:20:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb0000040]}) 19:20:14 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:14 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001000000000000]}) [ 2492.222420][T26388] binder: send failed reply for transaction 1403, target dead [ 2492.240842][T26388] binder_release_work: 15 callbacks suppressed [ 2492.240849][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2492.281636][ C0] net_ratelimit: 12 callbacks suppressed [ 2492.281645][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2492.293471][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2492.327947][T12750] binder_alloc: 12737: binder_alloc_buf size 12384 failed, no address space [ 2492.401950][T12782] binder: BINDER_SET_CONTEXT_MGR already set [ 2492.408484][T12750] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2492.459722][T12782] binder: 12775:12782 ioctl 40046207 0 returned -16 [ 2492.486434][T12750] binder: 12737:12750 transaction failed 29201/-28, size 96-12288 line 3147 19:20:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb7000040]}) 19:20:14 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20100c0]}) 19:20:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2492.556823][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400101c000000000]}) 19:20:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2492.735133][T12966] binder: 12964:12966 transaction failed 29189/-22, size 0-0 line 2994 [ 2492.818692][T12973] binder: 12972:12973 transaction failed 29189/-22, size 96-12288 line 2994 [ 2492.870497][T12988] binder: 12964:12988 transaction failed 29189/-22, size 0-0 line 2994 [ 2492.885222][T13010] binder_alloc: 12976: binder_alloc_buf size 13056 failed, no address space [ 2492.897707][T14773] binder: undelivered TRANSACTION_ERROR: 29189 [ 2492.912831][T13010] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000000]}) 19:20:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2492.942377][T14773] binder: undelivered TRANSACTION_ERROR: 29189 [ 2492.964080][T14773] binder: undelivered TRANSACTION_ERROR: 29189 [ 2492.978727][T13010] binder: 12976:13010 transaction failed 29201/-28, size 768-12288 line 3147 19:20:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x410101c000000000]}) [ 2493.099118][T13102] binder_alloc: 12976: binder_alloc_buf size 12384 failed, no address space 19:20:15 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24d564b]}) [ 2493.141974][T13102] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2493.200233][T13102] binder: 13082:13102 transaction failed 29201/-28, size 96-12288 line 3147 19:20:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2493.290693][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2493.342138][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:20:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000080]}) 19:20:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2493.414441][T13257] binder: 13253:13257 transaction failed 29189/-22, size 0-0 line 2994 [ 2493.481669][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2493.487531][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2493.490618][T13288] binder_alloc: 13285: binder_alloc_buf size 13568 failed, no address space [ 2493.493451][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2493.493497][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2493.545091][T26388] binder: undelivered TRANSACTION_ERROR: 29189 19:20:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000]}) 19:20:15 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30001c0]}) [ 2493.618808][T13288] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2493.668084][T13314] binder_alloc: 13285: binder_alloc_buf size 12384 failed, no address space [ 2493.681620][T13288] binder: 13285:13288 transaction failed 29201/-28, size 1280-12288 line 3147 [ 2493.709133][T13314] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 12280 (num: 1 largest: 12280) [ 2493.721644][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2493.727594][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000081]}) 19:20:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2493.815674][T13314] binder: 13313:13314 transaction failed 29201/-28, size 96-12288 line 3147 [ 2493.876515][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:16 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30100c0]}) 19:20:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:16 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4900000000000000]}) [ 2494.058457][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:20:16 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000082]}) 19:20:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2494.242295][T13548] kvm_set_msr_common: 13 callbacks suppressed [ 2494.242311][T13548] kvm [13547]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x8200 [ 2494.279782][T13541] kvm [13540]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2494.290604][T13556] binder_alloc_new_buf_locked: 2 callbacks suppressed [ 2494.290718][T13556] binder_alloc: 13545: binder_alloc_buf size 12384 failed, no address space 19:20:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2494.361640][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2494.367577][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2494.428987][T13556] binder_alloc_new_buf_locked: 2 callbacks suppressed [ 2494.429004][T13556] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 12280 (num: 1 largest: 12280) 19:20:16 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34d564b]}) 19:20:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000083]}) 19:20:16 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:17 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x580001c000000000]}) [ 2494.629931][T13772] binder_alloc: 13770: binder_alloc_buf size 14080 failed, no address space [ 2494.660493][T13774] kvm [13773]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x8300 [ 2494.721667][T13772] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2494.760332][T13781] binder_alloc: 13770: binder_alloc_buf size 12384 failed, no address space [ 2494.802607][T13781] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000084]}) [ 2494.873837][T13788] kvm [13787]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:17 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40001c0]}) 19:20:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:17 executing program 5: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:17 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:17 executing program 5: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2495.222001][T14017] binder_alloc: 14015: binder_alloc_buf size 14848 failed, no address space [ 2495.252878][T13984] kvm [13916]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc0 [ 2495.271928][T14017] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000100]}) 19:20:17 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6005000000000000]}) [ 2495.410829][T14043] kvm [13916]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc0 19:20:17 executing program 5: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2495.497974][T14099] kvm [14053]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2495.514337][T14054] kvm [14046]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2495.525644][T14132] binder_alloc: 14015: binder_alloc_buf failed to map pages in userspace, no vma 19:20:17 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:18 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44d564b]}) 19:20:18 executing program 5: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2495.677776][T14202] binder_alloc: 14195: binder_alloc_buf size 16896 failed, no address space [ 2495.711704][T14202] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000101]}) [ 2495.855526][T14773] binder_thread_release: 17 callbacks suppressed [ 2495.855538][T14773] binder: release 14240:14251 transaction 1449 out, still active [ 2495.894327][T14773] binder_release_work: 19 callbacks suppressed 19:20:18 executing program 5: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2495.894333][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2495.922512][T14254] kvm [14252]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x100 [ 2495.937911][T14773] binder: release 14240:14253 transaction 1450 out, still active 19:20:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:18 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6105000000000000]}) [ 2495.970455][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2496.043100][T14366] kvm [14246]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x4b 19:20:18 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:18 executing program 5: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2496.122506][T14773] binder_send_failed_reply: 17 callbacks suppressed [ 2496.122515][T14773] binder: send failed reply for transaction 1449, target dead 19:20:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2496.164385][T14773] binder: send failed reply for transaction 1450, target dead [ 2496.220921][T14773] binder: send failed reply for transaction 1451 to 14357:14358 19:20:18 executing program 5: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2496.271007][T14420] binder_alloc: 14411: binder_alloc_buf size 20480 failed, no address space [ 2496.284487][T14773] binder: send failed reply for transaction 1452 to 14357:14367 [ 2496.322371][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2496.348886][T14773] binder: undelivered TRANSACTION_COMPLETE 19:20:18 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70001c0]}) [ 2496.369769][T14420] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000102]}) [ 2496.421162][T14773] binder: release 14447:14483 transaction 1456 out, still active 19:20:18 executing program 5: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:18 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7005000000000000]}) [ 2496.469955][T14773] binder: undelivered TRANSACTION_COMPLETE 19:20:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2496.551636][T14773] binder: release 14447:14479 transaction 1455 out, still active [ 2496.560646][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2496.666069][T14773] binder: release 14603:14609 transaction 1458 out, still active 19:20:19 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2ff8, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:19 executing program 5: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2496.711006][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2496.771008][T14773] binder: send failed reply for transaction 1455, target dead [ 2496.785222][T14657] binder_alloc: 14655: binder_alloc_buf size 24568 failed, no address space [ 2496.815573][T14773] binder: send failed reply for transaction 1456, target dead [ 2496.840474][T14657] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2496.863973][T14773] binder: send failed reply for transaction 1457 to 14603:14608 [ 2496.887090][T14773] binder: send failed reply for transaction 1458, target dead [ 2496.888087][T14657] binder_transaction: 13 callbacks suppressed [ 2496.888106][T14657] binder: 14655:14657 transaction failed 29201/-28, size 12280-12288 line 3147 [ 2496.902931][T14773] binder: undelivered TRANSACTION_COMPLETE 19:20:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 2496.925447][T14773] binder: release 14676:14719 transaction 1462 out, still active [ 2496.943658][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2496.954366][T14773] binder: release 14676:14684 transaction 1461 out, still active [ 2496.964126][T14773] binder: undelivered TRANSACTION_COMPLETE 19:20:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000103]}) [ 2497.049906][T14732] binder: 14727:14732 ioctl c0306201 0 returned -14 [ 2497.069650][T14773] binder: release 14728:14730 transaction 1463 out, still active [ 2497.090686][T14773] binder: release 14728:14741 transaction 1464 out, still active 19:20:19 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8010040]}) 19:20:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7105000000000000]}) 19:20:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 2497.306485][T14842] binder: 14840:14842 ioctl c0306201 0 returned -14 [ 2497.346227][T26388] binder: release 14843:14844 transaction 1465 out, still active 19:20:19 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2497.455845][T14773] binder: send failed reply for transaction 1461, target dead 19:20:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 2497.500933][T14773] binder: send failed reply for transaction 1462, target dead [ 2497.521804][T14948] binder: 14947:14948 transaction failed 29189/-22, size 0-0 line 2994 [ 2497.552151][T14945] binder_alloc: 14930: binder_alloc_buf size 24576 failed, no address space [ 2497.575481][T14773] binder: send failed reply for transaction 1463, target dead [ 2497.587388][T14957] binder: 14956:14957 ioctl c0306201 0 returned -14 [ 2497.593757][T14945] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2497.616799][T14773] binder: send failed reply for transaction 1464, target dead [ 2497.635333][T14945] binder: 14930:14945 transaction failed 29201/-28, size 12288-12288 line 3147 [ 2497.641654][ C1] net_ratelimit: 8 callbacks suppressed 19:20:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}) [ 2497.641663][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2497.647511][T14773] binder: send failed reply for transaction 1465, target dead [ 2497.650137][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2497.650260][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2497.659831][T14773] binder_release_work: 16 callbacks suppressed [ 2497.659838][T14773] binder: undelivered TRANSACTION_ERROR: 29189 [ 2497.663573][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:20:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2497.803005][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:20:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}) 19:20:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010000]}) [ 2497.844842][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2497.881688][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2497.887633][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:20 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8030000]}) 19:20:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7205000000000000]}) [ 2497.992716][T15071] binder_alloc: 15070: binder_alloc_buf size 30720 failed, no address space [ 2498.062374][T15071] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2498.114718][T15071] binder: 15070:15071 transaction failed 29201/-28, size 18432-12288 line 3147 19:20:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010003]}) 19:20:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:20 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7401000000000000]}) 19:20:20 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010004]}) 19:20:20 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa010000]}) [ 2498.486309][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2498.521644][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2498.527622][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}) [ 2498.594043][T15405] binder_alloc: 15404: binder_alloc_buf size 31744 failed, no address space [ 2498.710960][T15405] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2498.767733][T15405] binder: 15404:15405 transaction failed 29201/-28, size 19456-12288 line 3147 19:20:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) 19:20:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010007]}) 19:20:21 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000]}) 19:20:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7501000000000000]}) 19:20:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) 19:20:21 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2499.170890][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010015]}) [ 2499.309938][T15700] binder_alloc: 15699: binder_alloc_buf size 36864 failed, no address space 19:20:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) 19:20:21 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000]}) [ 2499.372107][T15700] binder: 15699:15700 transaction failed 29201/-28, size 24576-12288 line 3147 [ 2499.467515][T15752] kvm_set_msr_common: 13 callbacks suppressed [ 2499.467539][T15752] kvm [15747]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x1500 19:20:21 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7601000000000000]}) 19:20:21 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc001001b]}) 19:20:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2499.686701][T15847] kvm [15841]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2499.721650][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2499.727502][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:20:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2499.781785][T15880] binder: 15878:15880 transaction failed 29189/-22, size 0-8 line 2994 [ 2499.808057][T17947] binder: undelivered TRANSACTION_ERROR: 29201 [ 2499.848016][T15930] binder: 15925:15930 transaction failed 29189/-22, size 0-0 line 2994 [ 2499.865104][T26388] binder: undelivered TRANSACTION_ERROR: 29189 19:20:22 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000]}) 19:20:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2499.891263][T15907] kvm [15902]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x1b00 [ 2499.891428][T15943] binder_alloc: 15932: binder_alloc_buf size 38912 failed, no address space [ 2500.018967][T17947] binder: undelivered TRANSACTION_ERROR: 29189 [ 2500.034328][T15943] binder_alloc_new_buf_locked: 1 callbacks suppressed [ 2500.034344][T15943] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2500.071218][T15943] binder: 15932:15943 transaction failed 29201/-28, size 26624-12288 line 3147 [ 2500.080804][T15996] binder: 15995:15996 got transaction with invalid offset (0, min 0 max 0) or object. [ 2500.084478][T15997] kvm [15992]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7702000000000000]}) 19:20:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2500.116937][T15996] binder: 15995:15996 transaction failed 29201/-22, size 0-8 line 3241 [ 2500.182986][T17947] binder: undelivered TRANSACTION_ERROR: 29201 [ 2500.209311][T16044] kvm [15992]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc001001f]}) 19:20:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2500.402739][T17947] binder: undelivered TRANSACTION_ERROR: 29201 [ 2500.409977][T16202] kvm [16180]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x1f00 19:20:22 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x150001c0]}) 19:20:22 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7900000000000000]}) 19:20:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2500.553747][T16223] binder_alloc: 16218: binder_alloc_buf size 39936 failed, no address space 19:20:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2500.642323][T16223] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010020]}) 19:20:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2500.756388][T16231] kvm [16230]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc0 [ 2500.855718][T16372] kvm [16368]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x2000 19:20:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2500.904850][T26388] binder_thread_release: 20 callbacks suppressed [ 2500.904862][T26388] binder: release 16302:16450 transaction 1506 out, still active [ 2500.922694][T16463] kvm [16230]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc0 [ 2500.972064][T26388] binder_release_work: 23 callbacks suppressed [ 2500.972071][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2501.020747][T16487] binder: BINDER_SET_CONTEXT_MGR already set 19:20:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a01000000000000]}) 19:20:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010058]}) 19:20:23 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x170101c0]}) [ 2501.136936][T26388] binder_send_failed_reply: 19 callbacks suppressed [ 2501.137021][T26388] binder: send failed reply for transaction 1504, target dead [ 2501.163169][T16487] binder: 16477:16487 ioctl 40046207 0 returned -16 [ 2501.228306][T26388] binder: send failed reply for transaction 1505 to 16302:16305 19:20:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2501.288866][T26388] binder: send failed reply for transaction 1506, target dead [ 2501.309276][T16644] kvm [16643]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x5800 19:20:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2501.343589][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010117]}) [ 2501.548719][T16780] binder_alloc: 16779: binder_alloc_buf size 43520 failed, no address space [ 2501.562505][T16780] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:23 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b01000000000000]}) [ 2501.620698][T17947] binder: release 16784:16787 transaction 1515 out, still active 19:20:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2501.695064][T17947] binder: undelivered TRANSACTION_COMPLETE [ 2501.727366][T17947] binder: release 16784:16785 transaction 1514 out, still active [ 2501.773089][T17947] binder: undelivered TRANSACTION_COMPLETE 19:20:24 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b000000]}) [ 2501.839427][T26388] binder: release 16841:16842 transaction 1516 out, still active [ 2501.860143][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010140]}) 19:20:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2501.906461][T26388] binder: release 16841:16893 transaction 1518 out, still active 19:20:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf82f, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2501.985567][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2502.035807][T26388] binder: send failed reply for transaction 1514, target dead [ 2502.077425][T17016] binder_alloc: 17015: binder_alloc_buf size 75824 failed, no address space [ 2502.091999][T26388] binder: send failed reply for transaction 1515, target dead [ 2502.127308][T26388] binder: send failed reply for transaction 1516, target dead [ 2502.133644][T17016] binder_alloc: allocated: 16 (num: 2 largest: 8), free: 12272 (num: 1 largest: 12272) [ 2502.160302][T26388] binder: send failed reply for transaction 1517 to 16811:16828 [ 2502.163133][T17016] binder_transaction: 10 callbacks suppressed 19:20:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2502.163152][T17016] binder: 17015:17016 transaction failed 29201/-28, size 63535-12288 line 3147 [ 2502.208787][T26388] binder: send failed reply for transaction 1518, target dead [ 2502.252858][T26388] binder: release 17017:17018 transaction 1523 out, still active [ 2502.295570][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2502.316306][T26388] binder: release 17044:17045 transaction 1526 out, still active [ 2502.330925][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:24 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2502.340905][T26388] binder: release 17023:17026 transaction 1525 out, still active 19:20:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 2502.377703][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2502.400308][T26388] binder: release 17023:17024 transaction 1524 out, still active 19:20:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2502.440137][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2502.463424][T26388] binder: release 17132:17134 transaction 1528 out, still active [ 2502.488006][T17136] binder_alloc: 17015: binder_alloc_buf, no vma [ 2502.494768][T26388] binder: send failed reply for transaction 1520 to 17013:17014 [ 2502.521194][T26388] binder: send failed reply for transaction 1521 to 17013:17019 [ 2502.531243][T17136] binder: 17135:17136 transaction failed 29189/-3, size 0-8 line 3147 [ 2502.559105][T17139] binder_alloc: 17138: binder_alloc_buf size 3158016 failed, no address space [ 2502.567745][T26388] binder: send failed reply for transaction 1523, target dead [ 2502.593401][T17139] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2502.610903][T26388] binder: send failed reply for transaction 1524, target dead [ 2502.624574][T17139] binder: 17138:17139 transaction failed 29201/-28, size 3145728-12288 line 3147 [ 2502.642277][T26388] binder: send failed reply for transaction 1525, target dead [ 2502.667637][T26388] binder: send failed reply for transaction 1526, target dead [ 2502.681614][ C0] net_ratelimit: 12 callbacks suppressed [ 2502.681623][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2502.691640][T26388] binder: send failed reply for transaction 1527 to 17132:17133 [ 2502.693352][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2502.702302][T26388] binder_release_work: 10 callbacks suppressed [ 2502.702310][T26388] binder: undelivered TRANSACTION_ERROR: 29189 [ 2502.728528][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2502.736724][T26388] binder: undelivered TRANSACTION_ERROR: 29189 [ 2502.743652][T26388] binder: undelivered TRANSACTION_ERROR: 29189 [ 2502.750115][T26388] binder: undelivered TRANSACTION_ERROR: 29189 [ 2502.756722][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2502.763294][T26388] binder: undelivered TRANSACTION_ERROR: 29189 19:20:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f04000000000000]}) 19:20:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2502.839551][T17947] binder: undelivered TRANSACTION_ERROR: 29201 19:20:25 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b0001c0]}) 19:20:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 19:20:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010141]}) [ 2502.881319][T17245] binder: 17244:17245 transaction failed 29189/-22, size 0-0 line 2994 [ 2502.969410][T17254] binder: 17244:17254 transaction failed 29189/-22, size 0-0 line 2994 [ 2502.985507][T17248] binder: 17247:17248 got transaction with invalid offset (0, min 0 max 0) or object. [ 2502.990152][T17251] binder_alloc: 17250: binder_alloc_buf size 16789504 failed, no address space [ 2503.020684][T17947] binder: undelivered TRANSACTION_ERROR: 29189 [ 2503.042733][T17947] binder: undelivered TRANSACTION_ERROR: 29189 [ 2503.051815][T17251] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 12280 (num: 1 largest: 12280) 19:20:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2503.120531][T17248] binder: 17247:17248 transaction failed 29201/-22, size 0-8 line 3241 [ 2503.132169][T17251] binder: 17250:17251 transaction failed 29201/-28, size 16777216-12288 line 3147 19:20:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 19:20:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0011022]}) 19:20:25 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e010000]}) 19:20:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000c000000000]}) [ 2503.330177][T17393] binder: 17387:17393 got transaction with invalid offset (0, min 0 max 0) or object. 19:20:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2503.437848][T17393] binder: 17387:17393 transaction failed 29201/-22, size 0-8 line 3241 19:20:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc001102a]}) 19:20:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2503.574948][T17535] binder: 17533:17535 transaction failed 29189/-22, size 0-0 line 2994 [ 2503.609097][T17549] binder_alloc: 17540: binder_alloc_buf size 33566720 failed, no address space 19:20:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 2503.706685][T17549] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004000000000000]}) 19:20:26 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f0001c0]}) [ 2503.754422][T17549] binder: 17540:17549 transaction failed 29201/-28, size 33554432-12288 line 3147 [ 2503.764499][T17599] binder: 17598:17599 got transaction with invalid offset (0, min 0 max 0) or object. 19:20:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2503.881706][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2503.887692][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2503.893846][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2503.899654][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:20:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc001102c]}) 19:20:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8005000000000000]}) [ 2504.131935][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2504.137874][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:26 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200001c0]}) [ 2504.236967][T17829] binder_alloc: 17827: binder_alloc_buf size 50343936 failed, no address space [ 2504.304413][T17829] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1000000]}) [ 2504.436449][T17831] binder_alloc: 17827: binder_alloc_buf size 12384 failed, no address space [ 2504.496467][T17831] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:26 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x810000c000000000]}) 19:20:26 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x221001c0]}) 19:20:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2504.619882][T18013] kvm_set_msr_common: 17 callbacks suppressed [ 2504.619898][T18013] kvm [18004]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2504.723711][T18058] kvm [18056]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2504.761622][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2504.767596][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2504.813972][T18060] kvm [18057]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc0 [ 2504.844375][T18088] binder_alloc: 18074: binder_alloc_buf size 67121152 failed, no address space [ 2504.922008][T18088] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2000000]}) [ 2504.976029][T18085] binder_alloc: 18074: binder_alloc_buf size 12384 failed, no address space [ 2504.992817][T18175] kvm [18057]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc0 19:20:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:27 executing program 5 (fault-call:1 fault-nth:0): r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:27 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x820000c000000000]}) [ 2505.240618][T18273] kvm [18251]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2505.251283][T18287] FAULT_INJECTION: forcing a failure. [ 2505.251283][T18287] name failslab, interval 1, probability 0, space 0, times 0 [ 2505.314775][T18287] CPU: 1 PID: 18287 Comm: syz-executor.5 Not tainted 5.1.0-rc2 #36 [ 2505.322741][T18287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2505.332829][T18287] Call Trace: [ 2505.332865][T18287] dump_stack+0x172/0x1f0 [ 2505.332892][T18287] should_fail.cold+0xa/0x15 [ 2505.332914][T18287] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2505.332940][T18287] ? ___might_sleep+0x163/0x280 [ 2505.332973][T18287] __should_failslab+0x121/0x190 19:20:27 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2a1001c0]}) 19:20:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2505.332997][T18287] should_failslab+0x9/0x14 [ 2505.333016][T18287] kmem_cache_alloc_trace+0x2d1/0x760 [ 2505.333034][T18287] ? kasan_check_read+0x11/0x20 [ 2505.333054][T18287] ? do_raw_spin_unlock+0x57/0x270 [ 2505.333074][T18287] ? _raw_spin_unlock+0x2d/0x50 [ 2505.333100][T18287] binder_get_thread+0x1db/0x7c0 [ 2505.333124][T18287] ? __might_sleep+0x95/0x190 [ 2505.351172][T18287] binder_ioctl+0x1e5/0x183b [ 2505.351195][T18287] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2505.351217][T18287] ? binder_thread_write+0x2820/0x2820 [ 2505.351233][T18287] ? tomoyo_path_number_perm+0x263/0x520 [ 2505.351252][T18287] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2505.351268][T18287] ? __lockdep_free_key_range+0x120/0x120 [ 2505.351295][T18287] ? __fget+0x35a/0x550 [ 2505.361250][T18287] ? binder_thread_write+0x2820/0x2820 [ 2505.361274][T18287] do_vfs_ioctl+0xd6e/0x1390 [ 2505.361300][T18287] ? ioctl_preallocate+0x210/0x210 [ 2505.361317][T18287] ? __fget+0x381/0x550 [ 2505.361343][T18287] ? ksys_dup3+0x3e0/0x3e0 [ 2505.361359][T18287] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2505.361383][T18287] ? fput_many+0x12c/0x1a0 [ 2505.395675][T18287] ? tomoyo_file_ioctl+0x23/0x30 [ 2505.395695][T18287] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2505.395714][T18287] ? security_file_ioctl+0x93/0xc0 [ 2505.395737][T18287] ksys_ioctl+0xab/0xd0 [ 2505.395759][T18287] __x64_sys_ioctl+0x73/0xb0 [ 2505.395780][T18287] do_syscall_64+0x103/0x610 [ 2505.395802][T18287] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2505.395816][T18287] RIP: 0033:0x458209 [ 2505.395842][T18287] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2505.406671][T18287] RSP: 002b:00007f95c4e37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2505.406688][T18287] RAX: ffffffffffffffda RBX: 00007f95c4e37c90 RCX: 0000000000458209 [ 2505.406696][T18287] RDX: 0000000020000040 RSI: 00000000c0306201 RDI: 0000000000000003 [ 2505.406705][T18287] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2505.406714][T18287] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f95c4e386d4 [ 2505.406723][T18287] R13: 00000000004bf49a R14: 00000000004d0e80 R15: 0000000000000004 [ 2505.416689][T18293] binder_alloc: 18291: binder_alloc_buf size 83898368 failed, no address space [ 2505.490083][T18293] binder_alloc_new_buf_locked: 1 callbacks suppressed [ 2505.490108][T18293] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2505.644807][T18307] kvm [18290]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc0 [ 2505.683526][T18401] kvm [18290]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc0 19:20:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x830000c000000000]}) [ 2505.692903][T18287] binder: 18286:18287 ioctl c0306201 20000040 returned -12 19:20:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce000000]}) 19:20:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:28 executing program 5 (fault-call:1 fault-nth:1): r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2505.857090][T18431] kvm [18430]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2505.876120][T18458] kvm [18457]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2505.924753][T18492] FAULT_INJECTION: forcing a failure. [ 2505.924753][T18492] name failslab, interval 1, probability 0, space 0, times 0 [ 2505.931830][T17947] binder_thread_release: 11 callbacks suppressed [ 2505.931842][T17947] binder: release 18472:18512 transaction 1564 out, still active [ 2505.966294][T18492] CPU: 1 PID: 18492 Comm: syz-executor.5 Not tainted 5.1.0-rc2 #36 [ 2505.974264][T18492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2505.984337][T18492] Call Trace: [ 2505.984367][T18492] dump_stack+0x172/0x1f0 [ 2505.984395][T18492] should_fail.cold+0xa/0x15 [ 2505.984421][T18492] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2505.984448][T18492] ? ___might_sleep+0x163/0x280 [ 2506.007364][T18492] __should_failslab+0x121/0x190 [ 2506.012365][T18492] should_failslab+0x9/0x14 [ 2506.016919][T18492] kmem_cache_alloc_trace+0x2d1/0x760 [ 2506.022316][T18492] ? kasan_check_read+0x11/0x20 [ 2506.022337][T18492] ? do_raw_spin_unlock+0x57/0x270 [ 2506.022355][T18492] ? _raw_spin_unlock+0x2d/0x50 [ 2506.022388][T18492] binder_transaction+0x8d9/0x6690 [ 2506.022406][T18492] ? lock_downgrade+0x880/0x880 [ 2506.022422][T18492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2506.022441][T18492] ? kasan_check_read+0x11/0x20 [ 2506.022463][T18492] ? is_bpf_text_address+0xd3/0x170 [ 2506.022495][T18492] ? binder_thread_read+0x3d50/0x3d50 [ 2506.022530][T18492] ? find_held_lock+0x35/0x130 [ 2506.042594][T18492] ? __might_fault+0x12b/0x1e0 [ 2506.042622][T18492] ? lock_downgrade+0x880/0x880 [ 2506.042656][T18492] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2506.042675][T18492] ? _copy_from_user+0xdd/0x150 [ 2506.042700][T18492] binder_thread_write+0x64a/0x2820 [ 2506.042718][T18492] ? __lockdep_free_key_range+0x120/0x120 [ 2506.042745][T18492] ? binder_transaction+0x6690/0x6690 [ 2506.042761][T18492] ? __might_fault+0x12b/0x1e0 [ 2506.042804][T18492] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 19:20:28 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c1001c0]}) 19:20:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2506.042832][T18492] ? _copy_from_user+0xdd/0x150 [ 2506.066524][T17947] binder: send failed reply for transaction 1566 to 18472:18527 [ 2506.069473][T18492] binder_ioctl+0x1033/0x183b [ 2506.069502][T18492] ? binder_thread_write+0x2820/0x2820 [ 2506.069528][T18492] ? tomoyo_path_number_perm+0x263/0x520 [ 2506.069548][T18492] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2506.069564][T18492] ? __lockdep_free_key_range+0x120/0x120 [ 2506.069603][T18492] ? binder_thread_write+0x2820/0x2820 [ 2506.079235][T18492] do_vfs_ioctl+0xd6e/0x1390 [ 2506.079262][T18492] ? ioctl_preallocate+0x210/0x210 [ 2506.079279][T18492] ? __fget+0x381/0x550 [ 2506.079304][T18492] ? ksys_dup3+0x3e0/0x3e0 [ 2506.079321][T18492] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2506.079336][T18492] ? fput_many+0x12c/0x1a0 [ 2506.079359][T18492] ? tomoyo_file_ioctl+0x23/0x30 [ 2506.079375][T18492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2506.079398][T18492] ? security_file_ioctl+0x93/0xc0 [ 2506.100565][T18492] ksys_ioctl+0xab/0xd0 [ 2506.100588][T18492] __x64_sys_ioctl+0x73/0xb0 [ 2506.100609][T18492] do_syscall_64+0x103/0x610 [ 2506.100632][T18492] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2506.100646][T18492] RIP: 0033:0x458209 [ 2506.100662][T18492] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2506.100671][T18492] RSP: 002b:00007f95c4e37c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2506.100686][T18492] RAX: ffffffffffffffda RBX: 00007f95c4e37c90 RCX: 0000000000458209 [ 2506.100696][T18492] RDX: 0000000020000040 RSI: 00000000c0306201 RDI: 0000000000000003 [ 2506.100714][T18492] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2506.127953][T18492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f95c4e386d4 [ 2506.127964][T18492] R13: 00000000004bf49a R14: 00000000004d0e80 R15: 0000000000000004 [ 2506.144789][T18551] binder_alloc: 18550: binder_alloc_buf size 100675584 failed, no address space [ 2506.271762][T18551] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:28 executing program 5 (fault-call:1 fault-nth:2): r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:28 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x840000c000000000]}) [ 2506.407912][T18616] kvm [18553]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc0 19:20:29 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34000000]}) [ 2506.630562][T26388] binder: release 18567:18702 transaction 1570 out, still active [ 2506.648286][T26388] binder_release_work: 18 callbacks suppressed [ 2506.648293][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2506.693397][T26388] binder: release 18567:18568 transaction 1569 out, still active 19:20:29 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8501000000000000]}) [ 2506.747548][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2506.887003][T17947] binder: release 18826:18848 transaction 1571 out, still active [ 2506.907073][T17947] binder: undelivered TRANSACTION_COMPLETE 19:20:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0040000]}) 19:20:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2506.947012][T17947] binder_send_failed_reply: 13 callbacks suppressed [ 2506.947029][T17947] binder: send failed reply for transaction 1569, target dead [ 2506.984088][T17947] binder: send failed reply for transaction 1570, target dead [ 2507.020897][T17947] binder: send failed reply for transaction 1571, target dead 19:20:29 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a000000]}) [ 2507.061647][T17947] binder: send failed reply for transaction 1572 to 18826:18861 [ 2507.096711][T17947] binder: undelivered TRANSACTION_COMPLETE 19:20:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2507.183950][T18966] binder_transaction: 11 callbacks suppressed [ 2507.183967][T18966] binder: 18957:18966 transaction failed 29189/-22, size 0-0 line 2994 [ 2507.186529][T18961] binder_alloc: 18958: binder_alloc_buf size 117452800 failed, no address space [ 2507.249919][T18961] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2507.289728][T18978] binder_alloc: 18958: binder_alloc_buf size 12384 failed, no address space [ 2507.305451][T18961] binder: 18958:18961 transaction failed 29201/-28, size 117440512-12288 line 3147 [ 2507.318631][T18978] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2507.361687][T17947] binder: release 18957:18980 transaction 1577 out, still active [ 2507.369602][T17947] binder: undelivered TRANSACTION_COMPLETE [ 2507.375865][T18978] binder: 18970:18978 transaction failed 29201/-28, size 96-12288 line 3147 19:20:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9010000]}) 19:20:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x2, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:29 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b000000]}) [ 2507.549470][T26388] binder: release 19138:19167 transaction 1579 out, still active [ 2507.589162][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2507.614247][T26388] binder: release 19138:19139 transaction 1578 out, still active 19:20:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8601000000000000]}) [ 2507.664175][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2507.717768][T17947] binder: send failed reply for transaction 1577, target dead [ 2507.734056][T17947] binder: send failed reply for transaction 1578, target dead [ 2507.777687][T17947] binder: send failed reply for transaction 1579, target dead [ 2507.802997][T19201] binder: 19199:19201 transaction failed 29189/-22, size 0-0 line 2994 [ 2507.812593][T19203] binder_alloc: 19202: binder_alloc_buf size 167784448 failed, no address space 19:20:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0060000]}) 19:20:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2507.836672][T17947] binder_release_work: 20 callbacks suppressed [ 2507.836680][T17947] binder: undelivered TRANSACTION_ERROR: 29201 [ 2507.886513][T19203] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:30 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}) [ 2507.926946][T17947] binder: undelivered TRANSACTION_ERROR: 29189 19:20:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8701000000000000]}) [ 2507.974560][T17947] binder: undelivered TRANSACTION_COMPLETE [ 2507.984228][T19203] binder: 19202:19203 transaction failed 29201/-28, size 167772160-12288 line 3147 19:20:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2508.043059][ C1] net_ratelimit: 8 callbacks suppressed [ 2508.043067][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2508.054511][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2508.060392][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2508.066236][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:20:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5450, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2508.162367][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2508.168316][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff020000]}) [ 2508.281640][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2508.287638][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5451, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:30 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000009f]}) 19:20:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:30 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8705000000000000]}) [ 2508.423541][T17947] binder: undelivered transaction 1584, process died. [ 2508.430554][T17947] binder: undelivered transaction 1585, process died. [ 2508.432279][T19535] binder: 19534:19535 transaction failed 29189/-22, size 0-0 line 2994 [ 2508.490765][T17947] binder: undelivered transaction 1583, process died. [ 2508.530739][T19544] binder_alloc: 19543: binder_alloc_buf size 302002176 failed, no address space 19:20:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5452, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2508.549163][T17947] binder: undelivered TRANSACTION_ERROR: 29201 [ 2508.580567][T17947] binder: undelivered TRANSACTION_ERROR: 29189 [ 2508.602096][T19544] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff0b0000]}) 19:20:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2508.709946][T19544] binder: 19543:19544 transaction failed 29201/-28, size 301989888-12288 line 3147 19:20:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5460, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2508.839794][T17947] binder: release 19679:19680 transaction 1589 out, still active [ 2508.868307][T17947] binder: release 19679:19699 transaction 1590 out, still active 19:20:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b00000000000000]}) 19:20:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2508.921661][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2508.927626][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:31 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000b0]}) [ 2509.014663][T17947] binder: send failed reply for transaction 1589, target dead [ 2509.030360][T19767] binder: 19765:19767 transaction failed 29189/-22, size 0-0 line 2994 19:20:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 19:20:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2509.083967][T17947] binder: send failed reply for transaction 1590, target dead [ 2509.144359][T17947] binder: undelivered TRANSACTION_ERROR: 29201 [ 2509.162619][T19834] binder_alloc: 19819: binder_alloc_buf size 536883200 failed, no address space 19:20:31 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900d000000000000]}) [ 2509.210102][T19834] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2509.224042][T17947] binder: undelivered TRANSACTION_ERROR: 29189 [ 2509.268804][T19834] binder: 19819:19834 transaction failed 29201/-28, size 536870912-12288 line 3147 [ 2509.272756][T26388] binder: release 19765:19860 transaction 1594 out, still active 19:20:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046207, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000]}) [ 2509.484759][T20016] binder: BINDER_SET_CONTEXT_MGR already set 19:20:31 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000b7]}) [ 2509.525792][T20016] binder: 19971:20016 ioctl 40046207 20000040 returned -16 19:20:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2509.598374][T17947] binder: send failed reply for transaction 1594, target dead [ 2509.612100][T17947] binder: send failed reply for transaction 1595, target dead 19:20:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2509.650031][T17947] binder: undelivered TRANSACTION_ERROR: 29201 [ 2509.678575][T20106] binder_alloc: 20105: binder_alloc_buf size 1207971840 failed, no address space 19:20:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9104000000000000]}) 19:20:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c000000000]}) [ 2509.792182][T20106] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2509.841405][T20106] binder: 20105:20106 transaction failed 29201/-28, size 1207959552-12288 line 3147 19:20:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40049409, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2510.008500][T20122] kvm_set_msr_common: 20 callbacks suppressed [ 2510.008516][T20122] kvm [20121]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:32 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000100]}) 19:20:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1004000000000]}) [ 2510.121624][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2510.127476][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:20:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4018620d, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2510.203746][T17947] binder: undelivered TRANSACTION_ERROR: 29201 [ 2510.285731][T20316] binder_alloc: 20315: binder_alloc_buf size 1275080704 failed, no address space [ 2510.299935][T20341] binder: BINDER_SET_CONTEXT_MGR already set [ 2510.303182][T20284] kvm [20265]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:32 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e00000000000000]}) [ 2510.362740][T20316] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2510.372096][T20341] binder: 20304:20341 ioctl 4018620d 20000040 returned -16 [ 2510.384674][T20346] kvm [20265]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2510.445489][T20320] kvm [20291]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4020940d, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2510.584634][T20381] kvm [20358]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2510.598052][T20457] kvm [20291]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100c000000000]}) [ 2510.676621][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2510.808575][T20568] binder_alloc: 20564: binder_alloc_buf size 1610625024 failed, no address space 19:20:33 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000108]}) 19:20:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f00004000000000]}) [ 2510.848940][T20537] kvm [20536]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2510.884686][T20568] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2510.951694][T17947] binder_thread_release: 10 callbacks suppressed [ 2510.951706][T17947] binder: release 20569:20576 transaction 1612 out, still active 19:20:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2511.026019][T17947] binder: release 20569:20570 transaction 1611 out, still active 19:20:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2511.101382][T20595] kvm [20587]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x8 19:20:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000]}) 19:20:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2511.266667][T20795] binder_alloc: 20564: binder_alloc_buf, no vma [ 2511.276836][T20794] kvm [20784]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2511.283568][T17947] binder: send failed reply for transaction 1613 to 20769:20785 [ 2511.318010][T17947] binder: undelivered TRANSACTION_ERROR: 29201 [ 2511.329079][T20799] binder_alloc: 20798: binder_alloc_buf size 1744842752 failed, no address space 19:20:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2511.407874][T20799] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa001000000000000]}) [ 2511.519483][T26388] binder: release 20804:20809 transaction 1618 out, still active 19:20:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:33 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40010000]}) [ 2511.564684][T26388] binder: release 20804:20805 transaction 1617 out, still active 19:20:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620b, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]}) [ 2511.711251][T26388] binder: release 20932:20962 transaction 1619 out, still active 19:20:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2511.761970][T26388] binder_release_work: 18 callbacks suppressed [ 2511.761977][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2511.820281][T26388] binder: send failed reply for transaction 1620 to 20932:20976 [ 2511.866139][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2511.869614][T21019] kvm [21012]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00d000000000000]}) [ 2511.940041][T21089] binder_alloc: 21076: binder_alloc_buf size 1811951616 failed, no address space 19:20:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:34 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400101c0]}) [ 2512.035818][T21089] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000]}) 19:20:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2512.156705][T26388] binder: release 21153:21159 transaction 1625 out, still active [ 2512.231885][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2512.237878][T26388] binder: release 21153:21176 transaction 1626 out, still active [ 2512.268661][T21255] binder: 21254 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. 19:20:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2512.268676][T21255] binder: 21254:21255 ioctl c018620c 20000040 returned -22 [ 2512.331594][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0189436, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:34 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb000004000000000]}) 19:20:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2512.429614][T17947] binder_send_failed_reply: 14 callbacks suppressed [ 2512.429622][T17947] binder: send failed reply for transaction 1625, target dead [ 2512.450662][T21364] binder_transaction: 7 callbacks suppressed [ 2512.450682][T21364] binder: 21361:21364 transaction failed 29189/-22, size 0-0 line 2994 [ 2512.525515][T17947] binder: send failed reply for transaction 1626, target dead [ 2512.543887][T21372] binder_alloc: 21369: binder_alloc_buf size 1946169344 failed, no address space 19:20:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d564b00000000]}) 19:20:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc020660b, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2512.581873][T17947] binder: send failed reply for transaction 1627 to 21361:21362 [ 2512.606709][T21372] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2512.647570][T17947] binder: undelivered TRANSACTION_COMPLETE [ 2512.712328][T21372] binder: 21369:21372 transaction failed 29201/-28, size 1946157056-12288 line 3147 19:20:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x410101c0]}) [ 2512.766247][T26388] binder: release 21443:21444 transaction 1631 out, still active [ 2512.792623][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2512.845531][T26388] binder: release 21443:21482 transaction 1632 out, still active 19:20:35 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb700004000000000]}) 19:20:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffff00000000]}) [ 2512.912893][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306202, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2513.012136][T26388] binder: release 21561:21584 transaction 1633 out, still active [ 2513.020026][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2513.063988][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2513.091652][ C0] net_ratelimit: 12 callbacks suppressed [ 2513.091660][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2513.098133][T26388] binder: send failed reply for transaction 1631, target dead 19:20:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2513.103381][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2513.123637][T26388] binder: send failed reply for transaction 1632, target dead [ 2513.152023][T21605] binder_alloc: 21604: binder_alloc_buf size 2046832640 failed, no address space [ 2513.161355][T21601] binder: 21600:21601 ioctl c0306202 20000040 returned -22 [ 2513.181794][T26388] binder: send failed reply for transaction 1633, target dead [ 2513.214742][T26388] binder: send failed reply for transaction 1634, target dead [ 2513.225274][T21605] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306209, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2513.260959][T26388] binder_release_work: 9 callbacks suppressed [ 2513.260999][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2513.288541][T21605] binder: 21604:21605 transaction failed 29201/-28, size 2046820352-12288 line 3147 19:20:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000]}) [ 2513.325335][T26388] binder: undelivered TRANSACTION_COMPLETE 19:20:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:35 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000000000000]}) 19:20:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}) [ 2513.474420][T21736] binder: 21720:21736 ioctl c0306209 20000040 returned -22 19:20:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc030620a, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf82f0000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2513.658414][T21850] binder: 21849:21850 ioctl c030620a 20000040 returned -22 [ 2513.702357][T26388] binder: send failed reply for transaction 1637, target dead [ 2513.709947][T26388] binder: send failed reply for transaction 1638, target dead [ 2513.763997][T21910] binder: 21887:21910 transaction failed 29189/-22, size 0-0 line 2994 19:20:36 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x49000000]}) [ 2513.811852][T26388] binder: send failed reply for transaction 1639, target dead [ 2513.843480][T21975] binder: 21887:21975 transaction failed 29189/-22, size 0-0 line 2994 [ 2513.852192][T26388] binder: send failed reply for transaction 1640, target dead [ 2513.852324][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306225, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10100c000000000]}) [ 2513.891839][T26388] binder: undelivered TRANSACTION_ERROR: 29189 [ 2513.898273][T26388] binder: undelivered TRANSACTION_ERROR: 29189 19:20:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc100000000000000]}) [ 2514.090015][T22058] binder: 22057:22058 ioctl c0306225 20000040 returned -22 [ 2514.141729][T22060] binder_alloc: 22059: binder_alloc_buf size 4261294080 failed, no address space [ 2514.172384][T22060] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2514.214213][T22060] binder: 22059:22060 transaction failed 29201/-28, size 4261281791-12288 line 3147 19:20:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306261, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2514.281629][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2514.287489][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2514.293408][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2514.299205][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:20:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14d564b00000000]}) 19:20:36 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b564d00]}) [ 2514.401739][T22243] binder: 22213:22243 ioctl c0306261 20000040 returned -22 19:20:36 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc200000000000000]}) 19:20:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2514.521684][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2514.527705][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306263, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2514.588722][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2514.626954][T22289] binder: BINDER_SET_CONTEXT_MGR already set 19:20:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}) [ 2514.719913][T22289] binder: 22288:22289 ioctl 40046207 0 returned -16 [ 2514.738028][T22296] binder: 22295:22296 ioctl c0306263 20000040 returned -22 19:20:37 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b564d01]}) 19:20:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc030626b, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2514.898681][T22375] binder: 22298:22375 transaction failed 29189/-22, size 0-0 line 2994 19:20:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20100c000000000]}) [ 2515.006806][T22512] binder: 22298:22512 transaction failed 29189/-22, size 0-0 line 2994 [ 2515.040947][T22510] binder: 22491:22510 ioctl c030626b 20000040 returned -22 19:20:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2515.086689][T14773] binder: undelivered TRANSACTION_ERROR: 29189 [ 2515.119674][T14773] binder: undelivered TRANSACTION_ERROR: 29189 19:20:37 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce00000000000000]}) [ 2515.160643][T22522] kvm_set_msr_common: 18 callbacks suppressed [ 2515.160660][T22522] kvm [22521]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2515.176254][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2515.176322][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x61, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2515.224980][T22529] binder_alloc: 22526: binder_alloc_buf size 13510798882123776 failed, no address space 19:20:37 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b564d02]}) [ 2515.297877][T22527] kvm [22525]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2515.311352][T22529] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2515.353119][T22529] binder: 22526:22529 transaction failed 29201/-28, size 13510798882111488-12288 line 3147 19:20:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2515.415003][T22534] binder_alloc: 22526: binder_alloc_buf size 12384 failed, no address space 19:20:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24d564b00000000]}) [ 2515.460323][T22534] binder_alloc: allocated: 16 (num: 2 largest: 8), free: 12272 (num: 1 largest: 12272) [ 2515.524612][T22534] binder: 22533:22534 transaction failed 29201/-28, size 96-12288 line 3147 [ 2515.582965][T22696] kvm [22695]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2515.612546][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd004000000000000]}) 19:20:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2515.704895][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:20:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x6b, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2515.774086][T22756] binder_alloc: 22753: binder_alloc_buf size 72057594037940224 failed, no address space 19:20:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b564d03]}) [ 2515.852930][T22756] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2515.880409][T22759] binder_alloc: 22753: binder_alloc_buf size 12384 failed, no address space 19:20:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30001c000000000]}) [ 2515.942117][T22759] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2516.028819][T26388] binder_thread_release: 13 callbacks suppressed [ 2516.028830][T26388] binder: release 22804:22953 transaction 1662 out, still active [ 2516.042623][T26388] binder: release 22804:22805 transaction 1661 out, still active [ 2516.055577][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2516.065511][T22888] kvm [22887]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x3 19:20:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd901000000000000]}) [ 2516.087998][T22966] kvm [22948]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2516.182216][T22975] binder: 22973:22975 unknown command 16448 [ 2516.191858][T22977] kvm [22887]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x3 [ 2516.236042][T22975] binder: 22973:22975 ioctl c0306201 20000040 returned -22 19:20:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x3, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2516.292892][T22983] binder_alloc: 22982: binder_alloc_buf size 144115188075868160 failed, no address space 19:20:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b564d04]}) 19:20:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30100c000000000]}) [ 2516.403741][T23059] binder: 23050:23059 unknown command 64 [ 2516.405891][T22983] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2516.430676][T23059] binder: 23050:23059 ioctl c0306201 20000040 returned -22 [ 2516.501632][T14773] binder: release 22979:22988 transaction 1666 out, still active 19:20:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x4, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2516.547524][T23090] kvm [23081]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x4 19:20:39 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe006000000000000]}) [ 2516.638718][T23130] kvm [23128]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2516.671203][T26388] binder: release 23149:23151 transaction 1667 out, still active [ 2516.692017][T26388] binder: release 23149:23177 transaction 1668 out, still active [ 2516.707020][T23192] binder: 23162:23192 unknown command 0 [ 2516.712967][T23194] kvm [23081]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x4 19:20:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2516.752531][T23209] kvm [23128]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2516.766565][T23192] binder: 23162:23192 ioctl c0306201 20000040 returned -22 [ 2516.866186][T23294] binder_alloc: 23252: binder_alloc_buf size 216172782113796096 failed, no address space [ 2516.882360][T26388] binder: release 23224:23299 transaction 1671 out, still active [ 2516.906124][T26388] binder_release_work: 16 callbacks suppressed [ 2516.906130][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2516.933476][T23192] binder: 23162:23192 unknown command 0 [ 2516.939195][T23192] binder: 23162:23192 ioctl c0306201 20000040 returned -22 [ 2516.940059][T23294] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 12280 (num: 1 largest: 12280) 19:20:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:39 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff02000000000000]}) 19:20:39 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x580001c0]}) 19:20:39 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x5, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2517.139741][T14773] binder: release 23322:23361 transaction 1674 out, still active 19:20:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2517.196448][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2517.234926][T14773] binder: release 23322:23347 transaction 1673 out, still active 19:20:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34d564b00000000]}) [ 2517.280693][T23508] binder: 23486:23508 unknown command 0 [ 2517.289714][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2517.320285][T23508] binder: 23486:23508 ioctl c0306201 20000040 returned -22 [ 2517.403565][T23545] binder_alloc: 23542: binder_alloc_buf size 288230376151724032 failed, no address space [ 2517.462320][T23545] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2517.500144][T23545] binder_transaction: 8 callbacks suppressed 19:20:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:39 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x6, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:39 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff0b000000000000]}) [ 2517.500164][T23545] binder: 23542:23545 transaction failed 29201/-28, size 288230376151711744-12288 line 3147 19:20:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40001c000000000]}) [ 2517.635014][T26388] binder: release 23557:23559 transaction 1679 out, still active [ 2517.654161][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2517.690138][T26388] binder: release 23557:23580 transaction 1680 out, still active [ 2517.699876][T23582] binder: 23564:23582 unknown command 0 19:20:40 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60050000]}) 19:20:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2517.736644][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2517.770549][T23582] binder: 23564:23582 ioctl c0306201 20000040 returned -22 19:20:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2517.892229][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2517.936885][T26388] binder_send_failed_reply: 16 callbacks suppressed [ 2517.936893][T26388] binder: send failed reply for transaction 1679, target dead 19:20:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44d564b00000000]}) 19:20:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x7, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2517.983913][T26388] binder: send failed reply for transaction 1680, target dead [ 2517.990363][T23773] binder_alloc: 23756: binder_alloc_buf size 360287970189651968 failed, no address space [ 2518.028038][T26388] binder: send failed reply for transaction 1681, target dead 19:20:40 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) [ 2518.071708][T23773] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2518.113667][T23782] binder: 23780:23782 unknown command 0 [ 2518.131859][T23773] binder: 23756:23773 transaction failed 29201/-28, size 360287970189639680-12288 line 3147 19:20:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70001c000000000]}) [ 2518.177955][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2518.195883][T23782] binder: 23780:23782 ioctl c0306201 20000040 returned -22 [ 2518.203898][T14773] binder: undelivered TRANSACTION_COMPLETE 19:20:40 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61050000]}) 19:20:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2518.278440][T23782] binder: 23780:23782 unknown command 0 [ 2518.308848][T23782] binder: 23780:23782 ioctl c0306201 20000040 returned -22 19:20:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2518.431350][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2518.441621][ C1] net_ratelimit: 8 callbacks suppressed [ 2518.441631][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2518.447592][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2518.459261][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2518.465083][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:20:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2518.491727][T26388] binder: send failed reply for transaction 1684, target dead [ 2518.527964][T26388] binder: send failed reply for transaction 1685, target dead 19:20:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0xa, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2518.541907][T24007] binder_alloc: 24006: binder_alloc_buf size 432345564227579904 failed, no address space [ 2518.580497][T26388] binder: send failed reply for transaction 1686 to 23962:23966 [ 2518.591713][T24007] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2518.619003][T24007] binder: 24006:24007 transaction failed 29201/-28, size 432345564227567616-12288 line 3147 [ 2518.619340][T24011] binder: 24010:24011 got transaction with invalid data ptr [ 2518.633966][T26388] binder: send failed reply for transaction 1687, target dead [ 2518.655191][T24013] binder: 24012:24013 unknown command 0 [ 2518.663096][T26388] binder_release_work: 8 callbacks suppressed [ 2518.663104][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2518.668495][T24013] binder: 24012:24013 ioctl c0306201 20000040 returned -22 [ 2518.669581][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2518.691632][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2518.697685][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2518.704142][T24011] binder: 24010:24011 transaction failed 29201/-14, size 8-0 line 3179 [ 2518.714498][T24013] binder: 24012:24013 unknown command 0 [ 2518.720959][T24013] binder: 24012:24013 ioctl c0306201 20000040 returned -22 [ 2518.732992][T24042] binder: 24010:24042 got transaction with invalid data ptr 19:20:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x12, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2518.738717][T26388] binder: undelivered TRANSACTION_ERROR: 29189 [ 2518.745771][T24042] binder: 24010:24042 transaction failed 29201/-14, size 8-0 line 3179 [ 2518.782236][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2518.803644][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x801004000000000]}) 19:20:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2518.883001][T24120] binder: 24117:24120 unknown command 0 [ 2518.899892][T24122] binder: 24121:24122 got transaction with invalid data ptr [ 2518.921007][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:41 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}) 19:20:41 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70050000]}) [ 2518.971726][T24120] binder: 24117:24120 ioctl c0306201 20000040 returned -22 [ 2519.007643][T24122] binder: 24121:24122 transaction failed 29201/-14, size 18-0 line 3179 [ 2519.043752][T24120] binder: 24117:24120 unknown command 0 [ 2519.057529][T24134] binder_alloc: 24132: binder_alloc_buf size 504403158265507840 failed, no address space [ 2519.121953][T24134] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2519.135219][T24120] binder: 24117:24120 ioctl c0306201 20000040 returned -22 [ 2519.139679][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2519.167529][T24135] binder: 24121:24135 got transaction with invalid data ptr [ 2519.178754][T24134] binder: 24132:24134 transaction failed 29201/-28, size 504403158265495552-12288 line 3147 19:20:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803000000000000]}) [ 2519.213875][T24135] binder: 24121:24135 transaction failed 29201/-14, size 18-0 line 3179 19:20:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x48, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2519.269329][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:20:41 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x71050000]}) [ 2519.331597][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2519.337516][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:41 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) [ 2519.521056][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:20:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x4c, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2519.585612][T24357] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa01000000000000]}) [ 2519.671806][T24357] binder: 24356:24357 transaction failed 29201/-28, size 720575940379279360-12288 line 3147 [ 2519.682412][T24354] binder: 24352:24354 got transaction with invalid data ptr [ 2519.690092][T24354] binder: 24352:24354 transaction failed 29201/-14, size 4608-0 line 3179 19:20:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x60, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x72050000]}) [ 2519.785232][T24448] binder: 24352:24448 got transaction with invalid data ptr [ 2519.874041][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2519.887897][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:20:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x68, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:42 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:42 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc]}) 19:20:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000]}) [ 2520.107249][T24587] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2520.168800][T24586] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74010000]}) 19:20:42 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2520.258003][T24594] kvm_set_msr_common: 15 callbacks suppressed [ 2520.258027][T24594] kvm [24592]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x6c, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2520.355920][T24768] binder_alloc_new_buf_locked: 4 callbacks suppressed [ 2520.355933][T24768] binder_alloc: 24584: binder_alloc_buf size 16777216 failed, no address space 19:20:42 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2520.474985][T24805] kvm [24782]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2520.497995][T24808] binder_alloc: 24807: binder_alloc_buf size 2305843009213706240 failed, no address space 19:20:42 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}) 19:20:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x74, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2520.521672][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2520.527984][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:20:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100000000000000]}) [ 2520.591010][T24809] binder_alloc: 24807: binder_alloc_buf size 16777216 failed, no address space [ 2520.607166][T24815] kvm [24782]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2520.670519][T24814] kvm [24812]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x10 19:20:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2520.770067][T24885] kvm [24859]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x7a, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2520.842653][T25008] binder_alloc: 24807: binder_alloc_buf size 134217728 failed, no address space 19:20:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x75010000]}) 19:20:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11]}) [ 2520.914508][T25026] binder_alloc: 24807: binder_alloc_buf size 134217728 failed, no address space 19:20:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000]}) 19:20:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x300, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2521.026265][T25036] binder_alloc: 25035: binder_alloc_buf size 5188146770730823680 failed, no address space [ 2521.047786][T25026] binder_alloc_new_buf_locked: 5 callbacks suppressed [ 2521.047802][T25026] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:43 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2521.158215][T25036] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2521.183576][T25046] kvm [25045]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x500, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2521.273011][T25082] binder_alloc: 25035: binder_alloc_buf size 301989888 failed, no address space [ 2521.286279][T25151] kvm [25045]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x76010000]}) [ 2521.334625][T25082] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2521.454038][T25256] binder_alloc: 25035: binder_alloc_buf, no vma 19:20:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x150001c000000000]}) 19:20:43 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12]}) 19:20:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x600, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2521.540111][T25261] binder_alloc: 25260: binder_alloc_buf size 5476377146882535424 failed, no address space [ 2521.701190][T25261] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2521.727789][T25269] kvm [25268]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x12 19:20:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x700, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x77020000]}) 19:20:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x170101c000000000]}) [ 2521.979718][T25441] binder_alloc: 25260: binder_alloc_buf size 1056964608 failed, no address space 19:20:44 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2522.076398][T25442] kvm [25357]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2522.090259][T25474] kvm [25472]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2522.091736][T25441] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2522.151135][T25488] binder_alloc: 25487: binder_alloc_buf size 6917529027641094144 failed, no address space 19:20:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0xa00, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2522.192223][T25488] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:44 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b]}) [ 2522.332441][T25492] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x1200, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x79000000]}) 19:20:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b00000000000000]}) 19:20:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x2000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2522.723493][T25715] binder_transaction: 16 callbacks suppressed [ 2522.723520][T25715] binder: 25712:25715 transaction failed 29189/-22, size 4261281791-0 line 2994 19:20:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34]}) [ 2522.786822][T25717] binder: 25712:25717 transaction failed 29189/-22, size 4261281791-0 line 2994 19:20:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b0001c000000000]}) [ 2522.859003][T25722] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a010000]}) [ 2522.975103][T25722] binder: 25720:25722 transaction failed 29201/-28, size 7493989779944505344-12288 line 3147 19:20:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x3060, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2523.216382][T25889] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2523.251837][T25889] binder: 25804:25889 transaction failed 29201/-28, size 4294966781-0 line 3147 19:20:45 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a]}) 19:20:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x3f00, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2523.305056][T25942] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e01000000000000]}) [ 2523.418758][T25942] binder: 25804:25942 transaction failed 29201/-28, size 4294966781-0 line 3147 19:20:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b010000]}) [ 2523.481634][ C0] net_ratelimit: 12 callbacks suppressed [ 2523.481643][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2523.493393][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f0001c000000000]}) 19:20:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x4000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2523.615313][T25981] binder: 25964:25981 transaction failed 29201/-28, size 7782220156096217088-12288 line 3147 [ 2523.801245][T26094] binder: 26071:26094 transaction failed 29201/-28, size 72057594037927936-0 line 3147 19:20:46 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b]}) [ 2523.917994][T26171] binder: 26071:26171 transaction failed 29201/-28, size 72057594037927936-0 line 3147 19:20:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x4800, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:46 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f040000]}) [ 2523.964500][T26388] binder_release_work: 21 callbacks suppressed [ 2523.964519][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x4c00, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2524.069504][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2524.138434][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2524.142502][T26239] binder: 26238:26239 transaction failed 29201/-28, size 8358680908399640576-12288 line 3147 19:20:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200001c000000000]}) [ 2524.299855][T26291] binder: 26279:26291 transaction failed 29201/-28, size 576460752303423488-0 line 3147 19:20:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x6000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:46 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000c0]}) [ 2524.439452][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:46 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2524.503378][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:46 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}) 19:20:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x6030, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2524.586501][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2524.681614][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2524.687543][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2524.693483][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2524.699283][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:20:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x6800, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x221001c000000000]}) [ 2524.792923][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2524.843121][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:47 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80040000]}) [ 2524.921623][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2524.927567][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:47 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x49]}) [ 2524.990456][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:20:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x6c00, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2525.132476][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:20:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2a1001c000000000]}) 19:20:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x7400, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:47 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf82f000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2525.389625][T26808] kvm_set_msr_common: 10 callbacks suppressed [ 2525.389640][T26808] kvm [26795]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:47 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80050000]}) 19:20:47 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x79]}) 19:20:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x7a00, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2525.554955][T26862] binder_alloc_new_buf_locked: 15 callbacks suppressed [ 2525.554967][T26862] binder_alloc: 26861: binder_alloc_buf size -563231428398010368 failed, no address space [ 2525.571629][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2525.578241][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2525.683157][T26867] kvm [26866]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x79 [ 2525.713369][T26872] binder: 26868:26872 got transaction with invalid offsets ptr 19:20:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x1000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2525.736145][T26873] kvm [26864]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c1001c000000000]}) [ 2525.783077][T26932] binder: 26868:26932 got transaction with invalid offsets ptr [ 2525.826454][T26945] kvm [26864]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2525.921233][T26983] kvm [26974]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x2000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:48 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b]}) 19:20:48 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x810000c0]}) [ 2526.093394][T27096] binder_alloc: 27092: binder_alloc_buf size -144678142324232192 failed, no address space 19:20:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3400000000000000]}) [ 2526.181326][T27096] binder_alloc_new_buf_locked: 12 callbacks suppressed [ 2526.181343][T27096] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x3000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2526.242054][T27101] binder: 27094:27101 got transaction with invalid offsets ptr [ 2526.299720][T27161] binder: 27094:27161 got transaction with invalid offsets ptr [ 2526.311097][T27104] kvm [27102]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc0 [ 2526.320535][T27133] kvm [27113]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:48 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x4000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:48 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2526.470880][T27316] kvm [27102]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc0 19:20:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a00000000000000]}) 19:20:48 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e]}) [ 2526.663863][T27330] binder_alloc: 27326: binder_alloc_buf size -4294955008 failed, no address space 19:20:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x5000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2526.719071][T27332] kvm [27331]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2526.733936][T27330] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x820000c0]}) 19:20:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0]}) 19:20:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b00000000000000]}) [ 2526.983270][T27495] binder_alloc: 27326: binder_alloc_buf size 16128 failed, no address space [ 2527.015573][T27493] kvm [27492]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xc0 19:20:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x6000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2527.050192][T27495] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2527.190990][T27574] binder: 27572:27574 got transaction with invalid offset (0, min 0 max 0) or object. 19:20:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x7000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x830000c0]}) 19:20:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001000000000000]}) 19:20:49 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1]}) [ 2527.413490][T27701] binder_alloc: 27572: binder_alloc_buf size 16777216 failed, no address space 19:20:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0xa000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2527.482033][T27701] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2527.539860][T27778] binder_alloc: 27572: binder_alloc_buf size 16777216 failed, no address space 19:20:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2527.607006][T27778] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x12000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:50 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x840000c0]}) 19:20:50 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400101c000000000]}) [ 2527.889864][T27932] binder_transaction: 22 callbacks suppressed [ 2527.889882][T27932] binder: 27926:27932 transaction failed 29189/-22, size 0-134217728 line 2994 19:20:50 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2]}) 19:20:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x20000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2527.982441][T27998] binder: 27926:27998 transaction failed 29189/-22, size 0-134217728 line 2994 19:20:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x3f000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:50 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x410101c000000000]}) 19:20:50 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x85010000]}) [ 2528.279429][T28103] binder: 28102:28103 got transaction with invalid offsets size, 99 [ 2528.297412][T28111] binder_alloc: 28102: binder_alloc_buf size 301989888 failed, no address space [ 2528.370423][T28111] binder_alloc: allocated: 104 (num: 1 largest: 104), free: 12184 (num: 1 largest: 12184) 19:20:50 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce]}) 19:20:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x40000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2528.442771][T28103] binder: 28102:28103 transaction failed 29201/-22, size 0-99 line 3201 [ 2528.452061][T28111] binder: 28104:28111 transaction failed 29201/-28, size 0-301989888 line 3147 19:20:50 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000]}) [ 2528.543577][T28143] binder_alloc: 28102: binder_alloc_buf size 301989888 failed, no address space [ 2528.601823][T28143] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2528.611676][T28143] binder: 28104:28143 transaction failed 29201/-28, size 0-301989888 line 3147 19:20:51 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86010000]}) 19:20:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x48000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10a]}) [ 2528.841639][ C1] net_ratelimit: 8 callbacks suppressed [ 2528.841648][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2528.853121][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2528.859017][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2528.859065][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:20:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x4c000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2529.048167][T28366] binder: 28364:28366 got transaction with invalid offset (0, min 0 max 0) or object. [ 2529.054776][T28365] binder_alloc: 28364: binder_alloc_buf size 1056964608 failed, no address space [ 2529.081608][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2529.087608][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:51 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x87010000]}) 19:20:51 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4900000000000000]}) 19:20:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x60000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2529.156704][T28365] binder_alloc: allocated: 2560 (num: 1 largest: 2560), free: 9728 (num: 1 largest: 9728) [ 2529.173030][T28365] binder: 28363:28365 transaction failed 29201/-28, size 0-1056964608 line 3147 [ 2529.173045][T28366] binder: 28364:28366 transaction failed 29201/-22, size 0-2560 line 3241 [ 2529.329575][T28580] binder_alloc: 28364: binder_alloc_buf size 1056964608 failed, no address space 19:20:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x60300000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11e]}) [ 2529.375058][T14773] binder_release_work: 22 callbacks suppressed [ 2529.375067][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:20:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:51 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x580001c000000000]}) [ 2529.468950][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2529.517186][T28580] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:52 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x87050000]}) [ 2529.614855][T28661] binder: 28659:28661 got transaction with invalid offset (0, min 0 max 0) or object. 19:20:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x68000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2529.688938][T28661] binder: 28659:28661 transaction failed 29201/-22, size 0-8192 line 3241 [ 2529.706352][T28580] binder: 28363:28580 transaction failed 29201/-28, size 0-1056964608 line 3147 [ 2529.721668][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2529.727583][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6005000000000000]}) 19:20:52 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x140]}) [ 2529.762609][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x6c000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2530.038926][T28892] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2300, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:52 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x174]}) 19:20:52 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b000000]}) [ 2530.123039][T28892] binder: 28819:28892 transaction failed 29201/-28, size 0-4261281791 line 3147 [ 2530.133778][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:52 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6105000000000000]}) [ 2530.208766][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x74000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2530.254479][T26388] binder: undelivered TRANSACTION_ERROR: 29189 [ 2530.281329][T28930] binder: 28925:28930 got transaction with invalid offset (0, min 0 max 0) or object. 19:20:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x7a000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:52 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x175]}) 19:20:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2530.498559][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2530.520448][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:20:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900d0000]}) 19:20:53 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7005000000000000]}) [ 2530.593968][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2530.622972][T29150] binder: 29149:29150 got transaction with invalid offset (0, min 0 max 0) or object. 19:20:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:53 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0xfdfdffff, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2530.837187][T29168] kvm_set_msr_common: 19 callbacks suppressed [ 2530.837206][T29168] kvm [29165]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2530.874735][T29298] binder_alloc_new_buf_locked: 3 callbacks suppressed [ 2530.874775][T29298] binder_alloc: 29149: binder_alloc_buf size 72057594037927936 failed, no address space 19:20:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:53 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0xfffffdfd, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:53 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7105000000000000]}) [ 2530.921623][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2530.927457][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2530.947482][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2531.027851][T29370] binder: 29369:29370 got transaction with invalid offset (0, min 0 max 0) or object. [ 2531.054989][T29374] kvm [29165]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2531.061332][T29375] binder_alloc: 29369: binder_alloc_buf size 72057594037927936 failed, no address space 19:20:53 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x176]}) [ 2531.109264][T29372] kvm [29371]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:53 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x100000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2531.204959][T29380] kvm [29379]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x76 19:20:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x91040000]}) 19:20:53 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7205000000000000]}) [ 2531.372944][T29508] binder_alloc: 29369: binder_alloc_buf size 576460752303423488 failed, no address space [ 2531.421886][T29508] binder_alloc_new_buf_locked: 4 callbacks suppressed [ 2531.421904][T29508] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:53 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x200000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2531.523791][T29594] kvm [29591]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:53 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17a]}) [ 2531.570752][T29598] binder: 29597:29598 got transaction with invalid offset (0, min 0 max 0) or object. [ 2531.593826][T29599] binder_alloc: 29597: binder_alloc_buf size 576460752303423488 failed, no address space 19:20:54 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e000000]}) [ 2531.683209][T29599] binder_alloc: allocated: 12032 (num: 1 largest: 12032), free: 256 (num: 1 largest: 256) 19:20:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x300000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2531.768122][T29606] kvm [29605]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x7a 19:20:54 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7401000000000000]}) 19:20:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2531.859816][T29626] kvm [29607]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2531.930985][T29737] binder_alloc: 29597: binder_alloc_buf size 1297036692682702848 failed, no address space [ 2531.973181][T29762] kvm [29607]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2531.993527][T29737] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2531.998537][T29751] kvm [29733]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:54 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3002, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2532.048161][T29818] binder_alloc: 29597: binder_alloc_buf size 1297036692682702848 failed, no address space 19:20:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x400000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2532.128275][T29818] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2532.167104][T29826] binder_alloc: 29825: binder_alloc_buf size 12296 failed, no address space 19:20:54 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f000040]}) 19:20:54 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17b]}) 19:20:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:20:54 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7501000000000000]}) [ 2532.272280][T29826] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x500000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2532.406454][T29843] binder_alloc: 29825: binder_alloc_buf size 4539628424389459968 failed, no address space [ 2532.461827][T29843] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:54 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0010000]}) [ 2532.515592][T29911] kvm [29848]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2532.543684][T29976] binder_alloc: 29825: binder_alloc_buf size 4539628424389459968 failed, no address space [ 2532.601853][T29976] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:55 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3003, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x600000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:55 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x185]}) [ 2532.757619][T30053] binder_alloc: 30052: binder_alloc_buf size 12296 failed, no address space 19:20:55 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7601000000000000]}) 19:20:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2532.840941][T30053] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2532.911289][T30053] binder_transaction: 16 callbacks suppressed [ 2532.911308][T30053] binder: 30052:30053 transaction failed 29201/-28, size 0-12291 line 3147 19:20:55 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00d0000]}) [ 2532.953319][T30108] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2532.988923][T30108] binder: 30106:30108 transaction failed 29201/-28, size 0--144678142324244480 line 3147 19:20:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x700000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:55 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x186]}) [ 2533.072672][T30210] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:55 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7702000000000000]}) [ 2533.148650][T30210] binder: 30106:30210 transaction failed 29201/-28, size 0--144678142324244480 line 3147 19:20:55 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3004, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0xa00000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x8, 0x0, 0x0}) [ 2533.359745][T30317] binder: 30315:30317 transaction failed 29201/-28, size 0-12292 line 3147 [ 2533.425064][T30353] binder: 30346:30353 ioctl c0306201 200004c0 returned -14 19:20:55 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb0000040]}) 19:20:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x1200000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2533.508769][T30421] binder: 30346:30421 ioctl c0306201 200004c0 returned -14 [ 2533.609797][T14773] binder_thread_release: 4 callbacks suppressed [ 2533.609809][T14773] binder: release 30346:30421 transaction 1802 out, still active 19:20:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x12, 0x0, 0x0}) [ 2533.672842][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2533.678868][T14773] binder: release 30346:30353 transaction 1801 out, still active 19:20:56 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3005, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7900000000000000]}) 19:20:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x2000000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2533.738067][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2533.762628][T26388] binder: send failed reply for transaction 1801, target dead [ 2533.763167][T30505] binder: 30504:30505 transaction failed 29189/-22, size 0-0 line 2994 [ 2533.779811][T26388] binder: send failed reply for transaction 1802, target dead 19:20:56 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x187]}) [ 2533.881629][ C0] net_ratelimit: 12 callbacks suppressed [ 2533.881643][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2533.893438][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2533.906550][T30516] binder: 30515:30516 transaction failed 29201/-28, size 0-12293 line 3147 19:20:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x3f00000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2533.974585][T30505] binder: 30504:30505 ioctl c0306201 200004c0 returned -14 19:20:56 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb7000040]}) [ 2534.079653][T30623] binder: 30504:30623 ioctl c0306201 200004c0 returned -14 19:20:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a01000000000000]}) [ 2534.157829][T14773] binder: release 30504:30623 transaction 1806 out, still active [ 2534.195557][T14773] binder: undelivered TRANSACTION_COMPLETE 19:20:56 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a0]}) 19:20:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x4000000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1200, 0x0, 0x0}) 19:20:56 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3006, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2534.402977][T14773] binder: send failed reply for transaction 1806, target dead [ 2534.436514][T30744] binder: 30742:30744 transaction failed 29189/-22, size 0-0 line 2994 [ 2534.438035][T14773] binder_release_work: 16 callbacks suppressed 19:20:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x4800000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2534.438302][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2534.463860][T30744] binder: 30742:30744 ioctl c0306201 200004c0 returned -14 [ 2534.503453][T30785] binder: 30784:30785 transaction failed 29201/-28, size 0-12294 line 3147 [ 2534.505243][T30808] binder: 30742:30808 ioctl c0306201 200004c0 returned -14 19:20:56 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b01000000000000]}) [ 2534.605713][T14773] binder: release 30742:30808 transaction 1810 out, still active 19:20:57 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x4c00000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x3f00, 0x0, 0x0}) [ 2534.648692][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2534.672712][T14773] binder: undelivered TRANSACTION_ERROR: 29189 19:20:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000000]}) 19:20:57 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3007, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:57 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c0]}) [ 2534.801323][T14773] binder: send failed reply for transaction 1810, target dead [ 2534.846587][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2534.866605][T30965] binder: 30961:30965 transaction failed 29189/-22, size 0-0 line 2994 19:20:57 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x6000000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2534.931831][T30970] binder: 30969:30970 transaction failed 29201/-28, size 0-12295 line 3147 [ 2534.946866][T30965] binder: 30961:30965 ioctl c0306201 200004c0 returned -14 19:20:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f04000000000000]}) [ 2535.030380][T31021] binder: 30961:31021 ioctl c0306201 200004c0 returned -14 [ 2535.081677][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2535.087546][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2535.093539][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2535.099355][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2535.116833][T14773] binder: release 30961:31021 transaction 1814 out, still active 19:20:57 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x6030000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000080]}) [ 2535.169128][T14773] binder: undelivered TRANSACTION_COMPLETE 19:20:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1000000, 0x0, 0x0}) [ 2535.231256][T14773] binder: undelivered TRANSACTION_ERROR: 29189 19:20:57 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x6800000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:57 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300a, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2535.321632][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2535.327583][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2535.342315][T14773] binder: send failed reply for transaction 1814, target dead [ 2535.387148][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2535.394473][T31194] binder: 31193:31194 ioctl c0306201 200004c0 returned -14 19:20:57 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d9]}) [ 2535.472852][T31203] binder: 31193:31203 ioctl c0306201 200004c0 returned -14 19:20:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000c000000000]}) 19:20:57 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x6c00000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2535.519159][T14773] binder: undelivered TRANSACTION_ERROR: 29189 [ 2535.543986][T14773] binder: undelivered TRANSACTION_ERROR: 29189 19:20:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x8000000, 0x0, 0x0}) 19:20:58 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000081]}) [ 2535.728648][T31337] binder_alloc: 31201: binder_alloc_buf failed to map pages in userspace, no vma 19:20:58 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3012, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x7400000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2535.801828][T31337] binder: 31334:31337 ioctl c0306201 200004c0 returned -14 [ 2535.823047][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2535.853801][T31409] binder: 31334:31409 ioctl c0306201 200004c0 returned -14 [ 2535.891637][T14773] binder: undelivered TRANSACTION_ERROR: 29189 [ 2535.920027][T31427] binder_alloc_new_buf_locked: 7 callbacks suppressed [ 2535.920039][T31427] binder_alloc: 31426: binder_alloc_buf size 12312 failed, no address space [ 2535.943115][T14773] binder: undelivered TRANSACTION_ERROR: 29189 [ 2535.961619][ C0] protocol 88fb is buggy, dev hsr_slave_0 19:20:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004000000000000]}) [ 2535.967669][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:20:58 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x277]}) 19:20:58 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000082]}) 19:20:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x7a00000000000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x12000000, 0x0, 0x0}) [ 2536.186540][T31531] binder: 31529:31531 ioctl c0306201 200004c0 returned -14 [ 2536.199859][T31516] kvm_set_msr_common: 17 callbacks suppressed [ 2536.199873][T31516] kvm [31503]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:20:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0xfdfdffff00000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2536.235612][T31520] kvm [31514]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x77 [ 2536.265361][T31544] binder: 31529:31544 ioctl c0306201 200004c0 returned -14 [ 2536.270087][T31543] kvm [31495]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x82 19:20:58 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3048, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2536.293940][T14773] binder: send failed reply for transaction 1823 to 31529:31531 [ 2536.316863][T14773] binder: send failed reply for transaction 1824 to 31529:31544 [ 2536.364235][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2536.384848][T31552] kvm [31495]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x82 [ 2536.399884][T31553] binder_alloc: 31551: binder_alloc_buf size 12360 failed, no address space 19:20:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x3f000000, 0x0, 0x0}) [ 2536.413063][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2536.436330][T31553] binder_alloc_new_buf_locked: 6 callbacks suppressed [ 2536.436348][T31553] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:20:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8005000000000000]}) 19:20:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0xffffffff00000000, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:58 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000083]}) [ 2536.588546][T31666] binder: 31656:31666 ioctl c0306201 200004c0 returned -14 [ 2536.675686][T31723] binder: 31656:31723 ioctl c0306201 200004c0 returned -14 19:20:59 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2ff]}) [ 2536.728749][T14773] binder: release 31656:31666 transaction 1827 out, still active [ 2536.759602][T14773] binder: undelivered TRANSACTION_COMPLETE 19:20:59 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x304c, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0xfdfdffff, 0x0, 0x0}) [ 2536.801638][T14773] binder: release 31656:31723 transaction 1828 out, still active 19:20:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x630b, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2536.847529][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2536.848001][T31772] kvm [31771]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xff [ 2536.883156][T14773] binder: send failed reply for transaction 1827, target dead [ 2536.923458][T31783] binder: 31782:31783 ERROR: BC_REGISTER_LOOPER called without request [ 2536.932182][T31780] binder: 31778:31780 ioctl c0306201 200004c0 returned -14 [ 2536.951336][T31781] binder_alloc: 31779: binder_alloc_buf size 12368 failed, no address space [ 2536.961851][T14773] binder: send failed reply for transaction 1828, target dead [ 2536.983616][T31781] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2536.996757][T31783] binder: 31782:31783 unknown command 0 [ 2537.003510][T31783] binder: 31782:31783 ioctl c0306201 20000040 returned -22 [ 2537.015733][T31801] kvm [31743]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x83 [ 2537.025385][T31784] binder: 31778:31784 ioctl c0306201 200004c0 returned -14 19:20:59 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x810000c000000000]}) [ 2537.033480][T14773] binder: release 31778:31784 transaction 1832 out, still active [ 2537.050317][T14773] binder: undelivered TRANSACTION_COMPLETE 19:20:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0xfffffdfd, 0x0, 0x0}) 19:20:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x630c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2537.231907][T31976] kvm [31968]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2537.258299][T31992] binder: 31991:31992 ioctl c0306201 200004c0 returned -14 19:20:59 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000084]}) 19:20:59 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3060, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2537.283681][T31994] binder: 31993:31994 unknown command 0 [ 2537.315333][T31994] binder: 31993:31994 ioctl c0306201 20000040 returned -22 [ 2537.326076][T14773] binder: send failed reply for transaction 1832, target dead 19:20:59 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x308]}) [ 2537.348695][T31997] binder: 31991:31997 ioctl c0306201 200004c0 returned -14 [ 2537.356889][T14773] binder: send failed reply for transaction 1833 to 31991:31992 [ 2537.365036][T31994] binder: 31993:31994 unknown command 0 [ 2537.409773][T31994] binder: 31993:31994 ioctl c0306201 20000040 returned -22 [ 2537.428310][T32003] binder_alloc: 32002: binder_alloc_buf size 12384 failed, no address space 19:20:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x630d, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:20:59 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x820000c000000000]}) 19:20:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x100000000000000, 0x0, 0x0}) [ 2537.521578][T32003] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2537.523040][T32001] kvm [31998]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x84 [ 2537.601979][T32006] kvm [32004]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x8 [ 2537.666492][T32036] kvm [32035]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2537.703141][T32041] binder: 32011:32041 unknown command 0 [ 2537.709001][T32041] binder: 32011:32041 ioctl c0306201 20000040 returned -22 [ 2537.717967][T32078] binder: 32022:32078 ioctl c0306201 200004c0 returned -14 [ 2537.733076][T32041] binder: 32011:32041 unknown command 0 [ 2537.742401][T32041] binder: 32011:32041 ioctl c0306201 20000040 returned -22 [ 2537.775741][T32200] binder: 32022:32200 ioctl c0306201 200004c0 returned -14 19:21:00 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3068, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:00 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40046302, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2537.822657][T26388] binder: release 32022:32078 transaction 1837 out, still active [ 2537.830687][T26388] binder: release 32022:32200 transaction 1838 out, still active 19:21:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x800000000000000, 0x0, 0x0}) [ 2537.897690][T26388] binder: send failed reply for transaction 1837, target dead [ 2537.937360][T32223] binder_alloc: 32222: binder_alloc_buf size 12392 failed, no address space 19:21:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000100]}) 19:21:00 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47f]}) [ 2537.952568][T26388] binder: send failed reply for transaction 1838, target dead [ 2537.980456][T32226] binder: BC_ACQUIRE_RESULT not supported 19:21:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x830000c000000000]}) [ 2538.050726][T32223] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2538.060296][T32226] binder: 32224:32226 ioctl c0306201 20000040 returned -22 19:21:00 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40046304, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2538.130925][T32231] binder: 32230:32231 ioctl c0306201 200004c0 returned -14 [ 2538.141110][T32223] binder_transaction: 11 callbacks suppressed [ 2538.141129][T32223] binder: 32222:32223 transaction failed 29201/-28, size 0-12392 line 3147 [ 2538.197374][T32241] binder: 32230:32241 ioctl c0306201 200004c0 returned -14 [ 2538.257092][T32272] binder: 32239:32272 unknown command 0 19:21:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000101]}) [ 2538.316941][T32272] binder: 32239:32272 ioctl c0306201 20000040 returned -22 19:21:00 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x480]}) 19:21:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x840000c000000000]}) 19:21:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1200000000000000, 0x0, 0x0}) 19:21:00 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40046307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:00 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x306c, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2538.559096][T32452] binder: 32451:32452 transaction failed 29189/-22, size 0-0 line 2994 [ 2538.651059][T32465] binder_alloc: 32463: binder_alloc_buf size 12400 failed, no address space [ 2538.666367][T32452] binder: 32451:32452 ioctl c0306201 200004c0 returned -14 [ 2538.718913][T32465] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:21:01 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000102]}) 19:21:01 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8501000000000000]}) [ 2538.775814][T32515] binder: 32461:32515 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 2538.787689][T32543] binder: 32451:32543 ioctl c0306201 200004c0 returned -14 [ 2538.795444][T32465] binder: 32463:32465 transaction failed 29201/-28, size 0-12396 line 3147 [ 2538.846996][T14773] binder_thread_release: 2 callbacks suppressed [ 2538.847019][T14773] binder: release 32451:32543 transaction 1847 out, still active [ 2538.869177][T32515] binder: 32461:32515 unknown command 0 19:21:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x3f00000000000000, 0x0, 0x0}) [ 2538.903339][T14773] binder_release_work: 5 callbacks suppressed [ 2538.903376][T14773] binder: undelivered TRANSACTION_COMPLETE 19:21:01 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x491]}) [ 2538.975118][T32515] binder: 32461:32515 ioctl c0306201 20000040 returned -22 19:21:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40086303, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2539.079657][T32661] binder: 32658:32661 ioctl c0306201 200004c0 returned -14 19:21:01 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3074, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2539.146333][T26388] binder_send_failed_reply: 2 callbacks suppressed [ 2539.146341][T26388] binder: send failed reply for transaction 1847, target dead [ 2539.174348][T32741] binder: 32658:32741 transaction failed 29189/-22, size 0-0 line 2994 [ 2539.201924][T32754] binder_alloc: 32742: binder_alloc_buf size 12408 failed, no address space [ 2539.205993][T26388] binder: send failed reply for transaction 1848 to 32658:32661 [ 2539.241603][ C1] net_ratelimit: 8 callbacks suppressed [ 2539.241613][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2539.242629][T32741] binder: 32658:32741 ioctl c0306201 200004c0 returned -14 [ 2539.247336][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2539.247439][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2539.261793][T32764] binder: 32711:32764 BC_FREE_BUFFER u0000000000000000 no match [ 2539.266398][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2539.272526][T26388] binder: undelivered TRANSACTION_COMPLETE 19:21:01 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8601000000000000]}) [ 2539.305602][T32764] binder: 32711:32764 unknown command 0 [ 2539.313616][T32754] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2539.339677][T32764] binder: 32711:32764 ioctl c0306201 20000040 returned -22 19:21:01 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d0]}) 19:21:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0xfdfdffff00000000, 0x0, 0x0}) [ 2539.394721][T32754] binder: 32742:32754 transaction failed 29201/-28, size 0-12404 line 3147 19:21:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x4008630a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:01 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000103]}) [ 2539.481711][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2539.491718][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2539.539603][ T355] binder: 340:355 ioctl c0306201 200004c0 returned -14 [ 2539.605115][ T390] binder: 340:390 ioctl c0306201 200004c0 returned -14 19:21:02 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8701000000000000]}) [ 2539.649752][T14773] binder: release 340:390 transaction 1853 out, still active [ 2539.657683][ T386] binder: BC_ATTEMPT_ACQUIRE not supported [ 2539.687862][ T386] binder: 385:386 ioctl c0306201 20000040 returned -22 [ 2539.701856][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2539.733819][T14773] binder: release 340:355 transaction 1852 out, still active [ 2539.737877][ T386] binder: BC_ATTEMPT_ACQUIRE not supported 19:21:02 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x307a, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2539.767129][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2539.768752][ T386] binder: 385:386 ioctl c0306201 20000040 returned -22 [ 2539.791374][T14773] binder: send failed reply for transaction 1852, target dead 19:21:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x8, 0x0}) [ 2539.823294][T14773] binder: send failed reply for transaction 1853, target dead [ 2539.857282][ T552] binder_alloc: 551: binder_alloc_buf size 12416 failed, no address space 19:21:02 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40086310, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2539.868978][T14773] binder_release_work: 14 callbacks suppressed [ 2539.868986][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2539.929322][ T552] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:21:02 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x560]}) [ 2539.997697][ T557] binder: 556:557 BC_DEAD_BINDER_DONE 0000000000000000 not found [ 2540.051260][T14773] binder: release 553:558 transaction 1857 out, still active [ 2540.052346][ T552] binder: 551:552 transaction failed 29201/-28, size 0-12410 line 3147 [ 2540.070384][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2540.081758][ T557] binder: 556:557 unknown command 0 19:21:02 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8705000000000000]}) [ 2540.103079][ T557] binder: 556:557 ioctl c0306201 20000040 returned -22 [ 2540.121586][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2540.127593][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2540.142850][T14773] binder: release 553:554 transaction 1856 out, still active 19:21:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x12, 0x0}) 19:21:02 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010000]}) [ 2540.180877][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2540.257374][T26388] binder: release 570:596 transaction 1859 out, still active 19:21:02 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x400c630e, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x1200, 0x0}) [ 2540.314427][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2540.369190][T26388] binder: release 570:573 transaction 1858 out, still active [ 2540.381086][ T721] binder: 719:721 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 2540.423445][ T721] binder: 719:721 unknown command 0 [ 2540.426388][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2540.429117][ T721] binder: 719:721 ioctl c0306201 20000040 returned -22 [ 2540.462285][T26388] binder: release 731:775 transaction 1861 out, still active 19:21:02 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x3f00, 0x0}) [ 2540.474922][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2540.500170][T26388] binder: send failed reply for transaction 1856, target dead 19:21:02 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x400c630f, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2540.537988][ T788] binder_alloc: 787: binder_alloc_buf size 24576 failed, no address space [ 2540.554400][T26388] binder: send failed reply for transaction 1857, target dead [ 2540.577452][ T788] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2540.596770][T26388] binder: send failed reply for transaction 1858, target dead [ 2540.619717][T26388] binder: send failed reply for transaction 1859, target dead [ 2540.629138][ T788] binder: 787:788 transaction failed 29201/-28, size 0-24576 line 3147 [ 2540.636557][ T794] binder: 793:794 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 19:21:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x1000000, 0x0}) [ 2540.655996][T26388] binder: send failed reply for transaction 1860 to 731:756 [ 2540.671204][ T794] binder: 793:794 unknown command 0 [ 2540.677115][T26388] binder: send failed reply for transaction 1861, target dead [ 2540.694046][ T794] binder: 793:794 ioctl c0306201 20000040 returned -22 [ 2540.710720][T26388] binder: release 790:795 transaction 1865 out, still active [ 2540.746565][T26388] binder: undelivered TRANSACTION_COMPLETE 19:21:03 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b00, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2540.771360][T26388] binder: release 790:791 transaction 1864 out, still active [ 2540.805415][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:21:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40106308, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2540.827758][T26388] binder: send failed reply for transaction 1864, target dead [ 2540.868871][T26388] binder: send failed reply for transaction 1865, target dead [ 2540.888635][ T903] binder_alloc: 902: binder_alloc_buf size 27392 failed, no address space [ 2540.912076][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2540.922727][ T905] binder: 904:905 BC_INCREFS_DONE u0000000000000000 no match [ 2540.948172][T26388] binder: undelivered TRANSACTION_ERROR: 29189 [ 2540.958417][ T903] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2540.981558][ T905] binder: 904:905 unknown command 0 [ 2541.009894][ T905] binder: 904:905 ioctl c0306201 20000040 returned -22 [ 2541.042510][ T903] binder: 902:903 transaction failed 29201/-28, size 0-27392 line 3147 19:21:03 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x561]}) 19:21:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x8000000, 0x0}) 19:21:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b00000000000000]}) 19:21:03 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010003]}) 19:21:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40106309, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x12000000, 0x0}) [ 2541.245540][ T959] binder: 958:959 BC_ACQUIRE_DONE u0000000000000000 no match [ 2541.266700][ T931] kvm_set_msr_common: 16 callbacks suppressed [ 2541.266719][ T931] kvm [926]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2541.300383][ T959] binder: 958:959 unknown command 0 [ 2541.321615][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2541.327497][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2541.348535][ T959] binder: 958:959 ioctl c0306201 20000040 returned -22 [ 2541.404030][ T1035] kvm [1021]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x3 19:21:03 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f5e0ff, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40400a00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2541.451342][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2541.461149][ T1141] kvm [1021]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x3 19:21:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x3f000000, 0x0}) 19:21:03 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x570]}) [ 2541.602886][ T1147] binder: 1145:1147 unknown command 1077938688 [ 2541.623952][ T1150] binder_alloc: 1148: binder_alloc_buf size 100000000 failed, no address space [ 2541.642175][ T1147] binder: 1145:1147 ioctl c0306201 20000040 returned -22 19:21:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900d000000000000]}) [ 2541.678764][ T1151] kvm [1149]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x70 [ 2541.688746][ T1150] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:21:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40402000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:04 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010004]}) [ 2541.784420][ T1150] binder: 1148:1150 transaction failed 29201/-28, size 0-99999999 line 3147 19:21:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0xfdfdffff, 0x0}) [ 2541.880107][ T1165] kvm [1164]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x4 [ 2541.901873][ T1159] kvm [1158]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2541.908219][ T1250] binder: 1195:1250 unknown command 1077944320 [ 2541.954065][ T1318] kvm [1164]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x4 [ 2541.971748][ T1250] binder: 1195:1250 ioctl c0306201 20000040 returned -22 19:21:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40402300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0xfffffdfd, 0x0}) 19:21:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9104000000000000]}) 19:21:04 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x571]}) 19:21:04 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2542.165783][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2542.167267][ T1388] binder: 1386:1388 transaction failed 29189/-22, size 0-0 line 2994 [ 2542.193427][ T1389] binder: 1384:1389 unknown command 1077945088 [ 2542.199770][ T1389] binder: 1384:1389 ioctl c0306201 20000040 returned -22 19:21:04 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010007]}) [ 2542.250051][ T1395] kvm [1394]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2542.262240][ T1396] binder: 1393:1396 got transaction with invalid offset (2, min 0 max 0) or object. [ 2542.325254][ T1409] binder_alloc: 1393: binder_alloc_buf size 8 failed, no address space [ 2542.371556][T14773] binder: undelivered TRANSACTION_ERROR: 29189 [ 2542.402472][ T1410] kvm [1399]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x7 [ 2542.405743][ T1409] binder_alloc: allocated: 12288 (num: 1 largest: 12288), free: 0 (num: 0 largest: 0) 19:21:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40402500, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e00000000000000]}) [ 2542.451890][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2542.467169][ T1512] kvm [1399]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x7 19:21:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x100000000000000, 0x0}) 19:21:04 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x572]}) 19:21:05 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:05 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010015]}) [ 2542.710123][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:21:05 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f00004000000000]}) 19:21:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x800000000000000, 0x0}) [ 2542.812945][ T1732] binder: 1702:1732 got transaction with invalid offset (3, min 0 max 0) or object. 19:21:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40402a00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:05 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x580]}) 19:21:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x1200000000000000, 0x0}) 19:21:05 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa001000000000000]}) 19:21:05 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc001001b]}) [ 2543.202857][ T1942] binder: 1939:1942 unknown command 1077946880 [ 2543.236886][ T1942] binder: 1939:1942 ioctl c0306201 20000040 returned -22 19:21:05 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2543.277673][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:21:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x3f00000000000000, 0x0}) 19:21:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40402b00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:05 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00d000000000000]}) [ 2543.439925][ T2033] binder: 1971:2033 got transaction with invalid offset (4, min 0 max 0) or object. [ 2543.522892][ T2054] binder: 2053:2054 unknown command 1077947136 [ 2543.529646][ T2054] binder: 2053:2054 ioctl c0306201 20000040 returned -22 [ 2543.532488][ T2082] binder_alloc: 1971: binder_alloc_buf size 8 failed, no address space 19:21:05 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc001001f]}) 19:21:05 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x587]}) [ 2543.610364][ T2082] binder_alloc: allocated: 12288 (num: 1 largest: 12288), free: 0 (num: 0 largest: 0) [ 2543.622979][ T2054] binder: 2053:2054 unknown command 1077947136 [ 2543.667840][ T2033] binder_transaction: 3 callbacks suppressed [ 2543.667858][ T2033] binder: 1971:2033 transaction failed 29201/-22, size 0-12288 line 3241 [ 2543.683471][ T2054] binder: 2053:2054 ioctl c0306201 20000040 returned -22 [ 2543.683584][ T2082] binder: 2042:2082 transaction failed 29201/-28, size 0-0 line 3147 19:21:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40402d00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb000004000000000]}) 19:21:06 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010020]}) [ 2543.928816][ T2260] binder: 2188:2260 unknown command 1077947648 [ 2543.961768][ T2260] binder: 2188:2260 ioctl c0306201 20000040 returned -22 19:21:06 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6e0]}) 19:21:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0xfdfdffff00000000, 0x0}) 19:21:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40402e00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:06 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x5]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2544.129316][ T2316] binder_alloc: 1971: binder_alloc_buf, no vma [ 2544.136285][ T2316] binder: 2315:2316 transaction failed 29189/-3, size 0-0 line 3147 [ 2544.147751][ T2317] binder_alloc: 1971: binder_alloc_buf, no vma [ 2544.191443][T26388] binder_send_failed_reply: 16 callbacks suppressed [ 2544.191452][T26388] binder: send failed reply for transaction 1895, target dead [ 2544.192618][ T2317] binder: 2315:2317 transaction failed 29189/-3, size 0-0 line 3147 [ 2544.268131][ T2334] binder: 2325:2334 unknown command 1077947904 [ 2544.281602][ C0] net_ratelimit: 12 callbacks suppressed [ 2544.281610][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2544.293327][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:21:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb700004000000000]}) [ 2544.329483][ T2426] binder: 2418:2426 got transaction with invalid offset (5, min 0 max 0) or object. [ 2544.339433][ T2334] binder: 2325:2334 ioctl c0306201 20000040 returned -22 19:21:06 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010058]}) 19:21:06 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x803]}) [ 2544.395470][ T2426] binder: 2418:2426 transaction failed 29201/-22, size 0-12288 line 3241 19:21:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0xba, 0x2) write$tun(r1, &(0x7f0000000500)={@void, @val={0x1, 0x4, 0x8, 0x80000001, 0x2, 0x4}, @mpls={[{0x2, 0x5, 0x5, 0x7fffffff}, {0x4, 0x3, 0x396, 0x80}, {0xf83, 0x100000001, 0x7, 0x10}, {0x80000001, 0x0, 0x7fff, 0xb36}, {0x7, 0x7ff, 0x9}, {0x4, 0x4, 0x0, 0x1}, {0x4, 0x86f, 0x7fffffff, 0x6}], @generic="6235b42dbe7fea8edf590513145c5e61ff39e9009f08a9e40a3a29b1b20dbc8562a93353a2a4d5ae11076027519585a8eba1c8d7a5e31680ce21aada35650c59b618111e1bb3ef050c5ab8f08e851d7b99ce9117f216c747337019b75d19a16978de35bdee5879027cda26754f033288dfbe1a5085d0332d7ec414767fdd7945489cbfe0b3f3d99acc7022490fdd212f7bc23afbcbb907229c085a1b0d3509a9faf75796bdb6a78372924ebd694cd5b0e680f9036ca7bd9fba814fdf6d3d0b51c08c7a450af455b938b7f776618f9f0e6b786ae3b2c087121223f38e3549a0fa192da89cde46577cbb26660905f6d66ff08671c9382850151f82af3332f925b161cffe60d68383b56f84170d57d3aeb508acb8c9a4d38e09f2493de09c3aaccf38f7ec595a14a75d7de672847068371619f1a7f7dbd85e24de94d09f67a03abed3117efced82f4ad831685806f22722907baa91ab55509d96ac257bf79907799fee2d11aaea8cf1bda4dbb5bf5a7a04d067726baa3362b139943984e3d2075befc106fc5aac5dba06ee03f05f4d17c983c91715567a33758ddfe66b32f41820b391edc5a8984998865f5917457c14915ce42e012600ebed73fabcd59e07163fcbd82a4b17d57f064cf1577d497c10495e61f2deb23fbfaaff15bf9b48cbefb652da3e871de9c95069d31a419d3d7a59f0d39958415af22d6ac4e2806d091ded44a3c4ad11adb0d3d09beaba17c13f7603fe8bf29d51c334d2f7d0f60e4d95cb4f64e83743ec4557c806396a6a7d142f3a5209d29a40a5a12521f39ac3f0b2d8f210b39068ed14785e17ba53b1910f3b5e07f325d6433efc132f40858b17e5bd45fbce867999fe3e8336fd66b1bd7f177d3e7e37122588dd95604ff6e69b22d03f63acac85e79e43c1bf96be9e3c3c8615fc4e715a9c146a9c119bb756b012a32b14db08d0956a944b295eff4394dbd1bd9ca36ce7050cbcdf97eadef8ef92ac1f303ffcf6ad9103ab266211d5c12f942bad7d22982b0846e28e48bf7b111064d31a500e1defd95c72013a50992aded7727679fb42be6bf320ef74db24fdc81a09664cf523abc329469fa0b9252a542c5544440b778d77ac7be599e19de8864b8edb92dca1e2bd66b0427f470ef83e8c82d61323535c6d668a073f1cbef48cb5c214ebd7c70fc871539b9283fa3157b1d1692d5722fdee6670791afd8343fc15585dfdf08e0e8e95f454a015f2c5f34648118868c3b28a9d532705072a6c7a7296fbf413e85cab60ac0c9896fd6a0c947f49e32a5a1bc9dc3d1eb98d2891e829c73dec1d4989d6ecac046992b98dd2a32ec5a6765e3133013070a556885b1e7bbfeabe5e5763f6ba61bb4daa3972e4631381abda30595eda97e4ab55e3dd2d0f6532a9d7dee5d50f34f68ea80c82da943dfa3fb6885155673c686c7d54a14b9269604c22838c56e2528a06ca57398f14fe376762f60f89472403754eb03b5a1ff47f8f5bd0f683c49dc352d35dae31d4bd71ba551c519dbc7c7fddc802eebe9156c15d311d2cacc7499448dc5a395e7d895b6d3d22b92d2336362bff8d082e9c65a6163ef4d3c1cf026b3332beb2c9f013d4409b525143519dc54aae53889132bb3048cc45091a42939c817f844e9bb4d4a0ce9e548dfdd082af975c87b0430ea522ea5c077e9417f3f7726b2e27cd4621ca53c2608875ea1bec89f4aa9f3b28aeed4c10105c6fb6483dd7671407628baa3e11c073e0419c2ab1a234455c5323d6b03e21b1dead208a3e9339921063430bb3a3f463e3507110c0add5582f35f5a908f3004bf2e5a0909b57b0022073093f1cdd23378049267a3d58ffa9e9e5ae552e245e009713347d96154b1fefdf85bd71921786e94d7642e682dde46e1314ef1d8fc834f5be1fcda6c066e2e1c63117d0bcafef792fddb6be7f7dca124357d3c65090d8f5e273c2e6ff4119e13473e0a9a19dcc7c703da49c4cc12b450e48dbb6b0f28e0fb7f3941d1c599682151408ce53ac18b27f9449d2b9307401045dc9c07885ae1cff516c1523919def621477d27a0d49f5e504911ee4f5af1a4d15942fbad1c0ef2e7a4ebbf27cbaade5733a27460fd29ae9b2dd5d4501d39e79f977ae51fa2d2f40ed98b348af9e41e0c27dc9da984d8bbaea3f33cbcbdb8a3a2a70f7c0fd7e3adffc758a6357533ad254bb4f8f41418f04261135e1e00b109c32f3ed6b24973e4abae1c7e782729e5cf93ff10864b76f61ab1918fbf9183cff34b86749710d5be8827cd18e9f50bf02410f2ec408299a5cfa783a2415182e743f9153f3402c365b7257bd78c6a75937318f3b3956a0624d16773825af7c73f128e36005728450311e01077faa6f5d29cbca860bdd541bcc346371d51f4855236be5660f60c8c589b93892af0369d27e8db936fdab4ecb4025978814b0a9bc7bc7ba8e117ed11bc4f76fc441a3b8791a60f9e4bb1d330440cc4f896a56054bd090a382e39b18eced7d5f5eccc9407f535eaa464ca6782affc38d301fd05fd15095e55815e206d193aed1a19ee9f3a8c06be4c4ba2185f424fbe90f7f1df69e637142076fafada1354c63e8ad05e77dac367105bdef04d8ca757c93fc2ceed5b223b96e22ba33548febe9bc528e198b700ae86c5bbd545ddd09431aa6e6be86b4ab59f23f1ffb0f3aed85dfea26359b37a35c6e773ad0756cd5bfb0bd22a08d079c6fb39939edb3a6babc9c83359f5bf9be9a85878c5bc1d6840483e55418826218d94a5e30d3022b89eb33e8b8010e863b4c9205eed9e8933067a8107925ad2a525409d7c6a1314f130c86d93e91de205c715c1bddeb51497993bc856cf8b6b1f617bae7391cfb07e4d95bd300e81a6fe96f072f0c4d88713750089f40da54dd2d1f12dbeac3777c6be8b0c1adbfb1f5c8686f556fe7fbd634bdc6974e0440be649bafa68b10a47e63b7eb8c29bbdc119d988817324a87641299a8fa8094617723e4c30fdb1e45c65328c5339a7edf982ffd93f66045ee3ebf2fa5883e0843a5e102b969d9f8345a5283b6720a1180eb7ffae943709eff355c2377bff546d1de2b90c7930e692b305ead97433fb0fd86479d682840a95f6ecfd3a895ab728e80b215d3f684e844444355831336131ad36137ad4277db2ffca3b40f4900e6854e278f3fe23225356aeafde06eb7c26ceeb99d9d507838ee47c65b322655a292f703cc76dea03e1c7f4a810356f4ca12727c7c13983b54e92f7b56ae7b2b560b86454f6e77f7c1d731a9d9ff0c091358d286540cbe2ab613ad03f3fd716b5a3b89b04679de367bace346090f6a4fb72ea1b85946ccd98f5170bdfd123181658c7cc5108c23201f2804b37166624affe7b0116a217988060e1943833895837bdf758d8803760d31d99d1060ce9f8bd6d8bf9ab5bceaefde1d20335202c4789874f22d776a88e111d43b9944d07da772f3184f314eb6a7e72390ace299c4220573213fa5c0225ba5294b487c3626af26f289792e71815ae2b55d976e0c69d1ccc7c62d6366cd4d87061d8273ae358e9c2e389a95f67ab2b7821b1aabab031f44da094e7d26c74e3bdfa8f452de77c5a1ac51818943f32a7204a073de66576f872c2b5bc6ca546b4d80630aaf4f667c29dc36c2e7454d51e05507a941ea6831b64dab36903bd35f5bf536a99acd2c13397a97fb1c6257c987c52676f28e6c53067914c963308fe9d497364a09d01329abc565dbcc4f8870b8905f54cc10a74c9fcd04df24461c3cff7279f20444e655456197ddecdd736e09181e5ad6f81ca3cc954d4b4a5c37fb944c80d82eee2c7054ba128ab58e9cd37885f6d5323f511208ea16fd023129c4edad86b972262443019da32ec3ac306849d3e86aee04643ef2dce38c32885b898f4d17d14dd0168b52a847b116b6d75c4cbc6240fa33a37c506a49c9622904d3dde7d0b8b1eeeac41cdb1196b6957770adaa9f8cace889ea44326e77557fd8eb7ec647f5f6f19c7a7a5a9d52f909322f8b3a341719e8404cf17803c602c98762974b4ff589b0a23a9e950738c3e0b40c4da3bb81ebc112dea6207e5471eb0285d6071fa77a4983367588e590dcfb6be4c2f4029ce874fb6925221ab53a34374a47fa3a3953c819ba95725368dbe260c2509c866dff75b03090df11ee57cb03ef1aec5e175a4147c3c27e4d96920735c75d04fa7dea507f920cc17f3316d8bebbfb7d49683ba47a50f9c8fb712e7bb92fd306f119f217a99012772b2b2249b97241d6f459398d804b17a27799491d682996af8069e41258bef054d5bf2b9fa7f9308845a71167db166f68b98b1818c0ec076e94c3528610e0373e0ab766e8f12ca9e8e31bc2d397a0ecddab8ce8e6cabb90cc5da5f260c36942407800c9b656b935a8bcb7c54f76dc7b2a1299cc7d7c3ef4a265eba09ccff70497e3746f9b3eefebf6981e605386c47b07a207a87515749a767aee0dd1b90a5290d4ac6b3166a975260eb1ec5ef125456bf4f20a878617af5f938c13bbf9c00830b8e394bf41bcc78746213b2b88e9ab28da3e50af849ba4316340a5c6945e4ce737b0d721e10a6e935f044e0d7a1b6772ad3b729f49775c5ad20578e2e10a2e0e982fb73ab8b8a24d08f56ee86cff01ba55180895a7b28a6031cb5146215cd054fdb1e581090c762787af580082ad6912df8b4db873107f375d87d67279e3f08655bbbc41ddbe899e2806e976c9128dda5cce6397413b009253d11037028a7dc069de05347059f8a8adab8618ec261189f18eb7a112937597f9b6eb68cbc746b4f374c2c1515a26d56b17da8b50dcc2163e9a19e71bdc8a7b734506ea4dcaf6d97f07777150844ae27c71efaa4c2364fff3cdb59d60f1e3a94d18aa2cabe29d4921f7bb81fa1d62ff451d3cb5f698550f797cd448bb8f50831931e25dfa3f0a298d4c1963356a92b3e8ed9a28fd09d7228814bc3306a3fe712037793966af4d7227d77fb9e98161868425dd92ad768c7177740227fd195538bb087b1f18fdce23a8acd30c84c2aee8779c0c9909f3cb2deb8fc91b585611709571ffc7a28f7ed845e6640c746e8db89f992c50d373acfbf774377571b0c58aa82a1e9316eb89a9058f182d099311f4eb8d5ea0721a3cf559b2fb7d6e06f9891281cdeec7ec7ae7392d2e5f9a431bbb3f0b1eb67f3b2000401b8d83bd58b8cb98bd9deb7b881accdd95830b03b5c57d9746189e9b2aa8a26667fe422cf14098987ed2b3038e73ecf0cd741c56969aa05102581109171cafd2ee6537c0eecfc8eaf5a9fcacfb203883d9180338a775f891798569126536ac2125b13ed7dfe11da1e6bf43335faaabdee34612ec8bda0d230c967a5eac0b3274225f05d198d0f512a7e1d752a5b735550c2343d4c4a0ab59f623f3f8c4169851f95c679838f402291d62a0e746eb02deb2a1ba25b6f96074e37f79e309f21c13c885ad73d0c96fce187c0d6af182451bbebee03e140dce7007028b8228a5deb10e24cfdf93f343b03cc37ffd427f2aa74f33f489d43e81287a92408c20ff5a7286d59160197a7933158d98aa7fb185bc0c5d6b4246f6e0c28234670df962679b412cd4360448194eb77d2b2918eb02806b9c6e9c2599fe441e87cee92508757ba86e86bfdc3e84573c6b13d85fdc102495bfc681e7c42ae0c5810ac97f115ed29db023efb322f93da863d334194eb5b3a89701b312b25d8f91910b76a85fae699480a704d0251715cd39325cfbf53d2a3fb45923349826124f5dd86fa7a520b22954eed33547b9dd4c441e32f2fd93e47b5"}}, 0x1026) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000080)={0x7, {{0x2, 0x4e23, @rand_addr=0x1d62}}, 0x0, 0x1, [{{0x2, 0x4e24, @multicast1}}]}, 0x110) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000000000000000000000000000000000000000efffffff0000000000000000000000000000000000000000"], 0x0, 0x0, 0x0}) 19:21:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40403000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2544.664119][ T2527] binder_alloc: 2418: binder_alloc_buf size 4294967280 failed, no address space 19:21:07 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010117]}) 19:21:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa01]}) [ 2544.724692][ T2603] binder: 2576:2603 unknown command 1077948416 [ 2544.746079][ T2603] binder: 2576:2603 ioctl c0306201 20000040 returned -22 [ 2544.756953][ T2527] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:21:07 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc000000000000000]}) 19:21:07 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40405800, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2544.908792][ T2527] binder: 2521:2527 transaction failed 29201/-28, size 0-4294967279 line 3147 [ 2544.942764][ T2675] binder: 2674:2675 got transaction with invalid offset (6, min 0 max 0) or object. [ 2544.970892][ T2527] binder_alloc: 2674: binder_alloc_buf size 4294967280 failed, no address space [ 2544.990595][ T2682] binder: 2679:2682 unknown command 1077958656 [ 2545.006922][T14773] binder_release_work: 5 callbacks suppressed [ 2545.006931][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2545.022426][ T2527] binder_alloc: allocated: 12288 (num: 1 largest: 12288), free: 0 (num: 0 largest: 0) [ 2545.047182][ T2682] binder: 2679:2682 ioctl c0306201 20000040 returned -22 [ 2545.082383][ T2527] binder: 2521:2527 transaction failed 29201/-28, size 0-4294967279 line 3147 [ 2545.082399][ T2675] binder: 2674:2675 transaction failed 29201/-22, size 0-12288 line 3241 19:21:07 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc100000000000000]}) 19:21:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2545.129626][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:21:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbff]}) 19:21:07 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010140]}) 19:21:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000005380)='/dev/audio\x00', 0x0, 0x0) r2 = getpgid(0xffffffffffffffff) r3 = fcntl$getown(r0, 0x9) sendmsg$nl_generic(r1, &(0x7f0000007600)={&(0x7f00000053c0)={0x10, 0x0, 0x0, 0x60480}, 0xc, &(0x7f00000075c0)={&(0x7f0000005400)={0x21b8, 0x41, 0xb24, 0x70bd26, 0x25dfdbfb, {0x10}, [@generic="2d17a3887fcd68a80711c510a610abdf4fb7bc88bef49829d8e96e145c8256904584fa2ba29b8c1abcccf9ef19a42d3165f52fdd4b7b7155e8f90db35c047f6e", @nested={0x20c0, 0x1b, [@typed={0x8, 0x5f, @pid=r2}, @generic="a88a07ff156f680ffcf3c5f0fd03ab208cc355fe6098cee04a0bab0e74e2ff5e278066556f783b82a5f8b1543f850922e5d21b27a80c9cb06979093674414e96a0455e04f106912005fdfc2b0af86f66937a00fdd019cdc15cf957a87af187e38c9dd0ef493a5120c5fabf3fab1ca208975f623684a129b1cc9dbabe3817c750a933c7fce429906fe209944c8b9f58b8eb0aebffef375b0e9e37dd86b111559de29fc09375e8db709d0c44c1192ce99776b7a04023d08d36d35209d3b8ca073bc5207fe4a5213376fd52236eeda47023021278a97450f75b37587f9727a5c077aee76f16f905e7ee878d91fe18a334c965259de33fb9b1cb998eff8f14799d465d4dac035c2af73de4039f8b4f673cadfa868513bdc9cf8e917d4e827516f52962194046c5712241a1ef3c555bf52d626cd561a276e03e949337d7d07d1acc1d393ef92ab58b2a4c4d1446f3cb494e9144c6a85b262a824e0ba09df5d9e56bdb98cde844e5ec66db3444bb0ecbff9a470a70d2945825e50ea68e5dce5590d9ac3922f6ea8cc16caae4ba8157daa2f46021a8bc2341a5d7f3fdcfac47b7ed026ac4fa398b675d0dd22bb96c2a4a1dcd8ad5a72cc72677debb50fd2e97b1fc31c191d3090afaaf10e2272dfa0ae05bedd40daf25457febb43bf9fd9c2bb614adcf32c95f39c2069395a88bdc8ab43a00a3cc75c5cc9e2ba431475e7ae05124d15894a553b587c7397e33429611542520aef23c9c63bfe4e9ecd50ddb89f963c4be038acb0a0ee86b6b1bac391b7b642f9a57937e3675a3bd9db3f7d736630e5131e1db86257a2c97c7705bfc495127271b41b819a9f7a23511488d7dcba36f36f71b4cc6bdcb8e3a7f41d1919af98505f89feecb48ddb4ccb0e7e05230f0cb5dc1c770c5410d94a88b0758e39d535eb3be7e544a9ef62971d624eef0f599283995a57facae29d2c5ddf1f9fbb640265396e5c5f809a4351e69cb8261e71bd2015a28a69676017797a4b60f3dd9b45404c820f30a8dac2461dd7fe1eb3221a7ab9707d4ac096e0f5b96458e4927cb0ecc98da1ec94f711e1432cc86128d9b09d8e3438d083ab47a9b423e8c20940c3bbb480f34e6768514fd0cd13d154fdb5b60e5ce72204284f35be63ef87cc92d6a87c6d07c34405b0544a3c49b4360c13cdcdd81c6aa773c5d92442b44f6f0d997d8b7577ebec6df2bf7305570ea11c3ee6e8468edbc75d4efe01914e819cd33df1c307da15f83869a1dccfc905306b1efae6711e03490bafff56ea02435ae261e2dc99729133c214c293bc2de2861b71f7becfd787fff2a2075bfea6be1bc3fe7ba7e5c4ddad3d9ac20d17e8eefd49bab01ec63cd0addf60a1052ae87902de6b5190bcbfa3aef9ce7863e3314dd926a8e003eea17dd964f18cf45970139c5d51608cd3fc4f8edae46035866f1d50114cd78919313a931ac7ef03fec39b05cab6994ad8a6f542fb19236eb3f6d24d1903dfc4d1b193fe12696f62539cb47f5aac92f6d95f3b7a02d382e54e4db2432dddb3ab99030b5f646ef9aec2fa026f79bc1dfa953479249a3e18ed9a3a5244714abf06c5daa34458d18aa2b73ec823f36e39d61c105517b59bddcb627f0711330f79e20bb49ac6d6cf205397835accf6ae18906fb9016aa34779da866785a98bd78500ea51d4f8d69b9139996bf287a89df3bbda5162177a25f31be4d6837852b76ded5cb220ba562132b61a20f29e85aa1a4a0da2f15e791c3bbf73201b881f94377e07b903b488344728d9617b131f01e4c7e9335b5d4bfc0eff43388f7d2ee0facad4cec7221bf7324f45161a7162768645d578b1d4e66cae8bcc24d21cc2eadc4bc5321e656a64937ecfb7d47d82594051d4025a7eb068773760725fe699d5660374141fd26af88cf73e22d02ef41aa7314d7597f27155a216773412ec10173a423365c8146c33e23cd66c33a3182d0f3ffa14421ba598b257b68883b5d9a96c96bd3e147d56fb5a41bafa4ba9e7db7be6f9cf0890773b096cad5bb966d0b47bf0bcca5085307c6bbc8ec5c6834309530a78d64e32eb861ea690a80d0ec69f764a3ab618bf666827946a666356a6548a75c772ba6924080df28f2f615dad80908b5800fbfd0e786315b1c68afde9f260d0e0a8ecd5d94ac7f356bbf7969506c0b49f61234dff43580da5f144436baa88d09fb26c04bcedf44a282413642c22954c82b62691458761d9743537b078148b88fb78e10823d2c886b00d90fb26725d3f0341ebbf604d5cc0b7740ead480a623a0fb392fac6db3e13664b82e17bdba3c0728818a2ba6059a0da1239dda2b95212f938b8b33d9f92a633a8a94ca6e7e1d0e19e125475050b05f46b07ee626ca035e5f8b81750e9e0988f6d3d79779b7714e9f52e7d0f70d9dc56afbb3312eebf013535feeab3496a05e6e11a47ddf20028d51c2a97146628d5d558cc006cf065825a9fcdde5b34339a03617796662036962a52399138446b9585d9ec580bc620f044697b9f447842e98d477006d57ef35b22c591c3616a84616f4943902498b29b0601889d73f26f3cd42969a70ad997d592c07cc225ffa41e7b2ab2a91e366ca2ff74149fad7146e5098fbd4744bf9283420f3d794c7b0ba1f82b20affd0b3a36625eaf27bb7f3c900946e13d8e32c53708d6e5bee2091a733980cce56802217949245cff0f68fc15d5bc2f0cc87ef52755079e1327d11e626e08163ba5f749b5e34c0cc2bcfc4c7b78445191c3d870245a05cb131fede12ebb6f9c31942edcc49a81e7afc2b1975100699bdb4a5d30e276fd4a5b2ea58630622a842274dd220a4d1737c03fc6cddf5e691ea5a9c99722c07f0d24c9a585ee845f1b6f71e217306532f2b0cc41b108f13f40bd0c87b6edca94eebc1bb024d1bf53cab31028796c3161087d49801115197c580a2f9ad2fd511ec0ef05ab86c9a337801ffb954f5f584d3990ca23f2233ddc786029aec1c4b3eb711318109708bb848da749b580732c2ed506c4047e526defb1b5b6cdbfd9a785acae6b037ce2915d9a5cd8071364f964dba29ce64342974ce4f917fd5ea43f6fb5a2867142605b1d7c97214407e0a0460fc1f5f057ce6ffef33cadf3264cf7cf0b6d1019cd03ff86e199ac26127fe7fcf091fe4df1477a4e41181d37ef5f4ca334a2101c6271634a474e84ac602a1b2fb087fab14bb9e91b673b0a66ae13985f7bbcc54accb24a664781125a0f8d1b78965e1eba4e055bc1d8830ae8f6f12593aff221a62e07b8ac6253abcb88fc13b98f920575b61bb2c99ba8a510515e885c081ce37255e67de57cc50a852d3d8d1eed1c2339359a3b2adde630322b79b181de61e525c977fd2a2484365aaf062e3f8ab58b5afa14402b9b53163d00b338cde246714875ddaba18fd65e6968c5db20131090da40411c0af495366feca6257636f1a23104ce6d59e5f32f74a04e18440f6313cd664bf01864c146b3d749efddbf5c3cf1924fe9909ef047e83988ab96e6b6ec5cb9c64ae0b47fcc716d1b46cdbbe29b18b13ac83723b91a3eb12883a992340b0c32382d92571fcd89d3c531b942e8590923b9c1ff471d22442c816f951238a911c644f69c081b59827e6992e69ba63bffd8f964e7f36ca1e7ad91831d3362a3b8f73e615487bcb0dcae0fe96e14ae478bb6283646ec1075d72a9e75b01c47d3a141b44f8c8b269e91a7fdbc9a43b6c1a927b9f9468a4fc8577290aca432aab3962ebab74dd7310bed3869ab0ceb9675b02cb9681adebb8b9fa94224313b3bc6826d8f4a03abaf713166b9d49c1f18bc17a3e3889c1af03a75cf34e35f06f1159464429ae5ca1fa1f139543999571773aac611d07dbfae86d7270368c4d48350ab54003fab5645ce07b1e10e484551ca593f4b13e53d9c86dfd66680227048d8ee5b5877bd203bb668d2e098494c18b55d6c8d45aa297853c57a740b417b38d8b0d783a8c53bf510489124506b0222426615b5dbe825a4417bf25656937889f43d475347b60000949136fa34b7bf438f162a6a88b8930c592106c92fa9f61f6f93459f43ad71f67723eab2ede16ce192a0539c1a971d9d709e2ec37642e852610fbe737bc1d99528cf4898245ca66440e1ade76729a172fc94d95c232aaee11c2bdbef7303b373cbecfe319e3c5e2eae2c78db64c6c8b634ae7ef3d8c1b83241e1b1ef0e56725b3255ff80c6c1c0fc26ef1c516ccf79f06a41076783b44ed2627dcf163d7bd0d5eb879a6fc15b0b45cbd678ffa1bf71a4bf26cd9d011168d62c0aaa4b46187a740c7385fbdcb7141289ddacc8b26db05fb056b6fb2497ac5fe61b996ca5aa7b702c3b0f5a41ca9da83a7b00b12447c573dd49d13ccb3721ee8f0c3c60969057f215ae874924027603a2b5681f8a6b6f1a3f45c9ba93d6fbca5fb14e57fcdfc850863ce6387262824f18834d178e9acaa44a93b54a58001a160358f55a2812b2671ffef7b1aa01f924524a09136b7f2e8b7cd650dba567bf5a1d48100f3beed6525faaa4c2ca37c8f67cc25402366f24395ae67b63f1ba7421cfffd0c867ffed5757ec9c2b8e1c7879eb79abab3598964aa2a4e6ac35096c84825599c39f440085eda2aaa2747f4ab4929f2737310c276c7584d9be910c96d1d83965c2f35d6ef2d625d09239202a14fddfee32d76108b4e9dbb8695ae3a839a6fe2047ae8c7d5250f9aae0847baf200aac2d79ea5558f257534e782f164dfe438e7b305c7a8d837b9f2adf850098ec47be574045d42ceed1ec15076b945b5ee1fe1ddfccbaa71583122651f3dfefa117cc4e940226582c15f0a0e189edab5affe016e5dcca8fdafcebb805b55a326c7c290ec1325dc6f3d312455e45229bfd51a99d40d96b8fc31cb3c0958364bb3e6047b2a8c7ceeb3f735673c47cb0472889b251a7bfa8659b6d35a969456eac16d2238beb5f758d5df576a0027e767ee98999ed176d0f2dcf19fb4d1af8db6dbd66203cf0ed30b70d2ac6fedddd235056e06e8e9a4ae48ff34963b677eaef2b34fe4114ca89cc03a3914519a963e1627c06afbefc9959bc4b0ae95c7f3b2bdfdf18b34f8d17287cd79358513ea4d35e119dd9c26af5cb3b3489e1b30fd32a6c19c4cc8e2cffde1f4caa492c3bf0edd6c4e6f1f99d58c048395257e7e1ce8fa6e53c8ec6c03d7d1a677c4a0d5ae9a03fc5ccb128e44e7da67457255ae2ac1785e5d600a13b2d923e6d14ce28734cd738b168b88995619a5fdca26a6b7960cb263ea2c9b927bc3885bf08e66e646c7f2f0affbe9faf78802f716c599ee636feff6fbbc6d9e0327a5ca03f128ff1696f74bf6fd78db40e11ecad5cfd285a1467aad13382bd58969b8aaaa57ac6e272a8358af5863f68dfc39316b7cf99b9059619dd294470b5096f2ddae9c4c7b8326f10fb34cf197cba77136b802d70a7c5ec6b4de5a24ae4853fa45eeff185818897b06224a276eec127ae6a7a4e0ac5adff97e0b0b500f3671d27a0c953a0541c69fc44432a8f817a6ec0f5627aeb555c2b02c494d524d10e617532050ac142c566c95dd35cd6754cbadf6b51273a81c698c04a71ea3b0349a77ffdd7959d7a08fa05d97441410da5bb25b9fc4f9dad73d5c3806fbff8df798e8921c8b761d70dcc1a183cb09985d2535e18d13f3862444c2046c74e52a1d5c0ac45721d4b28d3e259ff5fc2bca6aac245498bf728354babcbf0d87ea8c001c505cfbf924b6d7ca0650c7ac0c386b4166ea75e76004a473de6a5d2a82ef737caf3067d2b9406694cce939f7aec306d6efa8b10832e1d1", @generic="32eb0ba78f247d518d2303fef2e34d5e4e7d2c9b7e3b2febe5a3d1c7e6cf645169251a3642f8824c921791bd7f90e56785f3f5f4be7f71071048fdb8b3337aefa9557f5195d8e02623a8c244f46ce97096443c1ce2ababc801b5189fc7ea535d21122e9ed9dc99272c3b255ef6514ba5e14344520de74dbf9ef8aa560a47503da96026e40dbb507c003188b9e9b5a9aaa72695d51afb1b7db89b0a93056b4a146a6f370d702eccada52de8a22028411ecf7f032a11f8c44f36add0fe73059d82ffff0fdea48e92f6a07a46a651c845d34a962140a5a51a1b82a1b1bbc38a2ef07c633f88fcf49d5678dccda6cc97638e66472579787574c6f601c11daf568bc7a6a695b2ebaba0f399da074978c8b9de5caac64c88aeee522060a9a4456c9160977a52b50537e5da429111f9f1692814a9cc1ca8327c29eec98bb32217e02db7fcccff458ab05d1fa45dc380dfa5432d3b9aed4bf8070e9929fab23ea2ba21c8cabbf3846fdcf19ac8190e302942f076a849811bb054c241cc0ce77f3defd056b031527bc3df615955d8fdeb1caa0b956f52593e8afacba6a4aee7de7b99e1f3f8fa73a5bc324e3cce65af37e97101284a37d68cd91d2581bf19d6050cad2ce93d723038c488f7a2c98f84708e146334c71410e93a57ea32bb9a551ee4ad004ccf4a2418d88d3836a6f9be2297842bb2bb86fc9cae32d52a6a6c62f1eb8e9bd0024b7143d68239cbe8cab34e5bd4f680c4d271005e0fff39b20c5e5c033588c7654636c769d90ae94c4517816f4bbc580da4b3bef76b225ac1a296b66cd0d4853f2cbc8f24e2ac90c082cb1ab7e4ca66afab8f061b7a580e27d63e94eec704751847417d6f75589cbd2cf9a521ef197045f65671bf9fc7d63d99e0f4ff8d93599bc37fc41333a054585dca670f2257554aa62610fb34e772a15291b11f9699b5eaeea3ee176b20ee4e66f2db4a640978373416565167fa4ff2e70576213dcf223a78d6b069724551bce477cc5757520e2c82c53d1f1248969a73e68fb7de510c95eef81ea58ad3ea6344533ed48e58a872641f3e13f40bf0d2b18cc48de1999522f3946ccb7adf7b58530f83192dac6b500675833b9bd26f78b8c92654f957f680d3b1158ef106a0b4f9b3af244908d25d8786dc6d83f48d8bfd00da0b9d3b39bc4c2cafb294c29b378f49624ed05e3acc64a6350598a9a292829f7b7042ac710c455d7ab1bc6df2e92f20b65ca7a56020df93ca2b5dc779fc66d03e11b250b1ea97ac5ba9a5790a684f92d25e27a23d26b86bb2403d216ae00b80e1473dda53224aebb1c158548bcf64d2705662c4d54fd83a9cf5260449e901a495966b2dd3332ab985334202c36800172eb912b4786bbc9387042bb3115ea464b4bc27ae033f7ffd881d816b9d6f985f0339c373c15eee2c8218703178984a22ced8b68150a2e60adc706231da5681e876368e0ae3cdf8806d8af0fb9e942f581c314616e9de803e3a0b333d9bfffd28573bb72d1e0a90bdeb6c7923c23a0918975d2595d81d819f5f6aa5ba9b874a1f985e3750f7bfb8e8dae187bf2c089a8134f0e9a161853da87cb73e64916d45d0fb5067c270437d45bc8ab1f620fe478b24ebe46e0ba757a7fca3364713be13e74089ce0b5d569d55a3c6cc003bacfe05ffa233ade169e3479094eccee2edac2637c512a389ffb250072b19667b620ef9c0385bd8dc1c9155a9114dc2c276e2a6c685b0db72ca8a9c7924fb193f5c49f517bc4d6b4f3bea80a7baa5800c6f280b74d7137df9a96690f8bd04f30def004a7e9ad3785eb002dc44ee395f80de8b266c33e12eb985b83d5b446bb223c15bf80ab406b1455ca3a9e9dfd042b8820cfcaf738354426ba3be5e4c54c9d80fe58de0368cc3c20c02ae6376406387068d48ec25b5cd083c3cc0b35475968c4c130ead7af7cd72ea5325b455c103177f181e9b619d54f167fbc0e3188aaedc49366c24f4a75d4344f593d4ae9152aa19b1f6b06df4b7cc922e34148098c3d311bfedf3dec508c8a9824d0838886837cbf56053cf016d79460f184c283e8f60648d2796797183b0ce5d2c02c4990c50ab82c55568debcf9bcb05b8007d9c6bf284721b879d661c60a76e5461e9e05818eef1c533f5e8a9208a79dc0e5dc0f6018ef0a53b1b2679f43951751501190c272c271a0e15ea9c836ea9ed16af38349818321bcd860b562e43f3e709e462e1a23d989b11c687e1c01ef2aad1493e1a05ce7c1b8d7228794c2692cdbdfb8f138716ee9c7a4a94d22b13985c7d4a7b8fcd2295c20a2a70570ef471930158550ed0e348a453c84db9a6b6bc0b0a4505f9847d8344fe177863272a635cc175626adda728ea7dc22c668d301e0004dd1548cb4324953d603ccd44e328d9eba3b334a1d30584c2b2ebcc781925d2f90f7b570d24c2a513d7062f3b7ee8cd08b8ccffda5348878fe3ce2c72d1319b7b3baba0b9737a6b13ad7e9635063adffb64fed85d21087ab878533b764601aac131fdab27f94efbe86ed3ff4764f3731adb3befc0c3e27d065553b6652949c436bb78df2d16b83a9fbb93ac6598b93b01f2db5f92c284aa76db4d37fec81b8636bb8858b6418f146ff88b8ba078297e552949f50c9675b98cb551c30fa5362e9e0d2c5e139bbed839a1c08fd248d7d740134279788f8968f02d1618b292ca35d9bc7a91148073e3f4bedc9373e1454a080e708e2a44387a8d236baf2d530048121e02e35936753c4349fe5d36a82655741b1585a1afd1e6f09a40c09110ee5e21451c77f5e2cded243f8a0a71ba646b2f0930f3588f0e88bee9262caee78d2a45a3969193412597d205b7f26bcc1e8c8490564d3bd8ee814a5f2a37c9184782d977a22ff45c00465708f4ddd3ab16952347b56a5a8e0e8bec0f46685038e9c5f703d14228934d5a042e9050ac37f9660dc7807397496c1eb87b7b2f776b50c9b8ae5ecde404de1c47dce7adef6d1c8d7017039147a806c31a4891ac061a4427cc162f5b740d3bb0c4a32f55fc512a4b3fb709538a3aa5bcee143e43ee8c25fe867847da91ba9b46ef0b83345ca679c42a4cae2ccebd2b95ba7ca0aca2768c26933628765c965fc5fca5aca7d5c010ce33912199fa47c2ef76e81c2960cf04939fef9ad2a83761ec1160e14fb512b3ffb68643ed5b4e9711a561f920b12db57eb034f2b560dbc3fca0374c5d4712445e9fa80e7448cc2b935a0e6c353289dc135999d92190506e2be1772c7f2af1f233369cac5402f9d0c2f942d57cf6f98e0f949eaec28f2d231252f23e71d74905f28ec3f3aba5712acd3dd24b0331ddd364a1a96839f701b47fcc3711b035b24b4c2ea786bbfeec7f8684ab086de3f117ddbf7db23b9a96a3ff31ee47d911098d6f0307f5f02f567a32062869947f36255106b896266a3265457871c093eca7b737e151c7da9d166502222c4381fc682cb08fa2a5547e5dc18b8e36084114cbe4e15fed2b250cd25fec8b4e78ac5d0beebecb6fff4535a9100c914767fe6248a644a6d259135231a062092779a3d28f489dac3117686ddf328bd082056d020677cd8d20c32d09a95641200be679b0475a666ca29b67bacdf86edd585ba2ed58df402e6f2f8ad162475eb62237cd900940237843049236c0e70502734d47275b54bd18c581f7419da5e1fb891eed6964635b96156596eccb190cd2e5d4a6cf406a57f507f6a402d5830edee67edad88d4524b3d0d77b17ff32d68f8988dc190a863b2564d80cb999128ffe7846a811fadf8462d45a2e936ca08e60967905cc68ac2328873c2d7fd6512db0f3a1380f3d617fd6402fabef7b32acdf09da32ef08e5acc79333ed0c7520dbd41fe20e5b68f3b0f77f389f324883249faa94650d77572e75d4c3897feb65fe10df8b567a98373cccfeaceaddfd888f7d8c5bd64a5c5362da4a6de6159964ecf8712eb7d39e2d1af3a5a71fb3596f42f6ccb3cc49d1159e079e4c95af8dad7f56f971cc61f1fc6f2fc941d7c2334e58cfa771fcd043f906a9cc306fe0dde29c66fba40e74ecda14f20b7af2d3158a462947d655ffbdb2f303a499be53185e630b3f2b0730ab63c3e1de29870470f17475fb6599cccab07bb16024da64e8b22c1964f67fd5a70a1ac9d4276739dcab75723cfa2de127fd5e58668fffafce39de60aba9aae39fcd4ddc90c1233f34461d54d2b3e6ea4a7990175cfc1e986ef1b747e777ce23f6e6a51a89cede83a07452ba1bf8f317e8d806c8fd7f57f5ac8a894d093f03ab22d85dd70c0b3dbbe520ee7fd173780e31c0188e84c94a0132ffaabbb10e484e770cd3157faedc33e714e31300c24383c87f7cf82edaa3e20345ea916f7910c8388fe0fe06d3724ecf8a4eb6cef7e4051846a34188eca40962a55780494b548c28d1a547b124ae3f1359c31e6c68b614fcaa5735b528749c2966aa521fc186ad4a141f959f1c547c5b873bcb56d218600feb82231158faf95bdfb796bdb8f5931cee38ceb6026bab5bedc4af66ac1ddb3a5422d05bcb7904dfbea6fe911a639254739373ce0d7cbab8cb0cc4355278eb4de7c245c334c3f8b2331503c3bd8c643f6f3d70fec8140ddb358140c0c390c8aa321c19f2967867962072db00c41afdf77d3aeb131c12c4962aeb2fb60f0b6c5755f0e503398b041d02e1d2110972a57fa1a658be30b8b533dfdeb495e3fd513413d466496cab5154b2e8f3051f2dac777976fc30ce0cfc7527d59525d476982f5705b5b180535da4cd9b1e4225627c3c450391fe73ba9181f212e3dc2f85a0df9babffa5974a3793f052344d243c543207adfcdcd4ebde0b7c6d7715dc0b57b2d82bbde234cbe229cade253d13440a5c7f1b5b74f91b3e47b4af5f08ba99399c2397f4ff25e3399de854b0537520faa54f462e5b5e9e9e8f25e7eed4e70a11455777381d7c6085192bc64bef3c83144f01d9a06f5a4944fa26b910795d7a5724ab109d95d93cfccff75ee637309937d2c50be03169c045131ba2afd53eb532eb45c5a16b02cbd10e748b86c950f29b39952281a63668bf4a3a67b485f7f3cd2f1fc8f354ccd917b6fb27c62c5417f447d93e5e2517e04bd5b77d04fbf82706748e42646b98c3a9770e64eed4398fa9608d3e01c0ef4c388e833d7c81ba33a44c54d3886b3884ed813cbdd3e2246dfcbda2a12b9e81db214c771352f680a804c3beffccc780b6ff13e60ddce026a433e793d6328154738b6c6881ad1d11286c50ffb0a43818f28de39f34f8aa5d36b21b316b59299d64f68350f6c119098a1da4fc750b56dfeac7f53987f7a05b94543564fd064461e8cc0c44e72d2e07ac830fd134faf96a539514a1cd76d96ef097455d69d69ff18488ea84a6c592450bc39bf5a557bbba6ea003ba0a33ba38c109a67ec983bee7cd749c0b38c0e9324c40830bdaf5c67a2f1af26f4e3b62126c233c6c80c7cb68caa44d383bf889cd1cc22663e320f49d8f867c48828dc906f61e73bf6955807e5d59d4522e2aeddf95d6ff6162414b4be3594b70655e76046fa355e2bd81c913fdb8cd6fe143c7ef7592109218fa9839e33fe4357a2862243d2f8e4aab309ac47d2c16f98b33a166bec38aed5987b2e4b218590786c3c28f9d64b15481bf27f2aa847ff6731118200e065db72110e063d508f6d59533e5555dcc2542f951d042bdf64452b09dc3aba3472c5112df3b10540286ea7a24306201f9022b3cb9e414a89b49b400c62162a88ccadd52690c832b12714f34fa3ab34fb112e223f0a65a48fdd5eba8ef2ab44a0", @typed={0x1c, 0xe, @str='proc.wlan1selinuxem1\x00'}, @generic="0de4cfa1690f8658aabac2e63292304ef872254249ab4e292922ee857bc8e49e1644960c4584c5f6bde6fe8f77be06adf6c21f31877a40b3d93b334fb5679c18eb32ee6124e922bb4b3e5261d97dfd3bd7b4ef04e127885b8e7513a7620992ab1adc0af06c95e7de43a8bd85f6d31102f40c8ff1a76ff2d40ab9674187df623d9b984ecfcf7acd03bb12dda6535862ccbb8fee2cfa2cb952"]}, @typed={0x8, 0x5c, @pid=r3}, @typed={0x14, 0x3f, @ipv6=@mcast1}, @generic="b1887874568de5", @nested={0x80, 0x1f, [@typed={0x6c, 0x45, @binary="c066179be7368105e03c4d0e4ad87ed8ad091224e275de3493abf087f7b5e240b48e8db792b978f752fa9ff566c875795a4a3a4d3db0f2259168983aeee48239a181581500f4261c0b834f6a0e52c8a0feef964f65cac62a2807d87e0503ddd1fbc15b0eb671720c"}, @typed={0x10, 0x41, @str='(selinux-+-\x00'}]}]}, 0x21b8}, 0x1, 0x0, 0x0, 0x8c1}, 0x91) r4 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x7, 0x800) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00000021c0)={0x0, 0x68, "7c38d5b245118dfebd3772b8f539defd1e9c95b64bbab79519c95d9cdfcdda2f9f4dce8ab32e70034dd78f39b2b0ec4ebb0ddde0001c309ba1377c6cbe66e286be53d71563d7ee571fcf9537148943891cc41447a9035eb7d687cce09b11f8d509a79311772e2121"}, &(0x7f0000002240)=0x70) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f0000002280)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00000022c0)=0x18) sendmmsg$inet_sctp(r4, &(0x7f00000051c0)=[{&(0x7f0000000080)=@in6={0xa, 0x4e22, 0x20, @remote, 0x3}, 0x1c, &(0x7f0000000440)=[{&(0x7f00000000c0)="dd21a026f66610c577bb8f9f381cf2c17c19f1ae1155b52879267f6a36e266747f933a6ad57ef45560e44c57be8fa7595aebc70020d4fbb540c4192aa07f8d9cb877d9f75f2ea4ef8501c2bb2297d2f4aa35cd88ea0fc82d43bfee45598c3e9a530ba4f5646fefddcbba51da1fab3f303bb4adc6254a499ea85406bedb0e74daf7086297dee324979abc82b9f678537e30d732bcc4c0ad39fe038f9ca3c9d86592de93362a5667379af2eb995aa3461a348aec3af0689bf656a58466dade23438215b263e687b922462f05c529954081fda79e567630dcf3b1cc805ec71bb70aa3eb6aefaef1eef9fe8ae37d7fba2e286809598326dbd245ecb4f1d6c2a804", 0xff}, {&(0x7f00000001c0)="9a762a2154ed2171d1dd684072ac95d90328e7cc1529e9c9767b8e3bfe329e641a61d6ca773f86653762b734dba6a9bb9606a1d5531b480a583f97062dea416d72702529970babe8ed8784b68025444ca932d0e9d69f08e1c18791d7bc4162b75ef0cf5aef5f54bd7301129ded831ce7f61bc716007e8ef3c10ba1096e99cf20f6954313dc9a25ff0f8ca7460b38c33d7b28481b6821589c06deb65f97d0c1dfe48bcc70589f4eec2c6b9fe1c40b9526b819735d97fc22f62d750a", 0xbb}, {&(0x7f0000000280)="400c83054ba7d220f03d3fcd714b2b2695f47286f60c57787618d2000abbc989045ecc9434fc2b5646bcee16adb44e0b8540bf2f3091211ed33cd299469bddddf636058ee92287badb1d2ea131488a47b6d93a7c458cb45cafc0aa08035b2ec9216d32bed97f0b8c58865b54e64ed433fd", 0x71}, {&(0x7f0000000500)="c48e5f7c036f1e780d4f5bc36d57b863637911da21f3b25ee85dafe136819ff6947229479f00f556bc24b65d47e5739f98e1ae4d5b9880f9a38498385b53666f4584836885d428aae379126d165651cc9abb6c6062da4a809b4862c8859621166a3ec91d5e3e29af0c35e3c3af9c34db57ed0bee221a572875885341058f67ce9b959e9b5e3d3286f8de7c1716391b1c88623b62b774d04c204aa61125edd3a84f94457a75f7fb1adbe525232ef78b506a1aa3f135f8d2c9785e3af961371a9055e2352a5ad65991df8519e0", 0xcc}, {&(0x7f0000000300)="e98598c9bb10bfd62c3c8db61268e371f5f68518de5f6083087f558c0d5d693c2104feaefa8cb485d39e43dd2b70c0c4a9efb573bd59d9e4236f9d58771f681a81bdb3885e07e7ed9d323c78c3cdc7dbdf3f36befd8f12c97406ed92ef9dd1f8c918e8604bb870dd5e962fd14b374b0d5a6cae0a9816", 0x76}, {&(0x7f0000000400)="35a2b6369d75b53d3abdc30acebd", 0xe}, {&(0x7f0000000600)="bf20bb28ad5df3a1eed6b46bba1ae186c832a435f707463f014974054cc5ad668c5a271058cf04c52d8d13cfe4a2e90032cab6f9648036298af4f359d23e4523e56198ff0d54e23289e0c955787f71558ee376321c8316bc2b2e6b7a8483a360e61ee861aa20d36cd33cfc8e3bd789280f2efcd945c2e701ad8184168641f973a490af07a132ea471d94ecb13d34e0a212fef61febe8bc9dc9a6091b9e2df554ab7b2101cff0332d5c7625135fb5908f67cde28a3c55f9a61a0cba7a47ef91d7bda8deb7de984a12dfd15c9bd9803338101a6efad255c501c7f09a1abdb4", 0xde}, {&(0x7f0000000700)="3548c8d84e3d55cc450f0b6279e0bac5f8f3b96a0ae6da773b631e7226f95d09d6b4616f4279cc993ac679ec35442f3a838d13e111c16cb2c8f8a81d18023f36aa6925d5ee9bb96848e974fba282d21ceaa20c83f867e6747be8ab4fde466d986b250a60d4c5baadf37ac7817c22bf355278ef51daee9e9fe943a3a0f81abab857680c5332ed5585498da9a3348fd843aa", 0x91}], 0x8, 0x0, 0x0, 0x20004014}, {&(0x7f00000007c0)=@in6={0xa, 0x4e23, 0xad, @mcast2, 0x9}, 0x1c, &(0x7f0000001e40)=[{&(0x7f0000000800)="4c827f4b608289552b492324e4f2943850e3441b0017b809db7acfa9198c205a4ed14dab1ee6282eeeca612e19a5ccabdbdc446690d3d9ce17f19e92f72ec81de2dc9be11c7106bdc1ee2382516cc84c4a1aa64ffb9ec634514a9e92b205f9533b04c7d1c49136182497f069b37e13f99c4e35943c03959597b580f51d7bf1002c55f741ae67896880a7fe5055eec050f72baf580b72921ff0d125473b1e9e06831ab4005a525939b2a36822ed19de6516f00d92babf5d13e823", 0xba}, {&(0x7f00000008c0)="bf9d0e837eb8c137fe615ae2dff17b254c447bdc755355fdbd827fe3ed5c8d60149a72ef9efa4ed96f519b1c326abb27549a4ba54e8c9044b9cf647fdb314b980b773de77092a3b2018f301f3988bbb53c05f0442d4cd5c4e0f4dfe40ebf5540670950647f4ebea083ba19eff96330543a5f8d2d8acddce7f56f503e1cc63a73dc8ccd595c615bedd2cd4c72a8a0a5332a180f3b77c84d1f5152a8", 0x9b}, {&(0x7f0000000980)="426d3a286615f023c1ee29931bdfcd6c9f62a23827afb12ada307a22c67ff27a7ba50977ba13a808afdc2b956d533f9438d4b5c603dffeb1921b2e9ac2799b15f823aab3c118e7c5ca16bf6e50b0251aee208a5bf4d2c82ac063d43213ffab96228cf700b8dd52532b04e0b8ba1cbfd83078dd3969a7bd4532ad6c439095656d045c360db12ea56dfc7316c0c1b58d5782624eaf54db37886f497cf123b807d5773e1fbc80bf213738df22ff3cfdea003cab6cd131eadaea5a242f234e6572b2770c8f2ba38f2d71ef76bcfaae973c77cba973545ed6ad0cf762d413925c99c7e9c5d9b121", 0xe5}, {&(0x7f0000000a80)="e5c24b4280cc9050527a8739086da23d23a4f90ca53b2e5088c8f1e46592bac228cfa9a67df1f3e3c93402737949590c23d8a7326e95af77852b82fc86f8fd5d48c159a91091e120932072b45296580f9882b5faac5ef2d28c679cd2a8e07adfce0421ec5bb19c1d6765ebf6fedcbe37c069dcf3bf9a4fb8ccf419dd96f99a9aef519aec57abef144aa0a0f19c0712e6902f9a764f709db4f5ac69de66be9ffef39937d4c43793b5c2f31d8705dcddfe786f0536b192dbd492a00155336e8f38e2c1a3b5a4c62029c2901d85d371ccb3f1f73d35e860ccf29cfb497a54afa39c2159868a062e57edd7c4", 0xea}, {&(0x7f0000000b80)="19e3836fadf83bdd", 0x8}, {&(0x7f0000000bc0)="d8e043e544fdd0fce667b36f30c5c754ee3d60255770927e2e9e91b0c25cfedce95df1c521790046ef2434292cdfc4ea05c5cde22993de908709c4888b8cb04924303e53d7f89718aca792c02168f9dfcbbf8b0f2911c5d9443d30aae72d581b946fac400daff8b3fc6a50026c55ff9805b67fac0e1fa8c7fe1f56c9bc1b97de8ba18e510befff8026e9fdf8d38c06ee1a6f2c408c482375ca6973606c4a256bba53185a05450fc1c2bcc407ca8f05d588aa726dbd6470321a2234fa4d5f4d8cd86ca7dfa0eda2a814", 0xc9}, {&(0x7f0000000cc0)="e7d7adcaf51cfbf627fc984f9cb6f4b7b44f5d43b6ba90d66225c5f8b7d2b0f852a738fd6b7935b22212f4d54a8e9c161f6b9b5c4a0ed20239ae86e0f6856ebaf16bf3762c279098c07b8540466258d628379a3e930e", 0x56}, {&(0x7f0000000d40)="78a7ca5e509eceadac5d3a87552f23b0fc635b6b1f48828f9e923bf794f171725604ce0643037320c7037cf297859c2a85058f7a80ba251dbb2fe2a5a571ac1518fbaa9b9080b176787daa961ca9b5aeb0ec1b58f677f63e9ba58860f79be53ec9e2d197a7c6d4bbafff60138d14079a65fb2259ce1b6b8e82038c199c6bb33989a56b36241284f24d6ab98b2c086bf15d54a74478b67165bc61923c257d1b4d38443e363b0e90ace97cb4f1c463a6bb5e246211f12b9df0368f79be0ef992efc29687a136a34c62a463a8e456ac2ddd740c55285148ff69ef5c2ea9d4579c71c111e86e", 0xe4}, {&(0x7f0000000e40)="4eb2215e4f6796d7df17acff4ffcbc204dcd3f86172e7cc30750b46801e918fc9d49615dcfb093ce51b12b98c19c86872e7a9ff936d1d084d3539885b4f1a94eb0e68c6a0048a0f98a56da737cff7fe10f1491dc5c367dc99afb81ebf62ef0eaeae40f1e2005cac91ca79729492d40420d7554670888e1ca2eaef6dc408d1fa3d60285aa4d2edac4791d5969da5b3052606bf8239151e1ec00327ea7c9ec8f3dd48762cf4ca5ac95c4fe63eaa966cefab14a68ff29376d161ae9115012947a23c665556748bcd18b3af5ff435e8d04caab43c807567f166f95badf4b4c0ee9fe2af724a9e8eb4f86db123761f115970f96880f1dfcfcb1b172ec35cf11ec59128f6fc5e5d81c411500e2f32b0aa27cb0c09b3efacbf74736c481bfc1372d52a3f7fa9835a21225a4c09f9f501ff5a0cd4cfb8c17186087f5f316aae36a7295d82f67770b736c83f296c828e2135008c8b94c43d778d24bd9a81036d0f9ebba714c028bbe03ecce3d451f3bc74d4f0518228523a32c1be5af42c371f579e8fbeeef6bb0dcbd37ac91c6920962fb880faf41683d7d3f3e9f4c1b7dec60addecf501964e8ebbb17ee0b7205c1f9288411acf803690774bd51c1aec0a9ff7a2a1745732ff4ff1bd2ec1bc707056a46898bb8bf6bedb65fe4a210541dc697ea2461bf7aaaa4db956b87b1d590dd3819687a77812e843e46549e8810817e6d850499895c01429b4a0467a30fc6947a47c85ebfcff101020a56378f4d44202a661832299a3c5030bf2e9d0295e9e4d1b262cb43d9867456449ca5146656274187c2410371afa3706ec48d646aff6cd235b371fec88b9521dfcb08f5b4a7b0966476b1567bdbaa923f0fa92af0550f86ccb50b073e8c88a2ed7fb0d58efa883cb1654ba26183e2f254bfe937606e5c3392006f29688f65e6ad8dbc7fe55f17bd53a4d6c095ced23dc5df382aa2f5f168602dc0de65ab40452238e08806f3f0b727196efb9108218a0d3e876e6845e9f32cbb6c25bac796fd87fc9d1bc9bee345f8662c62bb45163be439a91b2eae87a1f31b76c22b73ce352d765787e35338a724a8a54effe3fdd0e4f2ea6387746b28d354fe4ad3c5006bd2b71b828d2117a60fc2eb252425584abfdce171844d887eb86be3de6c6244a6afd59d32bd743430df9c61f63afe305c41932381279db819561fd2d88c81cd9f6d1f75ff50a0ce7dbf8ec6016d8d706e3d21e108d7a8d2ba39e02672f2b9d6758a86456dacaf1646b41f590202d6c12bb5122370752e4ba7325232989eee9afa52dbb5dc4e0b51c7a527d89e91e09ad852318052470d412b0e5b6d900dd9a54b1011b8e13ad9c6eb531a9e0de1f16a4332f07626a841bb3d062c319081b5ac4ea5f3edc932d93b63db27a95c916aa45335338e64add320dfce07156ecaf9c2557a8486c4991a0e357fc26c9026145e894d1b82c98ca44c602b35559e5269eb718e36b498233173e552eb997279c8c41b3dbfd3e289928c5d2f9a7bab9011dbb72e61ed368f4be572a3192b5d89113dda11368773c39aac4e995a14e325be3d77b1e01c3302a60a3e1defa82fd9ce1d18a4d5c385c5e41a16461e4d95f26f907bc474b02f4df8d239d36b09c0af42e995a32788db569080c9a980623389762d05c85b2789c79d6fd26a7455a447425f08bedf3f1fdcbadd877b1726a02927017aa45a2734f9f7a4a5a2c0b2e86cb76be45ab93ca9364a6093a05f21dd996a9357c2e2c60420317e6da352cf931363a7000d8e2a4e378f0ccd634b5112ecf65052e1f1b273c3c5917384a4c8ab3c9d378735b2ae29ba8a836f623fa1d13c665980c22ea488bd7d5c73799a31e6a774f3f8b015a41cde0c259fa1bf11533910c64b17dbdb9da06dd884c45cfd36f0a74dbff1d77c1be417ecd88e1adc56d057476a5169bd6bc6fb42d1f63fa814c6228e21699c43a4a76dcede921c3a7cf4d939efd0bf5750a6dc8b29d8324372bb4bb94f57a6e6347cd5768aa4b6497623f3e9996b415a464f8bc160660b779d32b9d36f99ebdc4f267fb7c5f23d4ce12615e2cc2834de90bfaa379d164118942e9a953f9b8563feddccb2dd86c932a4a2422df66ba027e8594c9115b2fa6123b35b964969e5533c326bd8b1bfd6ea6e82ae5dfadcc26b78598956b2f53ce9e2f386cea3836243fa8004f09fcff135d584e2e94799ee93e9028175d789004c82c3a6aa8b7138544dca79bb63a0ab2bb29c53c298eb9dded6f6197000c64a1ba2bede64fb7fa63f8870c04da68cd9cac72fb2fdc744779c1536f34c6c9bfaaa026b2fe19486d3334a10135c6d074cddfb7db2941c571d3466d61b5320ca2b8eb445b8f477afa3a2e1e3333abbc454ddd4849602e8b044dc768062481aa4cf14d28760cefbcff2b51ee0fcd95abb7bee9c5b6f30844fb61fdef531bdd4b49a6c26b0432d86a2ebb9a475d9c07ebb64d70b03be155ab34bb4b1f6b00585499089e1e78bd7d11ef37b7e78da163b95142dea9ae1615ea5906f1bdaa13e4325147a32b0e1b61cda1ce247323711d1c91bdc1309f50073feaa973df225aa926081d9a18df0c64400d597ca3363141636abdee6ed57fd6c6e383c757e48e65eb5703f3f164354d02715eb166603e7d44c185d07980f3046ec3219024d0134d14b55850765673a3279f2a057a0b962afac3ccce669c4b0a3c22b5cf1c76c87d5073833856f70aa4432fc3a1273fbbaf4dfdc7ec8c40b040c528a40424fbcb7fe17c18bcd7bd156f3c02d60c08d6d3ad7348026e52acfcb1f658d5e7b1922ced099648fb5bfea919a20925bc74cc3104ff1ee1760ffe933fd46f93c6081000399b0fed69256bd0d6c009a8031876d3aaa3c9307acd5d1254213783acb093a3a7c460db15fa46d50fb4a81df969a9166308072f6a14792aedf50b9ada1f16ad42713e1af0aae9f349bf861a9740aa503315b93257be3bae632e527bdf016c578c61097cf924283a06752c2756fe057f9a5349fdec1ed733e3193928e449fbcb5dc1036fa508e67b2b4a8302c9a073ea103c2802b0ae94faed3210ddba3d81690ebb0f9be8f8d134f21db1678266a82cf278133ebcfd8310995e210d3302ce4fc813ffb7f3ca6290783b29213b0039c6344d8e289bb7f78989a6b5d4396b3dad9d5d1df8391140c6352f298d86e8e7690d51c775f0c675307e9b855f931e2a0e4db7b80a35d19f460e3a1e8db2094bbbbc7ee8dd35a2858a5beb1dc100193cf87df7950668f0da3ccf535c8961ac8e394f6f734a90dcfd5f29fb26960d5c858661bcbec98a6e5751850ca0a5d227bb2e8908beaecb3c8c3f9e8e7ad129f240f2a4dc1e5740c07bb8b042661a536cb2d000edb3d826973a4e145f8c1dd4f111f9a1fbaafd28ea2a390184d75d9c17bb08e7ef8ed4903458edab05f3f6e1fbfb2d101849c22b8fab094aea8b9d80f06ec2cc7968ee0ace68a80be5a188bf66f50e18597c07201132d0131abcd27393313b848999c02174bd76ff4b5cc9460b2386dae995eeaef22b9ab128d0bb4e44f158986119dc6ec55c4af267d4e89a0db154c980d4ffcce7d119839e5f2686c2c9d95c3b7f94867691e00b36ee12b2adc4cbad389795a4e2c7f4c66ec119c9d6ecea6bc609f36915ed9c231829343b03d96b32e5a86e968f8606f12320d31ac99d8a8570ae34d989018735f4a076bde237e4c988f627c4370d630f98268de9a0d5fba67e0c8924ade2dfe9e7d602caf7006aa471b8d9d27d6c3a02cc7d85877e0774f1b91b0511a205183e1d1fa16cb2b50d8a160a7f7f7a27a2ad31208b378c4c3e32c94aa180573e1e279d665a9efd57fb33d5e6520222f87f1d380cf886c4e69f6162575825f75515e94c33a12c6f6e9efc87e94ed917ffe8b1724e2669c9f533b302ec468d33ed08dcc2068ae8dfae0013a7fd02d53ffa5e68b3df575f423aa3dcdcbf91ed50087a77a4ab9239450291ed4bf3636ef9170a1b34581922fc63f9093b61234dac7c41ab8c32fa7507748a3789be3314a9dc22bb5ca5b02d226ce6ccfa5b99350bcff4a28682b3e134c7db323d7ad40668cf1fb14472528ff9ade453a2662bda59c1694e1d592697269953f33b84757a0eeaa223366147af59204fca17bc59b6cfcc863529527ad20d047931a082a56368f39a14eeb2f1d917d14e0648c4d5bc0bb9c62128025a8d888ef10a41209b720c0fee608da7c9b751cd68e8f7be1cf93c711cdea955d1e998be988b0c6f70325030569ac099dfb8d778568e7b5c897332059afea579202264e7055c0cd507d6284d37f3585f878b47a27a798c85f7d13de806341a4c8ece444042fd48e3dfa310202b8524871f257a70872b871c14e82c60065577fdae2456734ee2af1a001579473d6a7c37713f76601ceb51662cf870f4ce8a80354fbdde872667a1fa18811625539301bd0976bb1e2416b1d2015aa848da469f6734f054b55b2ceb480b1e925e87c80f27230d84010519fd3eed8b679b0dca5c7aac4b88c45325628652d93cd6cdb965fc7d446f8789e9dfe55c2e64e0298ec55570e400fc9ac6fc60990cc96eb95e57a5fbfb5374256f16da554954dbf9d6368072b0b7bc61da91c1809a557673d94c2edd5ff11db041a601711247686e63ba6206826de5027c88fadc03aad4a2dc1f30b0bc6e9319de96be656f044674c559a2fe74d342d6406fee982ac9bd053e4102c353a4d3b1a554a109c708260977c8c5a38e94097d1f14c5e53ce815218893ae6778198a3651def5a7440272140f71071050ed7673b4e8643b6cf2cf6d8259e79481e87254031733d76899809d084e93e65e894d0b600a2530fa61b2641eaeb89a21645dbe868e1e85b78ad3fa03fb09ac2a820e489ed8204397578a566a700c97deb86f815d810bcb6ea93179543c19ddb21c4ac9b764a3fbc4fd74a17e0117e56a81f5504d2d183ae2ce32bcc6a77e4d1294b76750e39c54642406ff20477e3fdbd107768996fb884066ebbb9d3bc6f0da546a4f60c45b74da05d18d4d26bc4b2e63abeb4b316eb6d7bd7105dade69be393b5fad6b0f3220617ef2a7027d136a50323c2bddfe8cd7c49bd68bae8412fc6c123d6ebe14c4e369f75ec0ca01a87e8b06ea87f87b9e4927327303d701c3c0cc5f2ed63326e6cbcf913a756c6ef88267f357fff04ae0357944f90377cee8b5d8d23b7face6e6e6f798b515c18f5dc950df1078828c2f1d6d6a7807ec0c4cdce0a4b3306da09e340f0eb84e664b7c49229a9ef9a9f4f528c49c2604e69fbfca7655dec72347a99cd183fcd47b01459088c030518b99660e941dc7cb40d536183a2fdd124b853826dd4155facbfdca8bc113a9c1649fd117bbff21c14baae3b9c890243ce91fe9c4b51724951189a90b6061ee541f462079e9ca3f5042a2a7904c1b0e72e7abca7b704666cf5d80ca6511bd50ceb445547b754d68d8dd92efd4220ca416cdaf8f172d4b1fbfd7cd5162fd79c28f14cf85e72ac265c28b3c183aec60095710f34791f3fbe54f2317b2803f5f78fd7ce18c45d016060fcf1f6d6d65aad9985feed30b0f264a37448a923c6abc83e0d45df0bdef2d922cee9732ec5d6a5c2f8d58715bf5729c00ab9a63c4f66adb050f5347d2367112c7bf6d6bcd26a91e53e21e20522b83f9b85ede3431a2f8b9e1ee672f02265220f5131ee7a419d5cba05bb0ca60704681d669f96f678c87ee63a05a1affb1a13b69f5d5a9f50ddf6c38a994e3687f36558c415842b272282181bdf4db486df69078d13b675b27ab3ba5b8c331f5776", 0x1000}], 0x9, &(0x7f0000001f00)=[@init={0x18, 0x84, 0x0, {0x5, 0x100000000, 0x2, 0xfff}}, @dstaddrv6={0x20, 0x84, 0x8, @mcast2}], 0x38, 0x40800}, {&(0x7f0000001f40)=@in6={0xa, 0x4e23, 0x2, @ipv4={[], [], @loopback}, 0xf63}, 0x1c, &(0x7f0000002180)=[{&(0x7f0000001f80)="d0c4fa2f93777369e985b44887faa2f5f64f1b02d8cd5fbbb9f0ce3fcaf11fdc4d2bd087ce289bdafa1c6a796ecb6a7a6e5b1f8bb67770e5e982b31f599315ab54dfe6c3e9715bde337e2449b1ba1988e788673027f5b302415410e2bf61f177370e68f26b7ffc3c08e991e9ec25399a72497718737840d13de7866d8d54e16aaeb77f27470e848732a5e5e2c8ace37daf84e7de2b6c6500c3fc84c043e8e19fe79ffa1b5721ecc8facd9062daecda804a54b3c2bf112b91840ff54c95781acdc5acb1b8a26dbe02b580cb73f2ed1c6133f39bc82a772c2320f53b6d0e826b3fe9fbdcf3b31579ef0939a8951836845b7c15d884404159b6bd9666c3d877de", 0xff}, {&(0x7f0000002080)="e282694ba3e9da5bbe87973ea2e2a2c5c925590d7b3519d0b32f052eb2a75c6245f30e7f1e7a91c5db12", 0x2a}, {&(0x7f00000020c0)="73b3dab9aab6cb6abba43b8844715f3e3e2b69599c60cda647811173ff18b806c2d1b1079a856c2022dec8ef337e2bd959463c7a98ac4ff9a8f9d02bdffb84bff2d7970b5ae8415657e9a26f8fd61dd52cff15bebfc2973eec997cf4cb4c9832d343d185689b75d35a2cf59dba6add6b3ba66f8ea08568bbcbad734d79f5c10c49b1131bf0f114f45659df0cb245df0e93c0e5d9a1a5032b5a1d232edbbe869b80f0d5fde2a61caf5c", 0xa9}], 0x3, &(0x7f0000002300)=[@dstaddrv6={0x20, 0x84, 0x8, @dev={0xfe, 0x80, [], 0x1f}}, @sndinfo={0x20, 0x84, 0x2, {0x1, 0x800c, 0x0, 0x100, r5}}, @prinfo={0x18, 0x84, 0x5, {0x30, 0x8}}, @dstaddrv6={0x20, 0x84, 0x8, @local}, @authinfo={0x18, 0x84, 0x6, {0x800}}, @sndinfo={0x20, 0x84, 0x2, {0xabc, 0x8008, 0x5, 0x0, r6}}, @init={0x18, 0x84, 0x0, {0x8001, 0x81, 0x10001, 0x1}}, @prinfo={0x18, 0x84, 0x5, {0x0, 0x9}}, @dstaddrv4={0x18, 0x84, 0x7, @multicast1}], 0xf8}, {&(0x7f0000002400)=@in={0x2, 0x4e22, @multicast1}, 0x10, &(0x7f00000025c0)=[{&(0x7f0000002440)="6941a390bb30a0f04a386ffd44f02ba3e20143524e326315a3a5b13086a6c421b3f125c7732af05d65264dbbf25b391c6025772f9e2ebecf09cc749799fe34feed8b2e2247be2c5bc469e82a5a63f8e0b39e6708a938d719c90c6425c656fafd4f94883b99369ab0ec48b482edc82adc58f5b672f837a08c17b60f00adffc0994454b99beedbb5bdc24ab118a05f2c2d6477829bdee8a541599c50f13aa88d2eefda5ac316a6e0c87d33ee564dd283869c7774dba508798d13e7d752d5a6ee3ec18cfc988d3d987fc2ade1ba0241dd7afe3ae14c", 0xd4}, {&(0x7f0000002540)="241538bbc419dbfa1933cfc984be7b4edcad8f3da54d058fe163cd4c9e51909ad810db6475eec8c645399eaf7a9f16adab79969bf7c0e558d26ee5356fdd546374341bbdd898bac486d0d79ffdbd2b9e9ebc133451b5ee6290cf273f9ebc35363a0f79413eac", 0x66}], 0x2, 0x0, 0x0, 0x80}, {&(0x7f0000002600)=@in6={0xa, 0x4e24, 0xfffffffffffffffd, @dev={0xfe, 0x80, [], 0xb}, 0x4}, 0x1c, &(0x7f0000002740)=[{&(0x7f0000002640)="2324ee88412cf8e31a669e84e746ef9e56c3ca4a56b421038de3eed0412e81c325b9f85548f6194dec8ffd091a683cd11906feac7cd972f53402a7517f5d4a", 0x3f}, {&(0x7f0000002680)="cd56967dbe0ab6382fbf14d72c7bbd650df186a92ea00d6da1063a213f94795775f7d6a31bc4905495b9b82dac91", 0x2e}, {&(0x7f00000026c0)="707c95b74e58e5f64446cbfa3e12818b4f12bd3dace11956d612b003c0c6e140b3df9c1e850fce910a5810417a2cdd426f6cf1a6f6b9fa3ef872e417b88dba8cd4dfaef13397380f2ef2628040ba8183cf3f98ea275eb02cb28f0fcb602117ee", 0x60}], 0x3, &(0x7f0000002780)=[@dstaddrv6={0x20, 0x84, 0x8, @mcast1}, @dstaddrv4={0x18, 0x84, 0x7, @empty}, @authinfo={0x18}], 0x50, 0x20000004}, {&(0x7f0000002800)=@in={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000002880)=[{&(0x7f0000002840)="01f3f8bd2ec7edf42f237194d0bea1753a81bea4e5ba97abbcfd1af45682767221ec57d09e944bec4548", 0x2a}], 0x1, &(0x7f00000028c0)=[@init={0x18, 0x84, 0x0, {0x56ba, 0x4, 0x26f, 0x1000}}], 0x18, 0x40040}, {&(0x7f0000002900)=@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10, &(0x7f0000002dc0)=[{&(0x7f0000002940)="86b91227c104f9fe438c37967754905a69301779354aeb50ad9862bbd1d4910295795171004b33913c253957010071865570732f71c0ae6073f45316d9fdd353ff6340a0de1b89f7e794a8195174651b638edfacb9ef07824be9f9048ecd0bd0e5e6b1a5a4b52648ca6c5f709e15523a510c6c61ba220635893564ad22e223ca07aca8429b29a6d569c01d3f81a06f00f077cfbc2cfc2cd0dc147b7e55f69f6e8f75df92eb7edba841ae9f7154c9bfadda87f6df7a052e7eca9df5f3c0a2922f668083ebccf580339ec08b14e3d3e600dba8d8d7212063da6c2b75c393898ef6de9a99d3cfd864cad56365a7ee8cd7c1c626cc346682091d1c1785223743a9", 0xff}, {&(0x7f0000002a40)="9e9f340d1f8a1932269362310e5fe6cda8b07d84ce4454f8ad3a235b43", 0x1d}, {&(0x7f0000002a80)="b2da9fee424199a3b1afa861d19a1cfeb6238b0749e00d15982e8c04a7c305b3bb3c299f8d04f6f1b35ecc122d9368d790bc5e43287b7e90c24827be156c5684ce73261164ff58ef04be95e263c5891292433d461696c45f24adc9830b96801c06ab733bad56474673118f3b38f9dcb8b068097c6a59b506dfa34f4f317a5901b949e8093f9c3ccdbb7137503597e0748d981fa60baf88ef", 0x98}, {&(0x7f0000002b40)="8cd9eea03c07379afb", 0x9}, {&(0x7f0000002b80)="62871c5270cf44be754ce30de3e4f37430b1edde97beceef330788659f6bdd7cdaa607ed13513d9036e76935d80365becd20946fdb8006e537ba9cf307f8439fdbbb6adcceef662def11f522aa8041767103c528ad1e54a8eec789759bbcc37f0912f58b6c328d6af9275915f4466955b1a296712c8accd835537e23c75606b9e4b4750ceb61b20d66c4a56d2a779331a6387ecda811b34c7afe51c057416c07b5263a9db7197f9d6dfe03be12621197baaad69226e5f93fdb83938e71d7", 0xbe}, {&(0x7f0000002c40)="b726ad3b096107f34c786b219c214b9a5d4d0e638f385d1d588e83937351ee5d203017b46b940939ad7238f08b8a8536d2493f43211a7e9119314e46eed61ce7603ee85bc72afb0c9dc259a13013332310aaff753ad7f167b8e70cb3b94eb39170338d4e98af46beef3385926f48f1f858fcfe8c81e1b370c8d2e8108044135d3f755d2f885a8edc1734a12185c2e194cf7b0d6ffe56e7b1dadeeba3dd1e010185e6980faef9fc80c6e8a9d87528eff4cca67e1a62102704ccf63279bf1bccbb59902249ee50f3a46aba012de5731d3f07ecb8b61b35cfab06f8b28db590c5583a9ab0dc08f781f52b7bd68e9b9664b5f04a95e018b5174f489df20054fb", 0xfe}, {&(0x7f0000002d40)="533763c101f7f6fe0f9bd751e568552d432a55fe0f14c3307518f9269212fef92a5f3bf6f70feed9b7d2ac0ef2e1b1a647ef2d20c119d7add4839defe4798af4672ca309aa2d11d4577864dcb235409529c1f4f2474702b811fe07f77859a734a0e6386f1790a2d0c164", 0x6a}], 0x7, &(0x7f0000002e40)=[@init={0x18, 0x84, 0x0, {0x1, 0x5, 0x8, 0xfffffffffffffffc}}], 0x18, 0x4000}, {&(0x7f0000002e80)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f0000005100)=[{&(0x7f0000002ec0)="371d", 0x2}, {&(0x7f0000002f00)="13b2302b1f432568b121ecddb4bdcc3394e7c1cf96514fb3ef647e57de9d2c04092b8815b5f10295fcb9b9cf58f3460e6d01cf36de7de9ec4fc86ca350d488ad405dc1f971844ed9a9e3bba71d4924e1a128a333ce2b02c81d6247cf30b0e6487ea01692521b9f77aa7bb7c76d82ae3fa95d923969aaac57dfdc7fc1309a374b7422d6f1de0bc91cca3a2e8b070b75d9689ea08f8c58394b7dc7d271ef43710d40990f131916a707eb43fe09acbe2f17db6be6e5af879f2360878e119c4985b1a562c950b699b1ec664265cb56fa3b937a23339a284213b7f442047570cd34e9315455d7c8fbcb74c44c74ed53d12b5e7241c8c94eb3e2e8f6a9d36e4ea2f36f73572e66c9dcf093f119a4c962183534586d54603e53663513b09726b5a624841ba19b7a1e4ae3c0e67cb21606245c1c388ebef75da6e95b91fa453bb00b630fe155124f7af1da2862adf7f5fddeb09fe1e27f47bc52191e55b753b9fe04faffbf8ccc8051cf2d87afb671f6c82d31ac3128788bbb410f6c1d289619d794867b36dcd65155356505e802266e12233ea206754fbc64fc4ad00883f04ac1d7b77cd11b2b552052b073e62da3db6970389d891728aaa97ecb9752812416bec40e77b5cd6c3ae164cf097797ea5013943f84c0403a1b351eeede30919863db6bbe6b09931d592d3b410ce1537dfa6d7fbb0da0030064c9a9ad72bbb37a95af6da9d832f6dfb8adc83dd650224cdc187cb4c7c7ebbb0b19ff1d85bdb20e9611a91bed4657744bd998fa9bd6f9e9063d4549f5467f18a9e972dd1880683b7b08b72464f47553eca3735353ebde2e6a9d054d6df75949d258aea40b7064e5151d9575c452110d9f8ae1bbca3f41950877ca388fe7815c63d2a1821ceb2d0d4f93f5323ad8b93d2d7dbdd60b25d7f8ee0d1ea3f47d0512b4ce3e22b5ce55a576429ad07f00c76fc140b3d5f3b4c32b0e94e6b959a5744efa81221aced62dfcd48c4fb8b73da0aa7bc649f57613094891996c03b7d44806d5e48dbcafe6f6591beb4be0b3a696321926ff3ab9185f1da06f51442609a923a9b16687bed3b4c56c3ddf8cfba7af171a7a71b198b5babd2653de84844319dc8e3f4cec9e5dde34e9269e2d592a903c72a4caec84c7227e64914c3d961179f19d8eec4feeddda6f59d3722e7a499b57e0a5b4e6a165f4568f4d331596a6bd3ea2a0855b49fdbe4c7d0c9175c0c426c013af48429525142e472e53cace31a6724bf3f117ce7bd6684aae9b4e533183fc7aaeb66269989e441474ef116ac996b19bd3671868066b12a8f9712e84498f558da5a9678563c64aa355f33ab261800e2b1359d12bab087c29128ee579e671f5a0caaeaaca844823c502bdfceadfb52c65bcd5b5139ea92320261fe73994ab995b0b4a93a5b10c656b3e29ede629f552971570cf433c09a9de7727cd154235ff43fb62da6dec778f2edd767c1613cf5ac09846090319d9d17bea61563a52af53bdf30f566335482f487e6522ed9a65ab719193a91c15608659cf4fb846292fd31ed8d0f830425bd5dcd88f7fce7e4aff208a5227a255df8906fcf60b488c8575eb6ade5cab6c499b64f9c1593cac8032da13cccd004834ab40f049411025a5f24ce3ee8dedc765dda68ff79194d24a2ce5ed8bcfe2d2d4194ccb985406e01d83540e26bb034634d5b0ae47de26de9362ad3c4ab5d7ea48db6838cab78cc46f1f990dce24116d4010f3f34a1eccfa42d4c8424dca96f89297b7bb34f7d5a31de2a92393e1dbea9797303fc914643fa75f689a2e0061fa5782a8050fa9edae99b7934beb64840667173ec43080728a903080661630b19be94c1b7e952db9b6bd4a200a8ebc1c0c626b6ae7ed192b825985384bafbe3c598f631a935e19c883cc7ed270cc4cc17b3200f6ab1375c2ef4cd88485608fcce407c812bb658b277e95647a923bebdc5c1206dce4817a4f616914b538567cba8aa133c102261a83cde8f3d7a5ff509522c7983c8d2ddf53891742813832dc6ac836beb019bd72da30292ad29ad32d35d628646680e12ffac31ebf24da6a70b8c292b1e2412307a24c9ea711f57fdfdbec188f0abb0299e83337ba138b249da0e8d68abe8f429e4f4ff7bd827ea4b663343ca60ca6cc9ec16c55b9b6113cfbe746fd3f91a26d4e5ef49435051201b3632745fbd89b3fc20b6dbdc4caed1d170f8c83902acdaaa966e47f31fa2f10e1b4f9bfaf4ed87b800d6fe22307f6bfa15bc53083918acf27add61cb59183de556f49bffaa144804542bed6649442400f89cb2511771d7829b8f8ef90d4e660cd7c437436a588377b9ef6d856fdc19b3f05b62e8ef03e3bbccdfeb52607c48eb9b202b9e9b1262413b5e8785a846a4e1c66f5a921688b457309825d361b5131631fc69d12973f998cf024304ab524c1768314602e615d8c29bc80380a2a023715dc025ef7aaa39a5fb3237f79badec37f280f98597f53fd13be8e25839e0118126405c57d1ab621d670997cddab0e4e8688384e8972a4fbd37edef0aac7ddcc40421c1caeedd880932cf156417250c8d99dac03ad33a353cc877a8d56d199112e84509c778475eb77a4a9b9487347f9a7d94691766a82d051242a528c469ad79a8cf25d60c35b9e34675536844fbf833f50c7cc6700b1ed6df3dc756aaf7fa6c416f0e363d6a89eebb349286ff6eb17116865908fb53bb6f1325b41f9618b7eb84c68219876de57663e2684ed71b782cb134165d47c103fed9781674bcb51b7109899f59fcc7c010863555be1bc7be0fe47278eb0cefccac00b8689aadcf1109ed3961b3c13e3d7db8a2594ed43807ff19f7d351ffad1be1e2c9b16561eba2f58a2efa8d4e6ad33509dd6d1a6bcd1dd83da9bc47696d828fb079ac44e787f3c835db19cb50a53d4f6969d9e1484324d8502d5cdfef011df23e0cb996837f130a3c6b63b0d69363c3cffbf35a0e2f637b2165adb5a07c6133bc69c673cc718fd5cdb15ed9d1d372192bd79e3089e8296bfe18a32ef0230aafc28fb8a3c975173e76695c2a4034074f9dab0a14057cc96b65099810d31805205cf337a229e07cccb0a2815de6830bbc360147f48ef202cd97e7cebb3234506053c5adb15714f0cf214d23c0718fc5582ab6ee6fb8d0b6041dcbeaa6dbd44a5ba0052e630c81c485c42bb5d3439057869b6e3dd866b7830155401240c7b4e9fa4da404b9bb2d13a31f35966e6461fe47307a5f59bc16cd7954e4b1011602c203cd3fa0cecf8ee34fd4977ae5bb62f64192037e479733af5c098bde0fe12967d9076cfa8c816bb472a8761cc78a28b7192465f445446fa7058b35e0fbb616649faca2543d3a1fb089cb7dcd7f611289d84d54379124a159f85942a9f5f42180aa071ad23abe66ac3d9dbfd3820c783c4d6ee7f3dfc8c5f2b11936942f647560dfb73680772da68fa1b07ec1005831cf7f6af887bee6998aea6129b9e7f613982dfedb2a1c5e3c7bbb9ccdbddae0fc17a6d5a73df2bd5f48f5cb9e03a3db9066a485f21d8957b34cf7631bf2280165b2f580328c2dc1be02eb1c2d24b136feff6aac5f8dd3e11e9307d7d76999aead2b4decb5f2ebd52349c4d73592de2f6860c7cf56ff0c0ec787d6f2e43ebdc8d623484922edbc868d9ec7b24d8287d5781ef70a0a9e1c16b83d8c857b3faf3e1ea7208b50bbceb4995ace7a8bc80c64960a99e2e5db5620e755213485c33f66894b7e6d19bccffa57f7ee2377c526dce3923a41e9991f1928798fc3731dfa9b3160fa03e0fc1a8dd34efc6aea9fc2831a7a6a5a187e874eebc03f1c7cf77ac2c83920cbaa908ea69111b1175e34717cb9758be9316c4420767f48abcff39bcb682cb3f58d1ba3f487a879d43ffcadfdfb9bea369e5af767c49dcf6f17c853d7e2dff44f900612f6111eb2010b3cd53016860ff8b7d4b60e4e8ab39d9d7b0b4442ab256bf4440cd5f3ec3aef9692abde0f1d7f138a6759f0d5f27b120b06146df4c09b7eadb6a7ecc4dba592ed9b1a821321c35d6785ea4e5b1352e37820c6182d0eaa6537d2f4d399b982dc97bbf7542808f4d4801a76ebd83c7a0400fa3c7e52ed3b14324f877cfe50ba05f586d942289d18be0dd88c4edd97cc85ae6d7089d335343db0213042c874831ba172ff23f31a6856fe6d7d864255e77277a229eb3a23aed04e5db2e6f5e14b650d78ad812767e5d32fd7da9e571add3ee4dd9583f681b2d020c290f57a6ed89b45b5f7bd5c0233ced7c7da1aa0c53639a7b1f9262a38fac22a6e13bd5a75a6f603472cc938b2873ac01723b985c2cf20d20b95070f95f0f87066cb4f8928ebed5785711eec60aa009600a24951af7908ad618397e5a5f316518d14a949cbbe1925bed1a4c499568d9c270e5b29cc4ec19505ac704518b1f5d98557a841362f80183957b51797aaf9e31bb40366a1816a46316aa47f75e5aac76bffaa35ad13afa6ef1994df1aac82034e5e5f04c5539e44a35fbf6570e64b9bca6f19dda55a1a182632f898ca3f3edbdc47e8805509fe4b40a10dcb2395c912cd2216d110c0733a8416cfe5d40684bba48eaa4c1725c1383cdf36dca5d4ff9fefd22296453e54f40bba792630d39c694febb97f0a324bb94041391e461614caf245bd59ad2010d97a45039094931340a1bcff7d999223fd7e09e502698e31db5ebdc4cb36ea2d5543884e7c8b8f2264b49731ced1c4abe0e340e94ba056272c4a0529e1cb73a8f55b6f7f23dfec816148f4d947093ad5d17986c484c8e8e683af2d2f79dbcd49fe6a35b2f6550179da9f93963304c3cd0b138daa603d039f4dffe1a7ffa19127fce20f79b1fe997002115cc59ca0bf2ea5bb4d1e557a994a48bb3b132aaa6831396f3572e128ce4dd18618ca2d3098d23ade3e6ff7433f7701c0bfe1a2132191ba42a4d916bff825d389b8fa434b14d16d66f279ad20f848d443117cfb062d1b58117f07d3f553d2d82c3ebfba62daecb264958dbe5a7e93cda982a43df215e3beb864444386ad148248788813411f97c2f3557f373f74d170f398a2e0c90e9fac9aff315cf83cae09a5fd14dfa865cefaead78ed03f5bafe505ba01a0977d1a61e890acfb8f6f3dff0654a5ff28052b6aee7199b81e9206ff84f65f5eee0f3e1cfe32bf770c03b90db768a2f2490c9f5583713558e75d71e0a5df2ccf1ef21b528c326a0b0a4d99afe049335768aa4e997079f52fb514eb0d26caa6914ab9d4dd875011a7abf82571470664df696c0d36d5df7a8b932ea7d3293e6a005cc0a10b92934607923d1282c5d42683337d77d324e7244efc6abf91c323ee9766fabbc0870bd18459b2fb97229216425ea471beb7c0e488ba30ffad47360c55147ce302e55d2e47ed994a70158212f937e061246fb62f77e94fbfd1b45f4998e3c45a1be9c34b533dc42085ff9de4ca069a36dc8bd1dbd721f7dc9ddbd8835a1dfd59dab563fdbfa3cbb4ffd0cf290be2e3366aa311bee301943a2034c3be431f48de95aff2123e4b21d2b8bc8473e8e101fcac16e34528f53ddf07bb7c33d9dc6651d2ddd1fdb0e819c23677e7ae0e83cad30ea3658e0a613179e3a51a3b0edb01af99f8ff9dc50c368623f20001afcc209b4e544bd4da80927bd49e7680409cb35a677c98d5df9d0cf93776cf616ed429cbc4993d03831b318b12647dc3c8245b7a69e29ea912d87c7cc0ee98c09f5685a0770d95614c2da3fbb6d235ccc0ba8fddd0f42aa20d47081285c601534cede6b7c1415544617754ab1b2ff734262ad99aa3d938dcef600f234", 0x1000}, {&(0x7f0000003f00)="294bdb521b11e53607c4b869873a77c98eaf711f2484b83b5c13b04cff8cc8b82f634faafce603312583e47996e7284fd1b21c691eecef755459016267298ccd70f62a71bd1fb2f2951a32ca2d6515f754ce780be97ab48303d65a34774f4c04bdc4fab614cba5cb22d1c97fec7f07988457bae2cbbaf40510d799f3070385b095304067c9e1b92a7bc6713360b2a415eefaefa3d898113c2e0de4990333d3168c94d3c08ede8b1e1cd2d0efdaf16938e8050ff7c57f6f3381dd0b4e16b5ba7d53c7262e4fad3e7ce5e27c379938b852a1b592b6337c71f4d1d34531542bd3705362cb7c6a3b07eb64", 0xe9}, {&(0x7f0000004000)="b4bb42011a00d9ef25a64975ce6ae99e760ff468a6793a2acbf9afd87d94a1f90f67d7946099f7985a8ccefd7ca2f472dbb05cdcef78f68d0aa19200c70023aa2172ec8e0a763280d951b9e8affe178b7aef0958e250b82fb0194fe6f3e954ff7dac1e265bac3bcc2f59546726715d3a2927436297bd71e5d3a79772f52253231234d882a69c9a98616b0a81c65f8c187df8719857b28a208dfcd6e3362a1a3bf6543e6ae18abd2ac1c802dc0f2ee49dbe29fae3a4ff1aba6547cd64cc82ebd415baf611b453faf1ed6cfe672c9d6ef456586c492124b33fe1fbd750da94f4a98868586a6a04e120cedea71acca94ade77b939d34e63be479c783abf9ddbfb027a3b94d77a1e9872f433c864e43523536520b258ee5c9d9538b87682a682839ac4beeb30eaeb31e0c8f5e44006045b6e08f8f3e189c9f3fe0834e2e2c056e2afdfff0d28e79875d49c4c4cb3d538814b068287205ce8e2ae95efa600002548c93d79624bbb8fea626c43a71eddf4dc89982896487137fe57dd14905b2cdfdbe475a0f1d21109dd966a8be2f486a56f52afdaed07e6f647967e659c3004aad92300a548434b731ca80d7c722a3c378c81658321ae600cfb7a4973bb97f741f81103d4204eb11c0a033419cad03a26b7622462bfb3d6ae090fbc93372138f51d5b735ef1f0a1db067ef9d600e8277387fcac0e18ee9aaa6baa01870923e13eddab911bcf27ce3e0697dfadb469cc8175fe364e52206c4dde26507f52e437b524fd44cf589a5efd546214a7ecf75fb2d099507f3b3ef8111a818e0771ca22823cf5a7c14a94971c7f267b7a28b4b6068736dbb270608ab314e00fa338b006952635074983a22135d70754de64746be9c3bed831e108c5f5bab65c1b1b24b27eedebf070bdf6e168cf59e3ac120cfe2051b795d17ce04a0796e738fd8ca9f5a95090c49c68f77e187621e8384d4c2e1c35531209fe2b9303a2ccc25c63661491370a2e83a97c5a9cd92ad39ddbe209547c22384636b70c2302ddaacc8cc0f38d4ac997fde5655070466b7ac714fd80c50e9a54e5f748a22cfc937bd0b9361241af7e50eb78fa7858d52c7303631951c5db9cd48bfe7427e8f86bdeac1280ecb7568ab92c600673663ecc924ee67e81a5aa7a55b01979be113d355decf7c68c545b5901a8e9a543da31e85f35213e746d61b3afe09499f756631b9eb639c58fb20802726f8aea7e23250913d8081ce52ae88c56b9a171ffbeca0fc0cb600bf6ee84887dc462ccf4f6d683ab405b21280eedf6e3e35146bfd467d88dc68fd262e0d030b6a2fa6478c0db333484b062e176f557134cbdc5e061c70b108e394d7176e672cd7554b9ba7e660e0f6a7a405af01acf33c4cb1ab459f3b63f64f908c1e538f2c3291947c1e9ba6c698cc0136562dffaa38505cb5c9707c5d016f719a75ae80e409c2942bbbed40910eefaf66e9fc31401729ad80773d21ea02f9b5a5b4ad6de70f4dab09131eb2c85a97d4ca7a31a7bed78e036b57d75fb5fca701e749e011ed946a0ba55c590360c5ed41f3a145008671a968450ae84326f6958037c5118f2cf7f0862d7feed42c9531f064704b13e50c590f6385d49768865bd3fd20a272d5bae53006f5321dfb7acc3c0bec788d507b8035bdd0e77648a1d0a7ea4650395b72e77e9623ffbe252b57a46d8ea17ace3270285178da0ebd76c34b7f708acfca096eedefbb7681bea7502a4373535bea4af7e1aaf7434c22a2b8e2dbf48db0b3ff0bbad8383b2d7625170f729139ccdc43f0a644f58d1f269f636b5bcb6f3a4960c7d84e4d2b8effd1d622536ddaefb173ec7bc455d8a976674540f88a5aaf197abeff574e09ea6bc7c11a5afd86c0f25a7ace7d3930f96f9126970d9f16cb278d2de30a6fbe9efc274c7f0e382395503d08e43e652590c06c595e761e993a1f3df140fdc25daf835d383aac858edec7ecdf32f4acf6accefdbd40bbd9d8e6a6bb0cb045d772adcc56ee43fe57c857cdd74281212ac897eccaf734f1419208a7df15d46350ef6d799ac5c7eec0518b3764cc86f3fc65a9a988b7b09f8e1ec891c6d1281a83c96b4c3df891ae1df9503b54208ed9dc6c728e74b80f993bbbdb283077c721185f8e003854db73cad3ebfee91377a81ea5b3f9df124d3d7f943536fbea482242b8c05761a59182cb10d06f054d25de5abdec87d366bd49c1c507b706bf7823aac6c9a01e1b5afffa375ddb663c6a34e6896dd0ab584d38ae7ca2f393fef6dd18d007922ba25cfd3b9eb10387e9e3ac8adc1b906b98e6f4bcb9079f22c134a02bb5c6afa01bc038624fd94138eb71c83af447b28d12edef49f375ee1597e856136fcef756c277bafd8187ce24be78081d27389a6358c58dde69a5ec37e2f7ed8a3e395dda0ceae63652187a41475aef4ba406641f2afd9d004f7e7327eaf9f6d2d0824edb891c20ea9203d4eac634adff2b21e19801e5b24090df1b209437741bea57fd5aa0b3ec11b91c56a8662598189e982fd0e04f11c3f42f6ee667a9aba7dcdaef51838fdbdeea5267a7244bb10c5166372abd25020d9adae9ddf33cd154ec7c93d80dba20ad1dbf42bee86a6f76f6f96c6900f74f7daaeb4cd71104927013ff92f7badade626b58f6f43a33ec6a2806a705970e185c75d821cb503820d819cbfd769dfc44cf9c6a8b7b9e958a88d53c2df4f1044a93016953f03832cfc215601f73a76ddb761af5d058d41511971ccf502dedd016c1b8b914ec07c8e7c6ac235fe6e2570db173b9e2f52c215d031afea5b72883097f7071566b92452d4cfb2763ac59d7831bef176b525aefa6fd7f9f800c1c34f609d138cee1ab0c0c209ce788dfebf04d8a986ea66da1c5524ca3d722e49fa2058e1a50eb7c8cd97687860832e598df0f634f2b842b6d6ba6015176539702130dfaa78c1938cf4ecf8a679da43fbc5b430b6dd63f0a5cdd094dd76ae14be7a6e5ec8845efca760972cef4f721c13474b21359a9d4604ec92348341dceb534e84a62a7a254e14c6c76952a8f685c9719c9393ce4ed6ef13e82deb4a1af6423e7be19c753713af3c2404142755a494fe10e71e0eccf805a6d29492ff61b67b0d00c58290e89cf4fb12df19ebefaf27adb1ba582bc310edfa453b3e24c9ef8dde713c6c902dcb429cc4d12c9caaec17750f54958b1ba31ed5a702184ada4769a39117691cd2cf33ab10306bc76e65273d73287819f6d8d59b3293359375ad1a579dea720849699559f4f9075f1a12fdf75e857a684a232c77c151a8dea276de325ef5ee1c2537f15544e76939041dcb3330daffe7c76ef7d7d4deabc5935b6257eabd3da78f6d341d0e8f3a5c4c5920fd3b89ef8defe55e01e12016724d812105648b642b8803c19fa60f013136f423510b734c51f49892cfd68d80b61aa15719927641426b2e09bc2936f4b5889ad1e4484dbc91a0259a56339474abeee5b308f5eb95d3db3e094fced3d38c2fdc6428f4277b11002c3f33c1b55f845b481f09337818da4879136f07c6d8fdfb32ce512b6a021448e7b59a455124ef7bf9fd5b1e406b2acb1e274bd1c958194214be475bf2c6c6225f1085c481fd60ca4d4229a98fb30a67b65563189d566b92e4d38a32b52511379c2cab2a26a8f2ba8c9b2e8f558c8fcf03477f4b91041f19671356641ce664d14be5ebc51ce16139c6e11b93cdee8cd6e21eb899ddad2352911b662f9344280d698a8941d8ccac8b955340561c2ffe45b8b2f669598199a0a60e11fb997d1d6e3fda7cffbb26676ba7165430b6ec0ee5818c7fc87c065bf916660c4a4853a53211fcda5006ada3ca4614404310d11b8d4886318223e3e6c8012cfe2a2b853319e02a9b845115b077832be9cf1fa2a05f14f2079c145e560924babc9dc74767b0378dfb9df310f3f33e704933c8df3928f723da9f5a7979940ff80d433d4e3823d1c5f9df64c8bad0bd22be0cdd83af63175b2365de6cec10f1fbf4e302bb771a55b19a9f56c11f5a1fc244c69e4653dd7939f07c57c353ded102aa8224e0a733eed9ef8164dcdf67820ba56dce38b83305f6f51c30e350c6610354440ce6e464ab7d514ccf7123d06de8b950a29b8e92a2c37e824938e6bf898cb1c6d0857921722f7448123823107ed96d06eab5a3545f951e6368f52b8437db462e309eb47cdc58615e734299b75b6d51ca88f0e312662e0a698b63f9fcea444fc9329ec000ec4a675198953068e90690898f570e37db7fd0aa86834ca59bd4375c1c709738f2e4c8941dca79f7603e4d33de09b395baf4b73291a9988dc523b997ef5a805fc24d576e1305675e4718edf8d9102a762c2193cdb3f0f89734e617e687ee84dba24a1dd8c562c8352ffb2e6cfcdc03f12dc4b9607854bd522970eeaec9b28e3b92147e42a0463e4ddb2d20eaee4facc65a39abb8da7d1ef425ca679834945b18438abb771990ad9d098bade3f8164e9bb90f95eea33b0307a4f71b6e76b3d32abe4deda52b3bf2735ab71b06525f557c69f17a054d31528b23d43e89ed4e87ee3a4b5a3a44ca2ff266526e131cbc74969b95f23f0b97942bd2c29de40eb1fd4d9cf06fe33537ee8f4f2b9a6cf830e378b3e3b3c1d23236d777fa022907acc54d11577f8bd1edeef3bbef04ed492a5618c571ac459a79c48f5e6d899587833cc4929445bde03473dfa20566ca680ae7c8e5f3d07b51facd698b4643197d0c2a0ba0c8a6e5e263687bc21db63788284e99cdaae731361b6becefec98f6b4638d3b7e2961ac716b47fbc373a4b68d03da865f6cb4d8bb1adb4e45e9715e3926727e8b53190f81954edc17e4d7441be4f8727466f099e406a19f98fd6faf9e6f31a34c53aeecb0c39522cae8beb9b4ca914c63afca44687f1ac475053a40e7fa9243565873dfe12c98d597c9420cc2a6828ce42f688a1e949090f5ba967afa01201f14ede1c2b02e6801148b133f809c43a0101b73b91c1cf6781b00f16af1725255a8272bc5faf642b4b1e401ecdfaa0125e22fbbe781fd7225ce021d358bfda7327126cf2087343020fdaf3711856a96a3f29dfdd020d9315d24f2cf9868290bd4124d4468108262b7701ccfd2708c43068a70732c682e08034ff97ad2a71f60407d963e05fcb013cc2b3d1f77ff67f94830355cf3550af90d1e7c0a93110e629cd4b7dac8de2379226633e14a6e639d9fa01e21cc00792c83c32eca5e33a0bf9bbc913fb5fcac3bd09bc76a6b8ca2605f6706b426406d15bf93b997886c42052361e2f16b8ba7ccf6f296f0288f94c1ec7d01114d5c0021be9ffe6177a11dbec6179fa7811bcc329a1ca39e8f91489cd92faadb84fdb3360cf92ff989f353c601eefdc19ff40e8f502f370644ca47efbc47232d79f64c826689ef6dee3b66983b703c6a00b2b0efd8783d163af1ff9443c86466dab81c6002e29a9445c283b73393628033080f688089bf5ec8c94ca2beb7c60e179b4659d9b27246d77f36d9555d0afc441a5722c4f354e6c4fdfe3826b12adbd97ec03f713ab4d2a6fb3b2b8bdc76f33c28c9ea9b128446739ef8d64790a4322cc3ac8c0568aa4c5f57996e3d684603043069f4eea17965538782398d45a4c376d068992bbc33bd1ecf1adedf89c9b326928869d932376f248b47c9649015baad8566f511df63f4294f02124c40961192e2abdc38a276437d5b9990322d07398b88bc6bcb978b533dfec2ebe92ddd968b4793d600f5b8e9ae5384a02ab1b8412a1e0fd305566977ee3e5d8b4515ba020fa58f22192fcbfc2f94bdf37d", 0x1000}, {&(0x7f0000005000)="88954341e5930fb8103b121fa830a9261609211e748ef5da15e20623c74f071c9d4ffe8784817a2a503a1ca24be6e38b090ddefb0bbdb35f2681805bbc8519f27d428c7df1c7118972c1a531a94d814b630eaee13c2171c5581091de1e28da46141659270e8ee21daf9daacde995d50d43ae2563fd21387cbdeb9b9ff9aedb726c32396d44e71c4c0d73e7c2b72384a9bf26e334c468dbaabd85c9630f15e5bc09318b9687553ccb8032eee49d1b6add98d1ff895c44c0ae638deda2b26b6263110c0f2e9f676d", 0xc7}], 0x5, &(0x7f0000005180)=[@dstaddrv6={0x20, 0x84, 0x8, @initdev={0xfe, 0x88, [], 0x0, 0x0}}], 0x20, 0x8000}], 0x8, 0x10) [ 2545.329522][ T2877] binder: 2872:2877 got reply transaction with no transaction stack 19:21:07 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2545.376811][ T2877] binder: 2872:2877 transaction failed 29201/-71, size 96-12288 line 2899 [ 2545.404113][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2545.456180][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2545.481642][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2545.487905][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2545.493830][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2545.499634][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:21:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406302, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:07 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc200000000000000]}) 19:21:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00]}) 19:21:08 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0010141]}) [ 2545.722716][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2545.728668][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2545.804106][ T3014] binder: 3012:3014 got transaction with invalid offset (7, min 0 max 0) or object. [ 2545.822339][ T3015] binder: 3006:3015 unknown command 1077961474 [ 2545.841807][ T3014] binder: 3012:3014 transaction failed 29201/-22, size 0-12288 line 3241 [ 2545.870317][ T3015] binder: 3006:3015 ioctl c0306201 20000040 returned -22 [ 2545.899574][T14773] binder_thread_release: 17 callbacks suppressed [ 2545.899585][T14773] binder: release 3018:3019 transaction 1907 out, still active 19:21:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406303, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:08 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000005b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=[{0x18, 0x29, 0x4, '$'}], 0x18}}], 0x1, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00634040005dadf5e8000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000600e5659d9b92719254ab284d5dd1e97b0985fb7956fa329abff1bcd86c1655aa855fc358cb5785d107733b6a78449a4688e5c6f4c801dc5"], 0x0, 0x0, 0x0}) [ 2545.964977][T14773] binder_release_work: 19 callbacks suppressed [ 2545.964983][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2546.013875][T14773] binder: release 3018:3021 transaction 1908 out, still active [ 2546.047400][ T3234] binder: 3232:3234 unknown command 1077961475 [ 2546.061007][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2546.086111][ T3267] binder_transaction: 10 callbacks suppressed [ 2546.086122][ T3267] binder: 3261:3267 got transaction to invalid handle [ 2546.091620][ T3234] binder: 3232:3234 ioctl c0306201 20000040 returned -22 19:21:08 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xa]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:08 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0011022]}) 19:21:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce00000000000000]}) [ 2546.148302][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2546.169476][T14773] binder: send failed reply for transaction 1907, target dead [ 2546.186389][T14773] binder: send failed reply for transaction 1908, target dead 19:21:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x0}) [ 2546.238147][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2546.254901][ T3282] binder: 3281:3282 got transaction with invalid offset (10, min 0 max 0) or object. 19:21:08 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd90]}) 19:21:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406304, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2546.361581][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2546.362127][ T3286] kvm_set_msr_common: 20 callbacks suppressed [ 2546.362143][ T3286] kvm [3284]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x22 [ 2546.367627][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2546.496062][ T3329] kvm [3284]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x22 [ 2546.505475][ T3321] binder: 3299:3321 unknown command 1077961476 [ 2546.517167][ T3293] kvm [3291]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x90 19:21:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x400) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:21:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd004000000000000]}) [ 2546.565398][ T3321] binder: 3299:3321 ioctl c0306201 20000040 returned -22 19:21:09 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc001102a]}) [ 2546.710392][T26388] binder: undelivered TRANSACTION_ERROR: 29189 [ 2546.719290][T26388] binder: undelivered TRANSACTION_ERROR: 29189 [ 2546.739478][ T3487] kvm [3477]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:21:09 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x12]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406305, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000080)=@v2={0xc78bfde2339d45ec, 0x3, 0x1, 0x811b, 0x54, "3bbcf164e8c40a1201d3337f2af444cac7407e60983092d206a27e73ae1f58b8d66da83e90e1714dd3f28fc615dce3f2e2e8043735a778177d951c010b92c89778377537b4ae56a77a9f0a3d2151b5306d2efa42"}, 0x5e, 0x1) [ 2546.784874][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:21:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xda0]}) [ 2546.912095][ T3531] binder: 3528:3531 unknown command 1077961477 [ 2546.945960][ T3536] binder: 3534:3536 got transaction with invalid offset (18, min 0 max 0) or object. [ 2546.968475][ T3539] binder_alloc: 3534: binder_alloc_buf size 8 failed, no address space [ 2546.974490][ T3531] binder: 3528:3531 ioctl c0306201 20000040 returned -22 19:21:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd901000000000000]}) [ 2547.040374][T26388] binder: undelivered TRANSACTION_ERROR: 29189 [ 2547.071471][ T3542] kvm [3541]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0xa0 19:21:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406306, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2547.085537][ T3539] binder_alloc: allocated: 12288 (num: 1 largest: 12288), free: 0 (num: 0 largest: 0) 19:21:09 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc001102c]}) 19:21:09 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x448080, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, r1, 0xc, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x1b}}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x4}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xc60}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x40001) [ 2547.222400][ T3612] binder: 3608:3612 unknown command 1077961478 [ 2547.252241][ T3612] binder: 3608:3612 ioctl c0306201 20000040 returned -22 19:21:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406307, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:09 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x30]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2547.388829][ T3735] kvm [3678]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x2c 19:21:09 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100]}) 19:21:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe006000000000000]}) 19:21:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000000c0)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040)="4b2ccb79196e1ab6abf92406154ec93917083fdc18c761e88c54eb64c6f49ff3732126dc61aa217f8dd336ed82de6b00ab21d261b8e25ab2fdb75a001072631b37e7f729d3b40a32", 0x48, r0}, 0x68) r1 = mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000004, 0x1050, r0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000140)={r1}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2547.505517][ T3777] kvm [3678]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x2c [ 2547.537518][ T3781] binder: 3780:3781 got transaction with invalid offset (48, min 0 max 0) or object. [ 2547.551792][ T3785] binder: 3774:3785 unknown command 1077961479 [ 2547.584724][ T3782] kvm [3779]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2547.610795][ T3787] kvm [3786]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2547.619867][ T3785] binder: 3774:3785 ioctl c0306201 20000040 returned -22 19:21:10 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1000000]}) [ 2547.642383][ T3789] binder_alloc: 3780: binder_alloc_buf size 8 failed, no address space [ 2547.677486][ T3789] binder_alloc: allocated: 12288 (num: 1 largest: 12288), free: 0 (num: 0 largest: 0) 19:21:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x4040630a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff02000000000000]}) [ 2547.888343][ T3977] binder: 3976:3977 unknown command 1077961482 [ 2547.905321][ T3911] kvm [3889]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:21:10 executing program 1: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x40, 0x0, 0xf82055efa15ff4ba) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget(0x2, 0x1000, 0xa08, &(0x7f0000ffe000/0x1000)=nil) stat(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r0, &(0x7f0000001b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000000)='./file0/file0\x00', &(0x7f00000007c0)) fsetxattr$trusted_overlay_nlink(r0, &(0x7f00000002c0)='trusted.overlay.nlink\x00', &(0x7f0000000340)={'U-'}, 0x11, 0x6) gettid() getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000000540)) r5 = getpgid(0x0) shmctl$IPC_SET(r2, 0x1, &(0x7f0000000840)={{0x10000, r3, r4, 0x0, r4}, 0xb8fb, 0xffc, 0xffffffffffffffff, 0x8000, 0x0, r5, 0x81}) r6 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x400000000002, 0x8000000002000) ioctl$TIOCSCTTY(r0, 0x540e, 0x0) sendmsg(r0, &(0x7f0000001b40)={&(0x7f00000003c0)=@in={0x2, 0x4e24, @multicast1}, 0x80, &(0x7f0000001a00)=[{&(0x7f00000019c0)="c99d74", 0x3}], 0x1}, 0x40000) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f00000001c0)="2d41d358b8261e7d73e3e48511a08593", 0x10) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000080)={[0x0, 0x4c00], 0x2, 0x400, 0x2}) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x8, 0x0, 0xe, 0xd00, 0x7f, 0x2, 0xfffffffffffffff8, 0x0, 0x0, 0x8001, 0x4, 0x9e6d, 0x73d9, 0x5c97, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x5, 0x0, 0x400000000, 0xffffffffffffffff, 0x4, 0x6, 0xfff, 0x4, 0x0, 0x200, 0x0, 0x80000000, 0x6, @perf_bp={0x0, 0x8}, 0x100, 0x1ff, 0x5, 0x6, 0x0, 0x8880, 0xc1f}, 0x0, 0xe, r1, 0x0) add_key(&(0x7f0000000280)='id_legacy\x00', &(0x7f0000000380)={'syz', 0x2}, &(0x7f0000001c00)="b9f36a952e4a0cad0746243745506fdf775417b78a0d2a0384780c896061dd994f0e090541c8e0cf930b3f82090e2a3be47a24ff4129c5c2be5fa976436f90f40f094c466dd769952803b44898149945a731e818d4776ddc192df4b10aab72b579cc28ecf0c5526f975fddbb52f587bd162a64be0dea40a1e7647ca10bda225e7eb325f5afc8df68df7ebfd39301189fec293270c90689e97e885399b71944b74b840263c01f1f99c07133ddc9a415c9e9cc9d3839ddb81f56ca3c7edf2fa4c47365874361b193de750424a90f5329b236c4c9e27d88f4f629be96ce03b1dced66af644cfc550285207a47afccfe0ddb40aa054fa5639b665cd9447440ee9a3fb8bc9ba650dee3763f7a5a2dd569c5a9807cf2e4a8c927c3e95f27a2e721e759766a2ea4820b553988b9d9665768338aa701fba1d16113e37162f042b7c804f4a4b1715a700369683664679d58deccfb53b7b2d798f6a356f4e2ddb1586fbbe514de2dded4b886e898ebde8255e7fb24019d127a628c27eed86465f5dc287471cc099edf12895d02fd57be03fa4b29dd0040131d8cdbc784c481fc0373fa20e230443554d706e83465c9ede5f035f821fd09c6de1412740afa3965cb40f3ab416a7b0c32c0a15111a073ea49bdefe82c1589548d375b0c2e2d91f560ae313b56a3144489fab7e82ef8a67d3e5ffcb1877b2fbd6c346c1a6b863fb8755ad94254ad9bd288ff3856dee757db0f903d2ed0b95141a9117e74d8208c460478ca5d07979ca3559a9c3e5a0c72aea808f60f696250cae7e232115bc90bc005892a609a48ba12b10432114f5bdd6b40e90e08c0ad1d9361b5530aee41c5c292bb7f2686eebd4ce122a4a4ab9c18192301c74f333a2c95b7ecfebc0a61a5753fe433814b330ba25442435bbbfa17e76f03076459ebf008e009d74c1b61a6cd01738b3f39e64d8681f5f571f08779ca94170d3fc813195d09cc44e202625a7bf89163ea71ed26f5b7a366820b69d8f5b7c0c7b0c16cce39191d004339761d14f623df4d66e03a7f035617c4ecadec648961c7d02780d5840d9084a166b74b3f3458a4b3fc0b7d927d8c5405dbddb91c821a6fa32b214bd30c66b757aca924d5bb3e3501a1354095a35ba55ce9dc45365657a17c93cc607e21dd8e936818a241b25ae5e37619c79cc73de5b832d510ba8c039605a1444d0ab8149f986d29a051ac2f834dc07d49c3e33f99ca4a699bf398fb8128a703e0a2f5aa49688e0bc4bb0144e920c59d69d018c3423844c43b0bcca718be284c2ead73b65627cd1dea599e3808fc090a5d4b79e372408280c84326e03f8693f198241e77994c65d2652a2203d3f354a641f832c1522d7bed41ddd0df8c88ec0f00a05843ca555a6fcfcdd2e035397ccb0aae4ca37b02409035200f414dbd4ea6f3580bdf1e9c896daaf0d88382aa016cb52a5c1479b9072fa531306a50c6b105d25ba690005e001442845c75c5b10da62e7d94adb7c9f820946d93aa2661162a89cecdff67d48a7bd2a5e58892f71fa710ea79d9c5bd8b0e96e1a0af0b6c5ea6d733d03457513e718e86146646ebb33d17d609f06b7e7fc404afe2e95d530612bff3d461b471ead6b0a06b635989c043a6363c92e9a47401ba6cc4f7545283156850b34bd49d014f854095f608b206e35fe0b1a6c7a683aa882b43ac40c9a9269dbe00cdee618148435affa507c674503d7a46c21c44e97eec882be952062d803cf9e4317d5d8f206281c10360d7bbf8b254e39b9f864f72573ed1d9448e256dd4ebb723ef9763e75e36949a8187a39b2c744d01500e2302373e08e5c34abe1bcabef6a1f67b1c61aa9dc29454c2b4d7fb89fe0d130bc7d80af9442426871ddce0479b94f1f04015358a9172f88d4151a98c24e5c3538176df5b07ac58ba77f52c1e7afe7a2c75d74eca3945620878dc3854bf2539322ef78d10a08409710dfe11233cc1481828a39abfee17ebfe8947a8624e7abe9e4e300c07f70cdfed5621c1c813cb2552bd17426cc7a9dbcb6c4ab22f8e98030672120a12442cfcaaf754ed17f5513e34cf23fc355bc6fa0046f3e981fd999738cb1d3bdc5681ceaec955f23324902bab50ad39eecd140a18a4975054bc2669c121ca2b2f28dac28924eaa5260b39c36ca33accf576d9d54e9882b94dcf296371172c2b8417d32114783cbf4bece64eb6e1892c5942dbd817f1ff13fc8049ce71695d3e7b7c4f1c41d1b47854cdc9636d7b97a5dcd9795da252288a2cea16963281753644cbdf30463435a9b56b42814cc12c66b7df8a575a272d1f8832f3b7815b1a087e348a0b140e4a38dfe5bf833a47707ce985663617183b7ca5d0f38a4138bc112d6a1479022912157562b64e481920d5f18f8a04ff95660b3ba1d988b16053f9e31cd2163971437d8363e5e9417800981f788a18b0e70e2af70760d0bef9d4d3de1eb81a011205e6bee2b20b820f7bbda63fb00b8ef1708c2fc60e34a0ac0a1afee521678d2e0ce8039f91c46b11a60bc126318cc86c83ca57ccd2df46172c660fa2b6a27f743640b91bbd8be5b95b872a291e9a9664b6b6060d092a3834cd11584395e206972df8f82dfea65e92cbde007fdd27d83983095bef6d4fb3dfd2d576b51d0882102614414fd9adfa19dfaccadf4c67d3e160a9f6b7bc51a44ff96a6f9da2d51576f1eb1629286ed3e306b8cb13894dbfec09d436edf8cb4b125169c10dabed53f3f8821739c2e4ca566e47a3a062a2ba53d39f3a5a250ad0bef87cdd9ee8457cf5c18486391c05fe88ae1e32287fda8f16aa983da89d181739051139a382fc25aff93266b85078f9629494c1f60ab7a348ba683439a15059b21b82b5b31f9e61afb3399ffaeb60f1b7ef77e1a8c0ecd4d7e13c769ca397367e1bb950ed22dc841c5a9abfa90b07af691361c1d69cb7e8725eb73e53b2f65602f437deacf7cd64ec57eadb9639b47ae56ebbde6d4dad879ee881b41f96c0c728befb07da41664bc2deaa1495b3daf3eeacc84c508a6ca104c974e36bb34bc5264463c39e0161e010a1ac96dc0572322e7b53ad4b76b9c6148aed6c5ff89ad7312181351a2fca1e74645da200506647e3b82d423b6b4e407c7d256d2ed0f466408db21383d0a8d6effd890a7ddb72cbfc25b05b67f5426ca9154ab67af19e6119912d53bd3493e8d94e897efd2cd76088b5ef969fda9914602c9e035a4291b1b674c1ffd56f0ce1b55e30caea87e9697a880d123fb81e34c7bbeeda79839dc044b0d393b4befa5e1855649f5c85e40f37163a31db05d3c4934751a22079ca01833cf2807af09dcaee581d9af05e3505d2c09b768fb785bfd47886b0eacad96185006da100d4dbdc9386ec2145e302d16e347f21396709d2ce8c3676e774f9f11f54bb6a03f20ae0d745838fa1f7990420ae6e8de23997c697c7a7ba9f073da7003fd496422d7d51f30d821a6a05562ca310210112420703a27dc04d1050034619b82fe26043ed5f6790bf7547dbca0d45ec579260eba48a3799f341c7ce80c1c567954efd3c0ab95d952b73dfe9c58167d15d40dc0af37ff2ae847677c878e9b1f176fd428d2e8c0de344d8c53f0de81ffd186261772a60b455988bf0f557a862f665acfa843414f64c4228f77e81256f62e3fb128e4d1008b1920c3d749d1e154850deb4d72a82bdc5ae09f299732c9518fde88a3294e685578d563b41b7e72155754e962d1835720e18819c4abc9051fce11562eda9b2bdcffc88c4dd1a80ed27856c4415eb262c684cdf81ee23620581169107bada7c3f8e84d642984d9bf9588c1b84af9d831d81a23df354822316bc1e41e4f0b51b3a75c2a1b12acd7eea9f18fb42798dcae24c925501ea43f1f2e2057f6dcce4f229db742a2892a1f151a9aff694c1cbb42be330d0463a01ae3c1814e0c5b7021f434a018b6b79c1f6a2e9067870a72967e3505185c7dd0f5ba2df34b16891cdaa0a325172a8b9a54e75d2109c320a4d1a5d3e60156662c154ce1352cca13df0de294002bc1995df9ab79cb6a12fa576275e912f8f3914d425d304dfefb94dec8baf5bc8084c844b29a15617d35897134a44b52178dd24aa32702e67b506b561e0f161e89104390b0041248f95d35d4bc107226f580ea9ed52972859607217d97f6e7e0a6d594bf0a79ff7019182a584c9d55c287534779d1f5c94cf1bd20a6f72fca4328d08ccb60723835e1e16bfcc48a226970885b3fc3cb36ac051624c4b5b5719c379c9fadc6346ae4d087178adbc38ac6b1521c197c19fc036922f2c87627cd29dd0d884e201ee11ae560e4209f62cc5646c91c1a66507c3ea19ba78abcce5a39e61d5cb242914d1c295f556f0353bc9a7984e73c6eb3acd657087d69484b4517f27e4e72386bb63615009acf64d7454b3e2a6de16476c14dd92ab232469d6e308a658b1fe86174a01227ce7daf96ef3338d485a6c6a26b9b8794b83f7c89fdc40116d35cd0d29d5da623a3bc9572c3389e00f855f7b632520a124216e53729a2faccdacc8039ae7070d389d9a97451c87fd06cc7885c09de08bc3178b0a2062b364b6ec5fbe74d1e36549ea3fe1801425ced7c45d07030599c00bbf728a189eaf5ce59f34e96439d704674e7378c4a3f84468ed5de1e45d4054c24cf4ed4abc82adad6f5d90192cdbbb42cdafa4e31e1090245aa8f8be0d529346c35e436cef6715975e4091041fbf2d9247428d1877f99f4c19bd170c19512f61d9491911aff4d02bef641895eac4f932528bbf68e421c661e596609ecf4326080ccc399876df1f5b67d4b831738c4d3ad48a08b92769d084680da0654bfc69b34a91e42bc065dc47eea8e23d3755eb84999d5407fff2a7742e899b207ba27c9f2a1af2982ff0a275ef20161819c64f479b49cce5a12a68c1a2d19c077ad7c05b242849f30d25d48151f519dcd8713822d761cfbf42da9188611ecfeddc86ea1aaaca314369a52908e3c59e2b939b6d1e57807aac87f7be06d3f1cb12be99491c41cee1f6cf1151905895fdd9e5eec2fa4716ca497332b7254b8fb925e848aec5b13fab4915ac185cdb62cc7c1c2c6852130c006a03f7ecc9939bf4fbc5712279dea399a6dcf1c299287c03c55921c3a80f9581c67cc51691c3b004d9cc7cf325b9b4079205b4f94b43e784714d2652691103f9fffce271e102cddc7c1b8c46c5e5a06fac57893e9ba992217227e0f1c0a47fccadd259b44f0edae2afa2a8dcc2181e52a58627d68e97b445ff81ccab2895788f474c1196818b368c2af5ac71736c041fb0ed48831abf28e9e6099c53a7351d973d279b6d2fedbc1cd39551bcbc1aa001ac005447c6556e48a4c83ec026e302f664cd49b5af675e28c44b34bf8e8caaf314dc34c46aced78cb319ccd2e7b6d813fe7ecc171e09de559ab971b2da8551362cfcd7e8a3840a048b094e91980593bfc06ee483ddbae265d216dc3828c49e249e1a60dd8cfd7dff2dd2c9d871ec57673d9f215ab0f609616005aee4109dfce03e492a7286ef54ca31b587bfc1d55e9826a295d954f43ca592c4e06c15c7556fe866127acf2193d1fb3b491f8e0872b9e7a5f6d55858c09e3ac45742ca09be907ca2a285a3b32770cd749cda2e4dd88637c74d89bb24f7531443a8d4b7f5cf1005276b6dfd564367ffb743e646fe74bd4719bdcdec27608e35e3734f9e38194957a203e35cd8d0f9532880d555596ea7019ea8c87650f18ec44744ddeb41d59a255470bea4cf7e76428a9b7b5bd7598f953e44f5663c6ade068ad927f60f00cb21", 0x1000, 0xfffffffffffffff8) request_key(&(0x7f0000000640)='pkcs7_test\x00', &(0x7f0000000600)={'syz', 0x0}, &(0x7f0000000680)='Fvmnet1/\x00', 0xffffffffffffffff) r7 = request_key(&(0x7f0000000980)='keyring\x00', &(0x7f0000000b80)={'syz', 0x1}, &(0x7f0000000bc0)='vboxnet1em1vboxnet1\'\'\x00', 0xfffffffffffffffb) r8 = add_key$keyring(&(0x7f0000000940)='keyring\x00', &(0x7f0000000c00)={'syz', 0x0}, 0x0, 0x0, r7) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000440)=[{0x0}], 0x1, r8) io_setup(0xa7e7, &(0x7f0000000580)) lsetxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'L-', 0x1}, 0x28, 0x3) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') memfd_create(&(0x7f0000000100)='3\x00\x1e\x18J', 0x1) 19:21:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200]}) [ 2547.948123][ T3977] binder: 3976:3977 ioctl c0306201 20000040 returned -22 19:21:10 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x48]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2548.100567][ T4014] binder: 4013:4014 got transaction with invalid offset (72, min 0 max 0) or object. [ 2548.155298][ T4011] binder: 4009:4011 ioctl 540e 0 returned -22 19:21:10 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff0b000000000000]}) [ 2548.218339][ T4060] binder: 4058:4060 unknown command 1077961490 [ 2548.231170][ T4011] binder: 4009:4011 ioctl 1276 0 returned -22 19:21:10 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2000000]}) [ 2548.283966][ T4060] binder: 4058:4060 ioctl c0306201 20000040 returned -22 19:21:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406348, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:10 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b00]}) 19:21:10 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2548.533963][ T4235] binder: 4231:4235 unknown command 1077961544 [ 2548.575702][ T4238] binder: 4237:4238 got transaction with invalid offset (76, min 0 max 0) or object. [ 2548.592863][ T4235] binder: 4231:4235 ioctl c0306201 20000040 returned -22 19:21:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) 19:21:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x4040634c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2548.704942][ T4238] binder_transaction: 10 callbacks suppressed [ 2548.704963][ T4238] binder: 4237:4238 transaction failed 29201/-22, size 0-12288 line 3241 19:21:11 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xce000000]}) [ 2548.916558][ T4371] binder: 4364:4371 unknown command 1077961548 [ 2548.958746][ T4371] binder: 4364:4371 ioctl c0306201 20000040 returned -22 [ 2549.050012][ T4371] binder: 4364:4371 unknown command 1077961548 [ 2549.095748][ T4371] binder: 4364:4371 ioctl c0306201 20000040 returned -22 [ 2549.193993][ T4071] binder: 4009:4071 ioctl 540e 0 returned -22 [ 2549.263104][ T4011] binder: 4009:4011 ioctl 1276 0 returned -22 19:21:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x4001, 0x0) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0xfffffffffffff000, 0xfffffffffffffffa, 0x9, 0x7}]}, 0x10) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 19:21:11 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e01]}) 19:21:11 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}) 19:21:11 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x60]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406360, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:11 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0040000]}) [ 2549.443724][ T4464] binder: 4463:4464 got transaction with invalid offset (96, min 0 max 0) or object. [ 2549.457224][ T4470] binder: 4468:4470 unknown command 1077961568 [ 2549.507894][ T4470] binder: 4468:4470 ioctl c0306201 20000040 returned -22 [ 2549.541851][ T4464] binder: 4463:4464 transaction failed 29201/-22, size 0-12288 line 3241 [ 2549.563625][T26388] binder: release 4508:4526 transaction 1928 out, still active 19:21:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x2, 0x10) ioctl$VT_DISALLOCATE(r1, 0x5608) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2549.622007][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2549.641711][ C1] net_ratelimit: 8 callbacks suppressed [ 2549.641720][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2549.653233][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2549.659104][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2549.664968][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:21:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406368, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2549.690420][T26388] binder: release 4508:4509 transaction 1927 out, still active 19:21:12 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x68]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2549.734844][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2549.759719][T26388] binder: send failed reply for transaction 1927, target dead [ 2549.768172][ T4683] binder: 4680:4683 transaction failed 29189/-22, size 0-0 line 2994 [ 2549.779426][ T4682] binder: 4679:4682 unknown command 1077961576 19:21:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r1 = semget$private(0x0, 0x7, 0x100) semctl$GETNCNT(r1, 0x4, 0xe, &(0x7f0000000040)=""/49) [ 2549.829695][T26388] binder: send failed reply for transaction 1928, target dead [ 2549.851681][ T4682] binder: 4679:4682 ioctl c0306201 20000040 returned -22 [ 2549.865912][T26388] binder: send failed reply for transaction 1929 to 4680:4681 [ 2549.879900][ T4687] binder: 4686:4687 got transaction with invalid offset (104, min 0 max 0) or object. [ 2549.891654][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2549.894660][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2549.897623][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2549.925483][ T4687] binder: 4686:4687 transaction failed 29201/-22, size 0-12288 line 3241 19:21:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) 19:21:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x4040636c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:12 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd9010000]}) [ 2550.002193][T14773] binder: release 4688:4690 transaction 1934 out, still active [ 2550.027541][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2550.080934][T14773] binder: release 4688:4689 transaction 1933 out, still active 19:21:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3400]}) 19:21:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0063404000030000000000000000000000000000000000580000000000000600000000000000000000000000000000000000000000000000000000000000000000000000755a28264ae8cb5c52deff76113501321d3038272e6ef9a0b39a696c900e33c8d02b56f6ea230a0808e1db7dd11101a3e4ae2354cc116bfd8be186147720081618c273d0b06edf52250baa26c67546a623d6eff7526dcc9d293a22a3e4526b471f781062d2d9696d84807b9a6ce207fd8be78a70aaf8027138a3add9fcbaa05a4565d1b879082b4e92"], 0x0, 0x0, 0x0}) [ 2550.124299][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2550.155755][ T4760] binder: 4727:4760 unknown command 1077961580 [ 2550.213465][ T4791] binder: 4790:4791 got transaction to invalid handle [ 2550.220480][ T4791] binder: 4790:4791 transaction failed 29201/-22, size 0-0 line 2994 [ 2550.236672][ T4760] binder: 4727:4760 ioctl c0306201 20000040 returned -22 19:21:12 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406374, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2550.353337][T14773] binder_release_work: 9 callbacks suppressed [ 2550.353346][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2550.394919][ T4901] binder: 4790:4901 got transaction to invalid handle 19:21:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}) [ 2550.442376][ T4904] binder: BINDER_SET_CONTEXT_MGR already set [ 2550.461450][ T4901] binder: 4790:4901 transaction failed 29201/-22, size 0-0 line 2994 [ 2550.478953][ T4916] binder: 4911:4916 unknown command 1077961588 [ 2550.488194][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2550.500645][ T4904] binder: 4883:4904 ioctl 40046207 0 returned -16 [ 2550.507776][T14773] binder: send failed reply for transaction 1933, target dead [ 2550.521600][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2550.527636][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2550.535913][ T4916] binder: 4911:4916 ioctl c0306201 20000040 returned -22 19:21:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a00]}) 19:21:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x1, 0x126) getpeername(r1, &(0x7f0000000080)=@nfc, &(0x7f0000000100)=0x80) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x2e7, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0063404000000000000000007cec0c8e555308f258a8f0a5f9000000000000b42a886faeb4be000000000000000000090000000000000000000000000000000000000000000000000000000000000300000000000000000064cdf7231c3b7b5d6726894e2f0516d67276182b1a56ea07d49e08d8fecad4ab9afa949e2647a3751c45b82c5bc219fe6a23268873843251e865b92378350ecbcbbf77f149b282d43eb8eafb5bee55837f800dab5d5c03506c3b9576010239770989f89b184b4ffc564741670a87c0019b27bd"], 0x0, 0x0, 0x0}) [ 2550.555234][T14773] binder: send failed reply for transaction 1934, target dead [ 2550.583033][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:21:12 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0060000]}) 19:21:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x4040637a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11]}) [ 2550.761398][ T5039] binder: 5034:5039 unknown command 1077961594 19:21:13 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x74]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2550.815861][ T5039] binder: 5034:5039 ioctl c0306201 20000040 returned -22 [ 2550.844516][ T5062] binder: 5000:5062 transaction failed 29189/-22, size 48820-150994944 line 2994 19:21:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406400, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2550.937173][ T5136] binder: 5132:5136 got transaction with invalid offset (116, min 0 max 0) or object. [ 2550.950337][ T5142] binder: 5000:5142 transaction failed 29201/-28, size 48820-150994944 line 3147 19:21:13 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff020000]}) 19:21:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b00]}) [ 2551.005861][T14773] binder: undelivered TRANSACTION_ERROR: 29189 [ 2551.016095][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2551.038544][ T5136] binder: 5132:5136 transaction failed 29201/-22, size 0-12288 line 3241 [ 2551.070277][ T5145] binder: 5144:5145 unknown command 1077961728 [ 2551.109290][ T5145] binder: 5144:5145 ioctl c0306201 20000040 returned -22 19:21:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x402001, 0x0) write$P9_ROPEN(r1, &(0x7f0000000100)={0x18, 0x71, 0x2, {{0x0, 0x1, 0x6}, 0x734f}}, 0x18) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0xf, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x70, 0x0, 0x0}) 19:21:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12]}) 19:21:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406900, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2551.325898][ T5309] binder: 5197:5309 ioctl c0306201 200004c0 returned -14 19:21:13 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2551.383376][ T5336] binder: 5323:5336 unknown command 1077963008 [ 2551.390020][T14773] binder: send failed reply for transaction 1941 to 5197:5309 [ 2551.405892][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2551.417878][ T5360] binder: 5197:5360 transaction failed 29189/-22, size 0-0 line 2994 [ 2551.437050][ T5336] binder: 5323:5336 ioctl c0306201 20000040 returned -22 [ 2551.454196][ T5360] binder: 5197:5360 ioctl c0306201 200004c0 returned -14 [ 2551.480126][ T5367] binder: 5366:5367 got transaction with invalid offset (122, min 0 max 0) or object. 19:21:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b]}) 19:21:13 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff0b0000]}) 19:21:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406b00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2551.533619][T26388] binder: undelivered TRANSACTION_COMPLETE [ 2551.539690][T26388] binder: undelivered TRANSACTION_ERROR: 29189 19:21:13 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4001]}) [ 2551.590536][T26388] binder: undelivered TRANSACTION_ERROR: 29189 19:21:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x4c) ioctl$KDDELIO(r1, 0x4b35, 0x3) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x4000, 0x0) sendmsg$xdp(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="152d7bf824b2f244b559a2fe3cb7f99ccf968292431074d8f53abb908780aa8ff37f5771e89cd395aec93818da05f560ea9bbf5811cfa01ccf19d9388fb172b7037f564dfcfb63efbbf3c3b1d34af44cf53871003ffefa267fcf16f271036f82923a006a109ae78bfd729c858563b8805ec545d5947a18219d64711b30ad31318668a7d6a25a434492369473", 0x8c}], 0x1, 0x0, 0x0, 0x804}, 0x4004000) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000001000000000000000000000000000000000"], 0x0, 0x0, 0x0}) [ 2551.685319][ T5372] kvm_set_msr_common: 18 callbacks suppressed [ 2551.685335][ T5372] kvm [5371]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x1b0000 [ 2551.710715][ T5437] binder: 5380:5437 unknown command 1077963520 [ 2551.721662][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2551.727532][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2551.747818][ T5437] binder: 5380:5437 ioctl c0306201 20000040 returned -22 [ 2551.808825][ T5480] binder_alloc: 5366: binder_alloc_buf size 1152921504606846976 failed, no address space 19:21:14 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x300]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2551.866333][T26388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2551.901885][ T5480] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 19:21:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406c00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34]}) 19:21:14 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800]}) [ 2551.964704][T26388] binder: undelivered TRANSACTION_ERROR: 29201 19:21:14 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff8000]}) 19:21:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x19, 0x0, &(0x7f0000000380)=[@exit_looper], 0xff79, 0x0, 0x0}) [ 2552.072904][ T5637] binder: 5619:5637 unknown command 1077963776 [ 2552.083340][ T5622] kvm [5621]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x340000 [ 2552.101769][ T5637] binder: 5619:5637 ioctl c0306201 20000040 returned -22 19:21:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406f00, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:14 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x500]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2552.269527][ T5722] binder: 5684:5722 ioctl 40046205 0 returned -22 [ 2552.285305][ T5672] kvm [5671]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 19:21:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a]}) [ 2552.309952][ T5722] binder: 5684:5722 unknown command 0 [ 2552.356131][ T5722] binder: 5684:5722 ioctl c0306201 20000000 returned -22 [ 2552.374771][ T5722] binder: 5684:5722 ioctl 40046205 0 returned -22 [ 2552.387670][ T5788] binder: 5769:5788 got transaction with invalid offset (1280, min 0 max 0) or object. [ 2552.396830][ T5739] binder: 5736:5739 unknown command 1077964544 [ 2552.412577][ T5790] binder: 5684:5790 unknown command 0 [ 2552.433668][ T5811] kvm [5671]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2552.444049][ T5739] binder: 5736:5739 ioctl c0306201 20000040 returned -22 [ 2552.455554][ T5790] binder: 5684:5790 ioctl c0306201 20000000 returned -22 [ 2552.467921][ T5817] kvm [5803]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x3a0000 19:21:14 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4900]}) 19:21:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40407000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:15 executing program 1: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x12000, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)={0x9db5, 0x9, 0x8001}) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00634040000000000000000088e0e299f901e14c9a2b08710500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000032235098ffa7f47393b528beb2d4f12dd5fad268d127895966f922735c8e9be2b1e8f5b834140e3f23fa95437953f61c07f10b36dc6215b2112af01924e130b2bc518e5629456b4c0715fd7a0d0ee2a488657cf74c"], 0x0, 0x0, 0x0}) 19:21:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:15 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000]}) [ 2552.693778][ T5914] kvm [5894]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2552.716815][ T5925] binder: 5923:5925 unknown command 1077964800 19:21:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b]}) [ 2552.782125][ T5925] binder: 5923:5925 ioctl c0306201 20000040 returned -22 [ 2552.801975][ T5932] binder: 5929:5932 got transaction with invalid offset (1536, min 0 max 0) or object. 19:21:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40407300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x40000, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_GET_REMOTE_MNG(r1, &(0x7f0000000180)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10004}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={0x1c, r2, 0x100, 0x70bd28, 0x25dfdbfd, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x24008040}, 0x40004) ioctl$BINDER_WRITE_READ(r1, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="00630000000000000000e7ffffff0000000000b16bd121fa000000000100005150c53a62f98600e98f000000000000000040f6ffffff00080000000000685df36500000000000000000000000000"], 0x0, 0x0, 0x0}) write$P9_RAUTH(r1, &(0x7f0000000080)={0x14, 0x67, 0x1, {0x28, 0x3, 0x6}}, 0x14) [ 2552.882747][ T5938] kvm [5933]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2552.905097][ T5989] kvm [5974]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x3b0000 19:21:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6005]}) [ 2553.023919][ T6107] binder: 6051:6107 unknown command 1077965568 [ 2553.030328][ T6107] binder: 6051:6107 ioctl c0306201 20000040 returned -22 [ 2553.049892][ T6110] kvm [5933]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x0 [ 2553.108551][ T6117] binder: 6108:6117 unknown command 25344 [ 2553.138359][ T6117] binder: 6108:6117 ioctl c0306201 200004c0 returned -22 19:21:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48]}) 19:21:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x700]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2553.210355][ T6150] kvm [6148]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc2 data 0x5 [ 2553.221288][ T6117] binder: 6108:6117 unknown command 25344 [ 2553.242149][ T6117] binder: 6108:6117 ioctl c0306201 200004c0 returned -22 19:21:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40407500, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:15 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c000000000]}) [ 2553.343297][ T6167] binder: 6156:6167 got transaction with invalid offset (1792, min 0 max 0) or object. [ 2553.393521][ T6219] binder: 6216:6219 unknown command 1077966080 19:21:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz', 0x2}, &(0x7f00000000c0)="1c12facb5c8eda4f05d142ad33eb2e0be1cc3ddab7f8b881b3d551c731bb675c97215cde779e8f11474008fb7a0036ff07419ad541a7f36a4b962ecec5fb1b8a3d6a3f077d87f88439ad31e1fe21055f13a5aef834a448223a4f13573d0283221f76ce432d45a66fa5dc8e", 0x6b, 0xfffffffffffffffb) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000140)={r1, 0x500000000}, &(0x7f0000000180)={'enc=', 'oaep', ' hash=', {'poly1305\x00'}}, &(0x7f0000000200)="3d89c98aff0a897ba3a5b111ea7b1b6c1c56788363b2cf6de5030f5d035fc0efd1e863ee7f3cb7744d5912e9367ca206234258144b1e68c5f92b09ad5cf9c4520aa9ce5330b24029512d65f8714ce4b4c8083982ac853a889d99dcec37537cba5a738740649ee2c7c5ac53d645ab6ef6a2c4a8e17f5441a8fb8f0930c0c49620545311ca487b7cc4ba26612e1dd86388d93e3363b581c88fb47ab8dca8de20a758503062280afe96327ec37c59122f5d76b764c58916ccc1c2823ab5ad8e38eac4913bb1c3d3771067befcfdd7d795487925b6266ca29c89d9758e75cd8810bf0465483694a2bb88aa384755d55a84cf048a5bd4dca1d30968fe", &(0x7f0000000500)=""/4096) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2553.446167][ T6219] binder: 6216:6219 ioctl c0306201 20000040 returned -22 19:21:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x49]}) 19:21:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40407800, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2553.538989][T14773] binder: release 6289:6313 transaction 1955 out, still active 19:21:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6105]}) [ 2553.580857][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2553.617404][T14773] binder: release 6289:6314 transaction 1956 out, still active 19:21:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x9f7, 0x2000) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000008}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r2, 0x10, 0x70bd25, 0x25dfdbfd, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x8000) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) fgetxattr(r0, &(0x7f0000000040)=@random={'btrfs.', '/dev/binder#\x00'}, &(0x7f0000000080)=""/25, 0x19) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2553.666653][ T6348] binder: 6346:6348 unknown command 1077966848 [ 2553.667568][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2553.701932][ T6348] binder: 6346:6348 ioctl c0306201 20000040 returned -22 19:21:16 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0xa00]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:16 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1004000000000]}) [ 2553.802631][T14773] binder: send failed reply for transaction 1955, target dead [ 2553.818460][T14773] binder: send failed reply for transaction 1956, target dead [ 2553.839502][ T6384] binder_transaction: 8 callbacks suppressed 19:21:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2553.839521][ T6384] binder: 6383:6384 transaction failed 29189/-22, size 0-0 line 2994 19:21:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x79]}) [ 2553.907476][ T6419] binder: 6417:6419 got transaction with invalid offset (2560, min 0 max 0) or object. [ 2554.007122][ T6419] binder: 6417:6419 transaction failed 29201/-22, size 0-12288 line 3241 [ 2554.020571][T14773] binder: release 6383:6487 transaction 1960 out, still active [ 2554.029616][ T6497] binder_alloc: 6417: binder_alloc_buf size 12384 failed, no address space 19:21:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r1 = accept4$inet6(0xffffffffffffff9c, &(0x7f0000000480)={0xa, 0x0, 0x0, @ipv4={[], [], @initdev}}, &(0x7f0000002700)=0x1c, 0x80800) ioctl$sock_inet6_tcp_SIOCATMARK(r1, 0x8905, &(0x7f0000002740)) [ 2554.058697][T14773] binder: undelivered TRANSACTION_COMPLETE 19:21:16 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7005]}) [ 2554.160041][ T6497] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 12280 (num: 1 largest: 12280) 19:21:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b]}) 19:21:16 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100c000000000]}) [ 2554.328644][ T6497] binder: 6464:6497 transaction failed 29201/-28, size 96-12288 line 3147 [ 2554.331301][T14773] binder: release 6564:6565 transaction 1962 out, still active 19:21:16 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x1200]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000100)='security.selinux\x00', &(0x7f0000000140)='system_u:object_r:hald_var_lib_t:s0\x00', 0x24, 0x2) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x200000, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000080)={{0x4, 0x9, 0x7f, 0x100}, 'syz1\x00', 0x15}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2554.414414][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2554.451473][T14773] binder: send failed reply for transaction 1960, target dead [ 2554.486446][T14773] binder: send failed reply for transaction 1962, target dead [ 2554.513198][ T6718] binder: 6716:6718 transaction failed 29189/-22, size 0-0 line 2994 19:21:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2554.547268][T14773] binder: send failed reply for transaction 1963 to 6564:6608 19:21:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e]}) 19:21:17 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7105]}) [ 2554.616836][T14773] binder: undelivered TRANSACTION_COMPLETE [ 2554.691601][ C0] net_ratelimit: 12 callbacks suppressed [ 2554.691608][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2554.705523][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2554.713054][ T6765] binder: 6750:6765 got reply transaction with no transaction stack [ 2554.721237][ T6765] binder: 6750:6765 transaction failed 29201/-71, size 96-12288 line 2899 19:21:17 executing program 1: openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc0\x00', 0x200000, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x2000, 0x0) r1 = accept$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @empty}, &(0x7f0000000180)=0x10) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) r2 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r3 = mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x100000a, 0x10, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000002d40)={0x58, 0x0, &(0x7f0000002c00)=ANY=[@ANYBLOB="056304400000000001634041020000000000000002000000000200000000000001000000000000000000000000000000000000000800010000000000", @ANYPTR=&(0x7f00000028c0)=ANY=[], @ANYPTR=&(0x7f0000002bc0)=ANY=[@ANYBLOB='x\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="03630840", @ANYRES64=r3], 0x87, 0x0, &(0x7f0000002c80)="4f66f3ff460de27f14f46730cb35c903593753fec854c8cdcbddc3df9bb8494d8aed1e054a5b4a18345899738353894d722d02998ae81a252053b30551359f88e0fb5e496bdb748e24bd935f8ecb87035fbb4b9b74441ea8c62016eb8148866af13f8dda529ca52d40e80b9d3f175a7c9b5efa4a5d7d74bf8cf29651ea776352702f12ee4bdcba"}) r4 = syz_open_dev$radio(&(0x7f0000000280)='/dev/radio#\x00', 0x0, 0x2) clock_gettime(0x0, &(0x7f0000002b40)={0x0, 0x0}) recvmmsg(r1, &(0x7f0000002a80)=[{{&(0x7f00000003c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000001500)=""/171, 0xab}, {&(0x7f00000015c0)=""/173, 0xad}, {&(0x7f0000001680)=""/187, 0xbb}], 0x4, &(0x7f0000001740)=""/101, 0x65}, 0x1}, {{0x0, 0x0, &(0x7f0000002880)=[{&(0x7f00000017c0)=""/181, 0xb5}, {&(0x7f0000001880)=""/4096, 0x1000}, {&(0x7f0000000480)=""/17, 0x11}], 0x3, &(0x7f00000028c0)}, 0x71b}, {{&(0x7f0000002900)=@nfc_llcp, 0x80, &(0x7f0000002a40)=[{&(0x7f0000002980)=""/136, 0x88}], 0x1}, 0x3}], 0x3, 0x10040, &(0x7f0000002b80)={r5, r6+30000000}) prctl$PR_SET_FPEXC(0xc, 0x10000) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f00000002c0)=0x95ce, 0x4) r7 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x200, 0x400000) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r7, 0x84, 0xa, &(0x7f0000000200)={0x400, 0x0, 0x2, 0x2, 0x9, 0x100000000, 0x1, 0x1}, &(0x7f0000000240)=0x20) ioctl$KVM_GET_REGS(r0, 0x8090ae81, &(0x7f0000000300)) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f00000028c0)={r7, 0x0, 0xfffffffffffffffb, 0x2}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0xffffffffffffffac, 0x0, &(0x7f0000000040)=ANY=[], 0x1e2, 0x0, 0x0}) r8 = syz_genetlink_get_family_id$fou(&(0x7f0000002dc0)='fou\x00') sendmsg$FOU_CMD_ADD(r4, &(0x7f0000002e80)={&(0x7f0000002d80)={0x10, 0x0, 0x0, 0x20200}, 0xc, &(0x7f0000002e40)={&(0x7f0000002e00)={0x18, r8, 0x4, 0x70bd28, 0x25dfdbfd, {}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) splice(r2, &(0x7f0000000040), r2, &(0x7f0000000080), 0x8, 0x3) 19:21:17 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000]}) [ 2554.923872][ T6875] binder: 6874:6875 Acquire 1 refcount change on invalid ref 0 ret -22 19:21:17 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2000]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2554.971777][ T6875] binder: 6874:6875 unknown command 1094738689 [ 2554.997196][ T6875] binder: 6874:6875 ioctl c0306201 20002d40 returned -22 19:21:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0]}) [ 2555.024332][ T6944] binder: 6874:6944 ioctl c0306201 200004c0 returned -14 [ 2555.103771][ T6947] binder: 6946:6947 got transaction with invalid offset (8192, min 0 max 0) or object. [ 2555.132048][ T6948] binder: 6945:6948 got transaction to invalid handle [ 2555.160111][ T6955] binder: 6874:6955 unknown command 1094738689 [ 2555.191669][ T6948] binder: 6945:6948 transaction failed 29201/-22, size 96-12288 line 2994 19:21:17 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7205]}) [ 2555.217074][ T6947] binder: 6946:6947 transaction failed 29201/-22, size 0-12288 line 3241 [ 2555.225335][ T6875] binder: 6874:6875 ioctl c0306201 200004c0 returned -14 19:21:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 19:21:17 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]}) [ 2555.346098][ T6955] binder: 6874:6955 ioctl c0306201 20002d40 returned -22 19:21:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc1]}) [ 2555.486643][ T7108] binder: 7036:7108 got transaction to invalid handle [ 2555.503105][ T7108] binder: 7036:7108 transaction failed 29201/-22, size 96-12288 line 2994 19:21:17 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0063404000000000210000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x0, 0x0, 0x0}) r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x7, 0x10000) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000080)={0x0}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f00000000c0)={r2}) 19:21:17 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2ff8]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2555.553932][T14773] binder_release_work: 13 callbacks suppressed [ 2555.553941][T14773] binder: undelivered TRANSACTION_ERROR: 29201 19:21:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2555.620260][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2555.697908][ T7182] binder: 7179:7182 transaction failed 29189/-22, size 0-0 line 2994 19:21:18 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7401]}) [ 2555.750061][ T7183] ------------[ cut here ]------------ [ 2555.755945][ T7183] kernel BUG at drivers/android/binder_alloc.c:1141! [ 2555.776363][ T7186] binder_alloc: 7180: binder_alloc_buf size 8 failed, no address space 19:21:18 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000071, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000]}) [ 2555.804488][ T7185] binder: 7184:7185 got transaction to invalid handle [ 2555.827339][T14773] binder: undelivered TRANSACTION_ERROR: 29189 [ 2555.834450][ T7183] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 2555.841316][ T7183] CPU: 0 PID: 7183 Comm: syz-executor.0 Not tainted 5.1.0-rc2 #36 [ 2555.850195][ T7183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2555.860410][ T7183] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 2555.866958][ T7183] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 bf f9 23 fc 4c 89 e6 4c 89 ef e8 d4 fa 23 fc 4d 39 e5 76 07 e8 aa f9 23 fc <0f> 0b e8 a3 f9 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 b1 [ 2555.873838][ T7191] kobject: 'kvm' (000000003359abfe): kobject_uevent_env [ 2555.887324][ T7183] RSP: 0018:ffff8880682b7550 EFLAGS: 00010212 [ 2555.887338][ T7183] RAX: 0000000000040000 RBX: 0000000020004000 RCX: ffffc90005df3000 [ 2555.887346][ T7183] RDX: 0000000000000887 RSI: ffffffff854c77d6 RDI: 0000000000000006 [ 2555.887353][ T7183] RBP: ffff8880682b75d0 R08: ffff8880855421c0 R09: 0000000000000028 [ 2555.887362][ T7183] R10: ffffed100d056f01 R11: ffff8880682b780f R12: 0000000000002fd8 [ 2555.887370][ T7183] R13: 0000000000000028 R14: 0000000000002ff8 R15: 0000000000000000 [ 2555.887382][ T7183] FS: 00007f76502b5700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 19:21:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000090, 0xfdfdffff, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc2]}) [ 2555.887391][ T7183] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2555.887399][ T7183] CR2: 00007fb8e3690db8 CR3: 0000000057b6b000 CR4: 00000000001426f0 [ 2555.887408][ T7183] Call Trace: [ 2555.887435][ T7183] ? memcpy+0x46/0x50 [ 2555.887458][ T7183] binder_alloc_copy_from_buffer+0x37/0x42 [ 2555.887476][ T7183] binder_get_object+0xc3/0x200 [ 2555.887496][ T7183] binder_transaction+0x2b4a/0x6690 [ 2555.887531][ T7183] ? binder_thread_read+0x3d50/0x3d50 [ 2555.887538][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2555.887559][ T7183] ? __might_fault+0x12b/0x1e0 [ 2555.887581][ T7183] ? lock_downgrade+0x880/0x880 [ 2555.887609][ T7183] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2555.887615][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2555.887629][ T7183] ? _copy_from_user+0xdd/0x150 [ 2555.887649][ T7183] binder_thread_write+0x64a/0x2820 [ 2555.887666][ T7183] ? __lockdep_free_key_range+0x120/0x120 [ 2555.887690][ T7183] ? binder_transaction+0x6690/0x6690 [ 2555.887705][ T7183] ? __might_fault+0x12b/0x1e0 19:21:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2555.887711][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2555.887740][ T7183] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2555.887756][ T7183] ? _copy_from_user+0xdd/0x150 [ 2555.887761][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2555.887776][ T7183] binder_ioctl+0x1033/0x183b [ 2555.887797][ T7183] ? binder_thread_write+0x2820/0x2820 [ 2555.887811][ T7183] ? tomoyo_path_number_perm+0x263/0x520 [ 2555.887828][ T7183] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2555.887841][ T7183] ? __lockdep_free_key_range+0x120/0x120 [ 2555.887872][ T7183] ? binder_thread_write+0x2820/0x2820 [ 2555.887888][ T7183] do_vfs_ioctl+0xd6e/0x1390 [ 2555.887906][ T7183] ? ioctl_preallocate+0x210/0x210 [ 2555.887922][ T7183] ? __fget+0x381/0x550 [ 2555.887944][ T7183] ? ksys_dup3+0x3e0/0x3e0 [ 2555.903642][ T7193] kobject: 'kvm' (000000003359abfe): kobject_uevent_env [ 2555.909348][ T7183] ? nsecs_to_jiffies+0x30/0x30 [ 2555.909368][ T7183] ? tomoyo_file_ioctl+0x23/0x30 [ 2555.909384][ T7183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2555.909399][ T7183] ? security_file_ioctl+0x93/0xc0 [ 2555.909417][ T7183] ksys_ioctl+0xab/0xd0 [ 2555.909436][ T7183] __x64_sys_ioctl+0x73/0xb0 [ 2555.909461][ T7183] do_syscall_64+0x103/0x610 [ 2555.918630][ T7185] binder: 7184:7185 transaction failed 29201/-22, size 96-12288 line 2994 [ 2555.926332][ T7183] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2555.926345][ T7183] RIP: 0033:0x458209 19:21:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x101000, 0x0) write$P9_RMKNOD(r1, &(0x7f0000000080)={0x14, 0x13, 0xfffffffffffff057, {0x8, 0x4}}, 0x14) [ 2555.926361][ T7183] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2555.926368][ T7183] RSP: 002b:00007f76502b4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2555.926381][ T7183] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458209 [ 2555.926389][ T7183] RDX: 0000000020000040 RSI: 00000000c0306201 RDI: 0000000000000003 [ 2555.926396][ T7183] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2555.926403][ T7183] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f76502b56d4 [ 2555.926411][ T7183] R13: 00000000004bf49a R14: 00000000004d0e80 R15: 00000000ffffffff [ 2555.926426][ T7183] Modules linked in: [ 2555.930948][ T7191] kobject: 'kvm' (000000003359abfe): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 2555.941655][ T7186] binder_alloc: allocated: 12288 (num: 1 largest: 12288), free: 0 (num: 0 largest: 0) [ 2555.944608][ T3876] kobject: 'loop2' (00000000f33ff01d): kobject_uevent_env [ 2556.051759][ T7183] ---[ end trace 547214b61d432583 ]--- [ 2556.069763][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2556.073278][ T7193] kobject: 'kvm' (000000003359abfe): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 2556.084469][ T7223] kobject: 'kvm' (000000003359abfe): kobject_uevent_env [ 2556.165684][ T7183] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 2556.166215][ T7183] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 bf f9 23 fc 4c 89 e6 4c 89 ef e8 d4 fa 23 fc 4d 39 e5 76 07 e8 aa f9 23 fc <0f> 0b e8 a3 f9 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 b1 [ 2556.166231][ T7183] RSP: 0018:ffff8880682b7550 EFLAGS: 00010212 [ 2556.171005][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2556.182584][ T7193] kobject: 'kvm' (000000003359abfe): kobject_uevent_env [ 2556.186014][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2556.215972][ T7191] kobject: 'kvm' (000000003359abfe): kobject_uevent_env [ 2556.236301][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2556.255964][ T7183] RAX: 0000000000040000 RBX: 0000000020004000 RCX: ffffc90005df3000 [ 2556.261532][ T7300] binder_alloc: 7180: binder_alloc_buf size 8 failed, no address space [ 2556.303119][ T7193] kobject: 'kvm' (000000003359abfe): fill_kobj_path: path = '/devices/virtual/misc/kvm' 19:21:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2556.313243][ T7302] binder: 7298:7302 got transaction to invalid handle [ 2556.338291][ T7183] RDX: 0000000000000887 RSI: ffffffff854c77d6 RDI: 0000000000000006 [ 2556.353388][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2556.417058][ T7191] kobject: 'kvm' (000000003359abfe): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 2556.447683][ T7300] binder_alloc: allocated: 12288 (num: 1 largest: 12288), free: 0 (num: 0 largest: 0) [ 2556.506355][ T7223] kobject: 'kvm' (000000003359abfe): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 2556.519953][ T7306] binder: 7304:7306 got transaction to invalid handle [ 2556.526967][ T7183] RBP: ffff8880682b75d0 R08: ffff8880855421c0 R09: 0000000000000028 [ 2556.545679][ T7305] kobject: 'kvm' (000000003359abfe): kobject_uevent_env 19:21:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2556.556749][ T7212] kobject: 'kvm' (000000003359abfe): kobject_uevent_env [ 2556.561302][ T7222] kobject: 'kvm' (000000003359abfe): kobject_uevent_env [ 2556.576475][ T7183] R10: ffffed100d056f01 R11: ffff8880682b780f R12: 0000000000002fd8 [ 2556.580315][ T7212] kobject: 'kvm' (000000003359abfe): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 2556.588290][ T3876] kobject: 'loop2' (00000000f33ff01d): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 2556.606267][ T7305] kobject: 'kvm' (000000003359abfe): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 2556.617572][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2556.629437][ T7222] kobject: 'kvm' (000000003359abfe): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 2556.642044][ T7367] binder: 7366:7367 got transaction to invalid handle [ 2556.651290][ T3876] kobject: 'loop1' (00000000d0477c8f): kobject_uevent_env 19:21:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="b7dc1f123c123f3188b070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x6, 0x600000000000000, [0x40000070, 0x0, 0x1b], [0xc2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7501]}) [ 2556.660120][ T7183] R13: 0000000000000028 R14: 0000000000002ff8 R15: 0000000000000000 [ 2556.672459][ T7367] binder: 7366:7367 got transaction to invalid handle [ 2556.692141][ T7300] binder_alloc: 7180: binder_alloc_buf size 8 failed, no address space [ 2556.700942][ T7300] binder_alloc: allocated: 12288 (num: 1 largest: 12288), free: 0 (num: 0 largest: 0) [ 2556.719541][ T3876] kobject: 'loop1' (00000000d0477c8f): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 2556.730300][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2556.734106][ T7415] kobject: 'kvm' (000000003359abfe): kobject_uevent_env [ 2556.754294][ T7212] kobject: 'kvm' (000000003359abfe): kobject_uevent_env [ 2556.761600][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2556.767923][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2556.774599][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2556.778466][ T3876] kobject: 'loop5' (00000000387fe3c4): kobject_uevent_env [ 2556.787701][ T7222] kobject: 'kvm' (000000003359abfe): kobject_uevent_env [ 2556.793655][ T7415] kobject: 'kvm' (000000003359abfe): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 2556.796751][ T7183] FS: 00007f76502b5700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 19:21:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 2556.821701][T14773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2556.836151][ T3876] kobject: 'loop5' (00000000387fe3c4): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 2556.847447][ T7222] kobject: 'kvm' (000000003359abfe): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 2556.858255][ T7212] kobject: 'kvm' (000000003359abfe): fill_kobj_path: path = '/devices/virtual/misc/kvm' 19:21:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x44, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`i\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) lsetxattr$security_smack_transmute(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.SMACK64TRANSMUTE\x00', &(0x7f00000000c0)='TRUE', 0x4, 0x2) [ 2556.873510][ T7435] binder: 7434:7435 got transaction to invalid handle [ 2556.910515][ T7183] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2556.910906][ T3876] kobject: 'loop4' (0000000024c7a4da): kobject_uevent_env [ 2556.924620][ T7183] CR2: 0000001b31021000 CR3: 0000000057b6b000 CR4: 00000000001426f0 [ 2556.924635][ T7183] Kernel panic - not syncing: Fatal exception [ 2556.925463][ T7183] Kernel Offset: disabled [ 2556.947287][ T7183] Rebooting in 86400 seconds..