ockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:38:58 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:38:58 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 531.572892] binder: 21479:21491 ioctl 40046207 0 returned -16 11:38:58 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:38:58 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:38:58 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:38:58 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 531.572991] binder_alloc: 9902: binder_alloc_buf, no vma 11:38:58 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:38:59 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:38:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:38:59 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 5 printk messages dropped ** [ 531.651876] binder: BINDER_SET_CONTEXT_MGR already set ** 7 printk messages dropped ** [ 531.763489] binder: BINDER_SET_CONTEXT_MGR already set 11:38:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:38:59 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:38:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:38:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:38:59 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:38:59 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:38:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 531.939554] binder: BINDER_SET_CONTEXT_MGR already set 11:38:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:38:59 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 532.002223] binder: BINDER_SET_CONTEXT_MGR already set 11:38:59 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:38:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 532.002232] binder: 21596:21600 ioctl 40046207 0 returned -16 11:38:59 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:38:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:38:59 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:38:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 6 printk messages dropped ** [ 532.064469] binder: BINDER_SET_CONTEXT_MGR already set 11:38:59 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:38:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:38:59 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 532.064480] binder: 21608:21617 ioctl 40046207 0 returned -16 11:38:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:38:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:38:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:38:59 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 6 printk messages dropped ** [ 532.150324] binder: BINDER_SET_CONTEXT_MGR already set 11:38:59 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:38:59 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:38:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:38:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:38:59 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 532.220075] binder: BINDER_SET_CONTEXT_MGR already set 11:38:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:38:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:38:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:38:59 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 532.220086] binder: 21652:21655 ioctl 40046207 0 returned -16 11:38:59 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:38:59 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:38:59 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:38:59 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 6 printk messages dropped ** [ 532.311161] binder: BINDER_SET_CONTEXT_MGR already set 11:38:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:38:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 532.358257] binder: BINDER_SET_CONTEXT_MGR already set 11:38:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:38:59 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:38:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:38:59 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:38:59 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:38:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 532.358266] binder: 21687:21692 ioctl 40046207 0 returned -16 11:38:59 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:38:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 532.358372] binder_alloc: 9902: binder_alloc_buf, no vma ** 5 printk messages dropped ** [ 532.417121] binder: BINDER_SET_CONTEXT_MGR already set 11:38:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 532.417130] binder: 21705:21711 ioctl 40046207 0 returned -16 [ 532.417250] binder_alloc: 9902: binder_alloc_buf, no vma [ 532.417270] binder: 21705:21711 transaction failed 29189/-3, size 72-24 line 3136 [ 532.417889] binder: 21705:21711 Acquire 1 refcount change on invalid ref 3 ret -22 11:38:59 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:38:59 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:38:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 3 printk messages dropped ** [ 532.465597] binder: BINDER_SET_CONTEXT_MGR already set [ 532.465608] binder: 21717:21720 ioctl 40046207 0 returned -16 11:38:59 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:38:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:38:59 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:38:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:38:59 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:38:59 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:38:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:38:59 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 6 printk messages dropped ** [ 532.558580] binder: BINDER_SET_CONTEXT_MGR already set [ 532.558588] binder: 21734:21740 ioctl 40046207 0 returned -16 ** 6 printk messages dropped ** [ 532.638677] binder: BINDER_SET_CONTEXT_MGR already set 11:38:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:38:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:38:59 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:38:59 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 532.638687] binder: 21755:21762 ioctl 40046207 0 returned -16 ** 2 printk messages dropped ** [ 532.640976] binder: 21755:21762 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:00 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:00 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:00 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:00 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 11 printk messages dropped ** [ 532.797372] binder: BINDER_SET_CONTEXT_MGR already set 11:39:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:00 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 532.797381] binder: 21806:21815 ioctl 40046207 0 returned -16 11:39:00 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:00 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:00 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:00 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:00 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 6 printk messages dropped ** [ 532.893589] binder: BINDER_SET_CONTEXT_MGR already set ** 1 printk messages dropped ** [ 532.893711] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:00 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:00 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 5 printk messages dropped ** [ 532.983307] binder: BINDER_SET_CONTEXT_MGR already set 11:39:00 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:00 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 7 printk messages dropped ** [ 533.052804] binder: BINDER_SET_CONTEXT_MGR already set [ 533.052814] binder: 21873:21876 ioctl 40046207 0 returned -16 11:39:00 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 6 printk messages dropped ** [ 533.113207] binder: BINDER_SET_CONTEXT_MGR already set 11:39:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:00 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:00 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:00 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:00 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) [ 533.113217] binder: 21885:21896 ioctl 40046207 0 returned -16 [ 533.113336] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:00 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 5 printk messages dropped ** [ 533.201571] binder: BINDER_SET_CONTEXT_MGR already set 11:39:00 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:00 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:00 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 533.201581] binder: 21906:21912 ioctl 40046207 0 returned -16 11:39:00 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:00 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:00 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 6 printk messages dropped ** [ 533.273026] binder: BINDER_SET_CONTEXT_MGR already set 11:39:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:00 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:00 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:00 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:00 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 533.273044] binder: 21925:21935 ioctl 40046207 0 returned -16 ** 6 printk messages dropped ** [ 533.377801] binder: BINDER_SET_CONTEXT_MGR already set 11:39:00 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:00 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:00 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) [ 533.377810] binder: 21945:21950 ioctl 40046207 0 returned -16 11:39:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:00 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:00 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 6 printk messages dropped ** [ 533.448404] binder: BINDER_SET_CONTEXT_MGR already set 11:39:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:00 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:00 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:00 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:00 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:00 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:00 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 533.501991] binder: BINDER_SET_CONTEXT_MGR already set [ 533.501999] binder: 21977:21984 ioctl 40046207 0 returned -16 11:39:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:00 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 533.502138] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:00 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:01 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:01 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 5 printk messages dropped ** [ 533.545023] binder: BINDER_SET_CONTEXT_MGR already set 11:39:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:01 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 7 printk messages dropped ** [ 533.653797] binder: BINDER_SET_CONTEXT_MGR already set 11:39:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:01 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:01 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 533.653807] binder: 22011:22018 ioctl 40046207 0 returned -16 [ 533.653907] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:01 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:01 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:01 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:01 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) [ 533.653927] binder: 22011:22018 transaction failed 29189/-3, size 72-24 line 3136 11:39:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:01 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 6 printk messages dropped ** [ 533.701858] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:01 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:01 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 533.778924] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:01 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:01 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:01 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 533.778942] binder: 22051:22057 transaction failed 29189/-3, size 72-24 line 3136 11:39:01 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:01 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:01 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:01 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 6 printk messages dropped ** [ 533.825153] binder_alloc: 9902: binder_alloc_buf, no vma ** 3 printk messages dropped ** [ 533.827416] binder: 22069:22073 got transaction to invalid handle 11:39:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:01 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 3 printk messages dropped ** [ 533.894615] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:01 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:01 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:01 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:01 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 533.894633] binder: 22082:22088 transaction failed 29189/-3, size 72-24 line 3136 11:39:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:01 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:01 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 6 printk messages dropped ** [ 534.002895] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:01 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:01 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:01 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 7 printk messages dropped ** [ 534.098719] binder_alloc: 9902: binder_alloc_buf, no vma ** 7 printk messages dropped ** [ 534.158760] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:01 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:01 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 534.158779] binder: 22155:22157 transaction failed 29189/-3, size 72-24 line 3136 11:39:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:01 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 534.159413] binder: 22155:22157 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:01 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:01 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:01 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 9 printk messages dropped ** [ 534.268394] binder: 22176:22181 got transaction to invalid handle 11:39:01 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:01 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 3 printk messages dropped ** [ 534.342525] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:01 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:01 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:01 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:01 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 15 printk messages dropped ** [ 534.494233] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:02 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 534.494252] binder: 22226:22239 transaction failed 29189/-3, size 72-24 line 3136 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:02 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:02 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:02 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 534.494740] binder: 22226:22239 Acquire 1 refcount change on invalid ref 3 ret -22 [ 534.494750] binder: 22226:22239 Release 1 refcount change on invalid ref 0 ret -22 11:39:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:02 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:02 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:02 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 4 printk messages dropped ** [ 534.535677] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:02 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 534.669169] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:02 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:02 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:02 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:02 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 534.669189] binder: 22276:22283 transaction failed 29189/-3, size 72-24 line 3136 11:39:02 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:02 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 6 printk messages dropped ** [ 534.744243] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:02 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:02 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:02 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:02 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 534.821979] binder_alloc: 9902: binder_alloc_buf, no vma [ 534.821999] binder: 22317:22322 transaction failed 29189/-3, size 72-24 line 3136 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:02 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:02 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 534.825013] binder: 22317:22322 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:02 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:02 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 5 printk messages dropped ** [ 534.927040] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:02 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:02 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 535.016316] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:02 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:02 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 535.137703] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:02 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:02 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 535.236691] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:02 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:02 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 535.320310] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:02 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:02 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:02 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 535.320330] binder: 22448:22454 transaction failed 29189/-3, size 72-24 line 3136 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:02 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:02 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:02 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 6 printk messages dropped ** [ 535.374432] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:02 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:02 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:02 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 535.374451] binder: 22466:22468 transaction failed 29189/-3, size 72-24 line 3136 11:39:03 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:03 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:03 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:03 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 6 printk messages dropped ** [ 535.485850] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 535.581111] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:03 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:03 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:03 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 535.688562] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:03 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:03 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:03 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:03 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 535.780929] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:03 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:03 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:03 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:03 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:03 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 535.780949] binder: 22570:22576 transaction failed 29189/-3, size 72-24 line 3136 ** 6 printk messages dropped ** [ 535.830349] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:03 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:03 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 535.830367] binder: 22582:22589 transaction failed 29189/-3, size 72-24 line 3136 11:39:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:03 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:03 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 6 printk messages dropped ** [ 535.924295] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:03 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:03 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 535.924315] binder: 22603:22610 transaction failed 29189/-3, size 72-24 line 3136 11:39:03 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:03 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 6 printk messages dropped ** [ 535.985164] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:03 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:03 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 536.089617] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:03 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:03 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 536.089638] binder: 22638:22648 transaction failed 29189/-3, size 72-24 line 3136 11:39:03 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:03 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 6 printk messages dropped ** [ 536.168758] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:03 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:03 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 536.251044] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:03 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:03 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) [ 536.251144] binder: 22686:22690 transaction failed 29189/-3, size 72-24 line 3136 11:39:03 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 6 printk messages dropped ** [ 536.310252] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:03 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:03 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:03 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 15 printk messages dropped ** [ 536.548185] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:03 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:04 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:04 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 536.610087] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:04 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 536.736843] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:04 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:04 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) [ 536.736863] binder: 22791:22797 transaction failed 29189/-3, size 72-24 line 3136 11:39:04 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:04 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 6 printk messages dropped ** [ 536.828614] binder_alloc: 9902: binder_alloc_buf, no vma [ 536.828634] binder: 22810:22819 transaction failed 29189/-3, size 72-24 line 3136 11:39:04 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 3 printk messages dropped ** [ 536.841643] binder: 22810:22819 transaction failed 29201/-22, size 0-24 line 3013 11:39:04 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:04 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:04 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:04 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 2 printk messages dropped ** [ 536.908947] binder_alloc: 9902: binder_alloc_buf, no vma ** 7 printk messages dropped ** [ 536.985132] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:04 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:04 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:04 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 7 printk messages dropped ** [ 537.088497] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:04 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:04 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 537.193450] binder_alloc: 9902: binder_alloc_buf, no vma ** 7 printk messages dropped ** [ 537.260397] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:04 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:04 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:04 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 537.333502] binder_alloc: 9902: binder_alloc_buf, no vma [ 537.333521] binder: 22939:22952 transaction failed 29189/-3, size 72-24 line 3136 11:39:04 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:04 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:04 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:04 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:04 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 6 printk messages dropped ** [ 537.430878] binder_alloc: 9902: binder_alloc_buf, no vma [ 537.430897] binder: 22962:22968 transaction failed 29189/-3, size 72-24 line 3136 11:39:04 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:04 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 6 printk messages dropped ** [ 537.508353] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:04 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:04 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 7 printk messages dropped ** [ 537.544402] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:04 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:04 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:04 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:04 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 537.544423] binder: 22995:23000 transaction failed 29189/-3, size 72-24 line 3136 ** 6 printk messages dropped ** [ 537.644880] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 537.714753] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:04 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:04 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:05 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:05 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:05 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 537.784757] binder_alloc: 9902: binder_alloc_buf, no vma [ 537.784777] binder: 23064:23072 transaction failed 29189/-3, size 72-24 line 3136 11:39:05 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 537.787057] binder: 23064:23072 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:05 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 537.787067] binder: 23064:23072 Release 1 refcount change on invalid ref 0 ret -22 11:39:05 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:05 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:05 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 4 printk messages dropped ** [ 537.856863] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:05 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:05 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 537.856883] binder: 23083:23093 transaction failed 29189/-3, size 72-24 line 3136 11:39:05 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:05 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:05 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 6 printk messages dropped ** [ 537.953996] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:05 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:05 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:05 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 538.017363] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:05 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:05 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:05 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 538.105511] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:05 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:05 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:05 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:05 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 538.105529] binder: 23149:23155 transaction failed 29189/-3, size 72-24 line 3136 11:39:05 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:05 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 6 printk messages dropped ** [ 538.183050] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:05 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:05 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 7 printk messages dropped ** [ 538.333872] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:05 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:05 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:05 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 7 printk messages dropped ** [ 538.430099] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:05 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:05 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 538.430118] binder: 23232:23240 transaction failed 29189/-3, size 72-24 line 3136 11:39:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:05 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:05 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:05 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:05 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 6 printk messages dropped ** [ 538.537586] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:05 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 538.625187] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:05 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:05 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:05 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:05 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 538.625207] binder: 23275:23277 transaction failed 29189/-3, size 72-24 line 3136 11:39:05 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 6 printk messages dropped ** [ 538.699341] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:05 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:05 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:06 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 538.750500] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:06 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 538.850070] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:06 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:06 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:06 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 538.922566] binder_alloc: 9902: binder_alloc_buf, no vma [ 538.922585] binder: 23358:23366 transaction failed 29189/-3, size 72-24 line 3136 11:39:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:06 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:06 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:06 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 6 printk messages dropped ** [ 539.023066] binder_alloc: 9902: binder_alloc_buf, no vma [ 539.023086] binder: 23380:23388 transaction failed 29189/-3, size 72-24 line 3136 11:39:06 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 539.023670] binder: 23380:23388 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:06 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:06 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:06 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 5 printk messages dropped ** [ 539.106409] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:06 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:06 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:06 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:06 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 539.106427] binder: 23402:23405 transaction failed 29189/-3, size 72-24 line 3136 ** 6 printk messages dropped ** [ 539.186895] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:06 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:06 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 539.265144] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:06 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:06 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:06 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:06 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 539.265162] binder: 23438:23445 transaction failed 29189/-3, size 72-24 line 3136 11:39:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:06 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 6 printk messages dropped ** [ 539.317476] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:06 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:06 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:06 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 7 printk messages dropped ** [ 539.409429] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:06 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 539.490987] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:06 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:06 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:06 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:06 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 539.491007] binder: 23510:23516 transaction failed 29189/-3, size 72-24 line 3136 11:39:06 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:06 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 6 printk messages dropped ** [ 539.543888] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:06 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:06 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:06 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 539.712654] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:06 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 539.712702] binder: 23550:23552 transaction failed 29189/-3, size 72-24 line 3136 11:39:06 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:06 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 6 printk messages dropped ** [ 539.778883] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:06 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:06 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:06 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 7 printk messages dropped ** [ 539.866510] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:07 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:07 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 539.866531] binder: 23599:23604 transaction failed 29189/-3, size 72-24 line 3136 11:39:07 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:07 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 539.867035] binder: 23599:23604 Acquire 1 refcount change on invalid ref 3 ret -22 ** 5 printk messages dropped ** [ 540.008170] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:07 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:07 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:07 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 7 printk messages dropped ** [ 540.072252] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:07 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:07 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 540.136627] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:07 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:07 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:07 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 540.212089] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:07 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:07 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:07 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 540.308176] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:07 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:07 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 540.385231] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:07 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 540.435903] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:07 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:07 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:07 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 540.506320] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:07 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 540.569311] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:07 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:07 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 7 printk messages dropped ** [ 540.692574] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:07 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:07 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 540.791175] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:07 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:07 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:07 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 7 printk messages dropped ** [ 540.883731] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:07 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:07 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 541.027536] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:07 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:07 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:07 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 3 printk messages dropped ** [ 541.028060] binder: 23888:23891 got transaction to invalid handle 11:39:08 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:08 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:08 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 3 printk messages dropped ** [ 541.086787] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:08 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:08 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:08 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 541.138492] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:08 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 541.218650] binder_alloc: 9902: binder_alloc_buf, no vma [ 541.218698] binder: 23935:23940 transaction failed 29189/-3, size 72-24 line 3136 11:39:08 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:08 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 2 printk messages dropped ** [ 541.221175] binder: 23935:23940 got transaction to invalid handle 11:39:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:08 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:08 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 3 printk messages dropped ** [ 541.285265] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:08 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:08 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 541.285283] binder: 23953:23957 transaction failed 29189/-3, size 72-24 line 3136 11:39:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 541.285740] binder: 23953:23957 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:08 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:08 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:08 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 5 printk messages dropped ** [ 541.349192] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:08 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:08 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 541.432988] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:08 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 3 printk messages dropped ** [ 541.440158] binder: 23990:24003 got transaction to invalid handle 11:39:08 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 3 printk messages dropped ** [ 541.534435] binder_alloc: 9902: binder_alloc_buf, no vma [ 541.534456] binder: 24014:24023 transaction failed 29189/-3, size 72-24 line 3136 11:39:08 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:08 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 541.534932] binder: 24014:24023 Acquire 1 refcount change on invalid ref 3 ret -22 ** 5 printk messages dropped ** [ 541.568531] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:08 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 541.568550] binder: 24031:24034 transaction failed 29189/-3, size 72-24 line 3136 11:39:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:08 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:08 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:08 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 6 printk messages dropped ** [ 541.618146] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:08 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:08 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:08 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 541.747988] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:08 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 15 printk messages dropped ** [ 541.886223] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:08 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 541.886241] binder: 24109:24114 transaction failed 29189/-3, size 72-24 line 3136 11:39:09 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:09 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:09 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 6 printk messages dropped ** [ 541.953260] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:09 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:09 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 542.006370] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:09 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:09 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:09 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:09 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 542.096105] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:09 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:09 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 542.154793] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:09 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:09 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:09 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 542.228637] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:09 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:09 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:09 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 542.313567] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:09 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 542.388764] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:09 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:09 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 542.440885] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:09 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:09 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:09 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 7 printk messages dropped ** [ 542.523275] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:09 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:09 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:09 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 542.523293] binder: 24288:24289 transaction failed 29189/-3, size 72-24 line 3136 11:39:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:09 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 6 printk messages dropped ** [ 542.599874] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:09 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:09 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 7 printk messages dropped ** [ 542.679176] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:09 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:09 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:09 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:09 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 542.778009] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:09 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:09 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 542.856953] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:10 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:10 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 542.918525] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:10 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:10 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 542.918546] binder: 24389:24392 transaction failed 29189/-3, size 72-24 line 3136 [ 542.920237] binder: 24389:24392 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:10 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:10 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 5 printk messages dropped ** [ 543.054729] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:10 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:10 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 3 printk messages dropped ** [ 543.056421] binder: 24413:24424 got transaction to invalid handle 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:10 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 7 printk messages dropped ** [ 543.158087] binder: 24432:24441 got transaction to invalid handle 11:39:10 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:10 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:10 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 3 printk messages dropped ** [ 543.208797] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:10 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 543.308476] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:10 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:10 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:10 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 543.308492] binder: 24480:24484 transaction failed 29189/-3, size 72-24 line 3136 11:39:10 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:10 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 543.309321] binder: 24480:24484 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:10 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:10 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:10 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 5 printk messages dropped ** [ 543.441779] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:10 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 543.441799] binder: 24506:24513 transaction failed 29189/-3, size 72-24 line 3136 11:39:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:10 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:10 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 6 printk messages dropped ** [ 543.517548] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:10 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:10 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 543.640649] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:10 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:10 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 7 printk messages dropped ** [ 543.688404] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:10 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:10 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:10 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 543.851164] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:10 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:10 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:10 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:10 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 7 printk messages dropped ** [ 543.917494] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:11 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:11 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 543.986810] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:11 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:11 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:11 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 7 printk messages dropped ** [ 544.064666] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:11 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:11 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:11 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 544.064686] binder: 24671:24678 transaction failed 29189/-3, size 72-24 line 3136 11:39:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:11 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:11 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:11 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 6 printk messages dropped ** [ 544.130716] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:11 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:11 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 7 printk messages dropped ** [ 544.153679] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:11 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 544.153758] binder: 24705:24707 transaction failed 29189/-3, size 72-24 line 3136 11:39:11 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:11 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:11 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:11 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 6 printk messages dropped ** [ 544.277402] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:11 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:11 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:11 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:11 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 544.341881] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:11 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:11 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:11 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:11 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 544.422913] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:11 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:11 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:11 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 544.495921] binder_alloc: 9902: binder_alloc_buf, no vma ** 7 printk messages dropped ** [ 544.555573] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:11 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:11 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:11 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 544.555593] binder: 24802:24807 transaction failed 29189/-3, size 72-24 line 3136 11:39:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:11 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:11 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:11 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 6 printk messages dropped ** [ 544.645920] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:11 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:11 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:11 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 544.645940] binder: 24830:24834 transaction failed 29189/-3, size 72-24 line 3136 11:39:11 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:11 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:11 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:11 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 14 printk messages dropped ** [ 544.832030] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:11 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:11 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:11 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:11 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 544.832050] binder: 24868:24885 transaction failed 29189/-3, size 72-24 line 3136 11:39:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:12 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:12 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 6 printk messages dropped ** [ 544.911549] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:12 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:12 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 544.992773] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:12 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:12 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:12 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 7 printk messages dropped ** [ 545.063456] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:12 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:12 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 545.125323] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:12 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:12 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 7 printk messages dropped ** [ 545.191124] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:12 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 545.300498] binder_alloc: 9902: binder_alloc_buf, no vma ** 7 printk messages dropped ** [ 545.370751] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:12 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:12 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 545.540888] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:12 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:12 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:12 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 545.540907] binder: 25051:25053 transaction failed 29189/-3, size 72-24 line 3136 11:39:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:12 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 6 printk messages dropped ** [ 545.624261] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:12 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:12 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 545.724631] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:12 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:12 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:12 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 545.792395] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 545.792413] binder: 25111:25119 transaction failed 29189/-3, size 72-24 line 3136 11:39:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:12 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 6 printk messages dropped ** [ 545.845044] binder_alloc: 9902: binder_alloc_buf, no vma ** 7 printk messages dropped ** [ 545.920944] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:12 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:12 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:12 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 546.049526] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:12 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:12 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 546.138978] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:12 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 546.242863] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:13 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:13 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:13 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:13 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:13 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:13 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 546.340002] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:13 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 546.340021] binder: 25242:25246 transaction failed 29189/-3, size 72-24 line 3136 [ 546.342997] binder: 25242:25246 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:13 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:13 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:13 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 5 printk messages dropped ** [ 546.393859] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:13 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:13 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:13 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:13 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 546.393878] binder: 25261:25264 transaction failed 29189/-3, size 72-24 line 3136 [ 546.395944] binder: 25261:25264 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:13 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:13 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:13 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 13 printk messages dropped ** [ 546.700945] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:13 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:13 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:13 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:13 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:13 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 546.700966] binder: 25311:25323 transaction failed 29189/-3, size 72-24 line 3136 [ 546.701421] binder: 25311:25323 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:13 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:13 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:13 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 5 printk messages dropped ** [ 546.801364] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:13 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:13 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:13 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) [ 546.801383] binder: 25342:25351 transaction failed 29189/-3, size 72-24 line 3136 11:39:13 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:13 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:13 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 546.801829] binder: 25342:25351 Acquire 1 refcount change on invalid ref 3 ret -22 [ 546.801837] binder: 25342:25351 Release 1 refcount change on invalid ref 0 ret -22 11:39:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:13 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 4 printk messages dropped ** [ 546.883310] binder_alloc: 9902: binder_alloc_buf, no vma ** 7 printk messages dropped ** [ 546.997025] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:13 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:13 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:13 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:13 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:13 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) [ 546.997043] binder: 25396:25403 transaction failed 29189/-3, size 72-24 line 3136 [ 546.997947] binder: 25396:25403 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:13 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:13 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:13 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:13 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 5 printk messages dropped ** [ 547.068333] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:13 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:13 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:13 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:13 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:13 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:13 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 547.068353] binder: 25416:25420 transaction failed 29189/-3, size 72-24 line 3136 ** 6 printk messages dropped ** [ 547.182374] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:13 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:14 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 547.232832] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:14 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:14 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:14 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 547.363147] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:14 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:14 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:14 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 547.417842] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:14 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:14 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:14 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:14 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 547.417871] binder: 25509:25512 transaction failed 29189/-3, size 72-24 line 3136 11:39:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:14 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:14 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 6 printk messages dropped ** [ 547.500769] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:14 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 547.500789] binder: 25526:25533 transaction failed 29189/-3, size 72-24 line 3136 11:39:14 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:14 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:14 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 6 printk messages dropped ** [ 547.553911] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:14 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:14 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 547.553930] binder: 25547:25549 transaction failed 29189/-3, size 72-24 line 3136 11:39:14 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:14 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:14 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 6 printk messages dropped ** [ 547.636817] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:14 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:14 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:14 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:14 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:14 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:14 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 547.688508] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:14 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:14 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:14 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 7 printk messages dropped ** [ 547.761295] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:14 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:14 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 547.761314] binder: 25594:25598 transaction failed 29189/-3, size 72-24 line 3136 11:39:14 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:14 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:14 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 6 printk messages dropped ** [ 547.824889] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:14 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:14 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:14 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 547.862643] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:14 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:14 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:14 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 7 printk messages dropped ** [ 547.934094] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:14 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:14 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:14 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 547.934112] binder: 25636:25645 transaction failed 29189/-3, size 72-24 line 3136 11:39:14 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 6 printk messages dropped ** [ 548.014485] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:14 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:14 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:15 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 548.101429] binder_alloc: 9902: binder_alloc_buf, no vma ** 7 printk messages dropped ** [ 548.164800] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:15 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:15 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:15 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 548.164820] binder: 25702:25707 transaction failed 29189/-3, size 72-24 line 3136 11:39:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:15 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:15 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:15 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 6 printk messages dropped ** [ 548.217058] binder_alloc: 9902: binder_alloc_buf, no vma ** 7 printk messages dropped ** [ 548.322455] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:15 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:15 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 548.322475] binder: 25734:25744 transaction failed 29189/-3, size 72-24 line 3136 11:39:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 6 printk messages dropped ** [ 548.385330] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:15 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:15 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:15 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) ** 7 printk messages dropped ** [ 548.456256] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:15 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 548.456274] binder: 25775:25781 transaction failed 29189/-3, size 72-24 line 3136 11:39:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:15 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:15 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) ** 6 printk messages dropped ** [ 548.535685] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:15 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 548.591638] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:15 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:15 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 7 printk messages dropped ** [ 548.659096] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:15 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:15 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:15 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 548.659115] binder: 25828:25832 transaction failed 29189/-3, size 72-24 line 3136 ** 6 printk messages dropped ** [ 548.758093] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:15 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:15 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:15 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 548.758408] binder: 25844:25859 transaction failed 29189/-3, size 72-24 line 3136 11:39:15 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:15 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 6 printk messages dropped ** [ 548.854176] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:15 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:15 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:15 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 7 printk messages dropped ** [ 548.927517] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:15 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:15 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:15 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:16 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 15 printk messages dropped ** [ 549.080958] binder_alloc: 9902: binder_alloc_buf, no vma [ 549.080977] binder: 25941:25945 transaction failed 29189/-3, size 72-24 line 3136 11:39:16 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:16 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:16 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 6 printk messages dropped ** [ 549.138645] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:16 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:16 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:16 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:16 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:16 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:16 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:16 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:16 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 15 printk messages dropped ** [ 549.325445] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:16 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:16 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 15 printk messages dropped ** [ 549.432741] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:16 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:16 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:16 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:16 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) [ 549.432761] binder: 26026:26033 transaction failed 29189/-3, size 72-24 line 3136 11:39:16 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:16 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:16 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:16 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:16 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 549.442986] binder: 26026:26033 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:16 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:16 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:16 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 5 printk messages dropped ** [ 549.526257] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:16 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:16 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:16 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:16 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 7 printk messages dropped ** [ 549.623150] binder_alloc: 9902: binder_alloc_buf, no vma [ 549.623181] binder: 26068:26083 transaction failed 29189/-3, size 72-24 line 3136 11:39:16 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:16 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:16 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:16 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 549.626400] binder: 26068:26083 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:16 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:16 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:16 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:16 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) ** 5 printk messages dropped ** [ 549.725270] binder_alloc: 9902: binder_alloc_buf, no vma [ 549.725289] binder: 26095:26101 transaction failed 29189/-3, size 72-24 line 3136 11:39:16 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:16 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:16 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:16 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 6 printk messages dropped ** [ 549.819126] binder_alloc: 9902: binder_alloc_buf, no vma [ 549.819145] binder: 26115:26122 transaction failed 29189/-3, size 72-24 line 3136 11:39:16 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:16 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:16 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 6 printk messages dropped ** [ 549.886679] binder_alloc: 9902: binder_alloc_buf, no vma [ 549.886699] binder: 26139:26146 transaction failed 29189/-3, size 72-24 line 3136 11:39:16 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:16 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:16 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:16 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 549.887452] binder: 26139:26146 Acquire 1 refcount change on invalid ref 3 ret -22 ** 5 printk messages dropped ** [ 549.956585] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:16 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:16 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:16 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:16 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 2 printk messages dropped ** [ 549.958863] binder: 26154:26168 Release 1 refcount change on invalid ref 0 ret -22 11:39:16 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:16 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) ** 4 printk messages dropped ** [ 550.088387] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:17 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:17 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:17 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:17 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 550.088407] binder: 26184:26191 transaction failed 29189/-3, size 72-24 line 3136 11:39:17 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:17 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:17 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:17 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 6 printk messages dropped ** [ 550.175919] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:17 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:17 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:17 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 550.175937] binder: 26209:26211 transaction failed 29189/-3, size 72-24 line 3136 11:39:17 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:17 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:17 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) ** 6 printk messages dropped ** [ 550.228216] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:17 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:17 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:17 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 550.228235] binder: 26224:26233 transaction failed 29189/-3, size 72-24 line 3136 11:39:17 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:17 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:17 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) [ 550.228700] binder: 26224:26233 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:17 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:17 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:17 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) ** 5 printk messages dropped ** [ 550.280181] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:17 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:17 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:17 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:17 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 550.280200] binder: 26244:26247 transaction failed 29189/-3, size 72-24 line 3136 11:39:17 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:17 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:17 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 550.280636] binder: 26244:26247 Acquire 1 refcount change on invalid ref 3 ret -22 ** 5 printk messages dropped ** [ 550.343286] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:17 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:17 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:17 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:17 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 550.343305] binder: 26259:26262 transaction failed 29189/-3, size 72-24 line 3136 [ 550.346160] binder: 26259:26262 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:17 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:17 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 550.346170] binder: 26259:26262 Release 1 refcount change on invalid ref 0 ret -22 [ 550.346176] binder: 26259:26262 got transaction to invalid handle [ 550.346184] binder: 26259:26262 transaction failed 29201/-22, size 0-24 line 3013 [ 550.390272] binder: BINDER_SET_CONTEXT_MGR already set 11:39:17 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:17 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:17 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:17 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) [ 550.390281] binder: 26275:26278 ioctl 40046207 0 returned -16 [ 550.390393] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:17 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 550.390412] binder: 26275:26278 transaction failed 29189/-3, size 72-24 line 3136 ** 6 printk messages dropped ** [ 550.490100] binder_alloc: 9902: binder_alloc_buf, no vma [ 550.490122] binder: 26294:26302 transaction failed 29189/-3, size 72-24 line 3136 [ 550.497683] binder: 26294:26302 Acquire 1 refcount change on invalid ref 3 ret -22 [ 550.497692] binder: 26294:26302 Release 1 refcount change on invalid ref 0 ret -22 [ 550.497699] binder: 26294:26302 got transaction to invalid handle [ 550.497708] binder: 26294:26302 transaction failed 29201/-22, size 0-24 line 3013 [ 550.577620] binder: BINDER_SET_CONTEXT_MGR already set [ 550.577629] binder: 26319:26325 ioctl 40046207 0 returned -16 [ 550.588332] binder_alloc: 9902: binder_alloc_buf, no vma [ 550.588355] binder: 26319:26325 transaction failed 29189/-3, size 72-24 line 3136 [ 550.589683] binder: 26319:26325 Acquire 1 refcount change on invalid ref 3 ret -22 [ 550.589692] binder: 26319:26325 Release 1 refcount change on invalid ref 0 ret -22 [ 550.589699] binder: 26319:26325 got transaction to invalid handle [ 550.589708] binder: 26319:26325 transaction failed 29201/-22, size 0-24 line 3013 [ 550.644189] binder: BINDER_SET_CONTEXT_MGR already set [ 550.644198] binder: 26332:26338 ioctl 40046207 0 returned -16 [ 550.644416] binder_alloc: 9902: binder_alloc_buf, no vma [ 550.644435] binder: 26332:26338 transaction failed 29189/-3, size 72-24 line 3136 [ 550.645295] binder: 26332:26338 Acquire 1 refcount change on invalid ref 3 ret -22 [ 550.645305] binder: 26332:26338 Release 1 refcount change on invalid ref 0 ret -22 [ 550.645312] binder: 26332:26338 got transaction to invalid handle [ 550.645321] binder: 26332:26338 transaction failed 29201/-22, size 0-24 line 3013 [ 550.728434] binder: BINDER_SET_CONTEXT_MGR already set [ 550.728445] binder: 26352:26357 ioctl 40046207 0 returned -16 [ 550.728544] binder_alloc: 9902: binder_alloc_buf, no vma [ 550.728562] binder: 26352:26357 transaction failed 29189/-3, size 72-24 line 3136 [ 550.730241] binder: 26352:26357 Acquire 1 refcount change on invalid ref 3 ret -22 [ 550.730251] binder: 26352:26357 Release 1 refcount change on invalid ref 0 ret -22 [ 550.730258] binder: 26352:26357 got transaction to invalid handle [ 550.730267] binder: 26352:26357 transaction failed 29201/-22, size 0-24 line 3013 [ 550.828650] binder: BINDER_SET_CONTEXT_MGR already set [ 550.828659] binder: 26376:26391 ioctl 40046207 0 returned -16 [ 550.828780] binder_alloc: 9902: binder_alloc_buf, no vma [ 550.828799] binder: 26376:26391 transaction failed 29189/-3, size 72-24 line 3136 [ 550.832051] binder: 26376:26391 Acquire 1 refcount change on invalid ref 3 ret -22 [ 550.832060] binder: 26376:26391 Release 1 refcount change on invalid ref 0 ret -22 [ 550.832067] binder: 26376:26391 got transaction to invalid handle [ 550.832076] binder: 26376:26391 transaction failed 29201/-22, size 0-24 line 3013 [ 550.933178] binder: BINDER_SET_CONTEXT_MGR already set [ 550.933186] binder: 26400:26405 ioctl 40046207 0 returned -16 [ 550.933290] binder_alloc: 9902: binder_alloc_buf, no vma [ 550.933308] binder: 26400:26405 transaction failed 29189/-3, size 72-24 line 3136 [ 550.933748] binder: 26400:26405 Acquire 1 refcount change on invalid ref 3 ret -22 [ 550.933756] binder: 26400:26405 Release 1 refcount change on invalid ref 0 ret -22 [ 550.933762] binder: 26400:26405 got transaction to invalid handle [ 550.933769] binder: 26400:26405 transaction failed 29201/-22, size 0-24 line 3013 [ 551.056302] binder: BINDER_SET_CONTEXT_MGR already set [ 551.056312] binder: 26431:26439 ioctl 40046207 0 returned -16 [ 551.056415] binder_alloc: 9902: binder_alloc_buf, no vma [ 551.056434] binder: 26431:26439 transaction failed 29189/-3, size 72-24 line 3136 [ 551.056970] binder: 26431:26439 Acquire 1 refcount change on invalid ref 3 ret -22 [ 551.056980] binder: 26431:26439 Release 1 refcount change on invalid ref 0 ret -22 [ 551.056987] binder: 26431:26439 got transaction to invalid handle [ 551.056994] binder: 26431:26439 transaction failed 29201/-22, size 0-24 line 3013 [ 551.123546] binder: BINDER_SET_CONTEXT_MGR already set [ 551.123555] binder: 26461:26469 ioctl 40046207 0 returned -16 [ 551.123886] binder_alloc: 9902: binder_alloc_buf, no vma [ 551.123904] binder: 26461:26469 transaction failed 29189/-3, size 72-24 line 3136 [ 551.125349] binder: 26461:26469 Acquire 1 refcount change on invalid ref 3 ret -22 [ 551.125358] binder: 26461:26469 Release 1 refcount change on invalid ref 0 ret -22 [ 551.125364] binder: 26461:26469 got transaction to invalid handle [ 551.125372] binder: 26461:26469 transaction failed 29201/-22, size 0-24 line 3013 [ 551.191406] binder: BINDER_SET_CONTEXT_MGR already set [ 551.191415] binder: 26477:26484 ioctl 40046207 0 returned -16 [ 551.191512] binder_alloc: 9902: binder_alloc_buf, no vma [ 551.191531] binder: 26477:26484 transaction failed 29189/-3, size 72-24 line 3136 [ 551.203280] binder: 26477:26484 Acquire 1 refcount change on invalid ref 3 ret -22 [ 551.203291] binder: 26477:26484 Release 1 refcount change on invalid ref 0 ret -22 [ 551.203300] binder: 26477:26484 got transaction to invalid handle [ 551.203311] binder: 26477:26484 transaction failed 29201/-22, size 0-24 line 3013 [ 551.349499] binder: BINDER_SET_CONTEXT_MGR already set [ 551.349508] binder: 26499:26517 ioctl 40046207 0 returned -16 [ 551.349623] binder_alloc: 9902: binder_alloc_buf, no vma [ 551.349642] binder: 26499:26517 transaction failed 29189/-3, size 72-24 line 3136 [ 551.351046] binder: 26499:26517 Acquire 1 refcount change on invalid ref 3 ret -22 [ 551.351055] binder: 26499:26517 Release 1 refcount change on invalid ref 0 ret -22 [ 551.351061] binder: 26499:26517 got transaction to invalid handle [ 551.351070] binder: 26499:26517 transaction failed 29201/-22, size 0-24 line 3013 [ 551.403639] binder: BINDER_SET_CONTEXT_MGR already set [ 551.403649] binder: 26533:26537 ioctl 40046207 0 returned -16 [ 551.403974] binder_alloc: 9902: binder_alloc_buf, no vma [ 551.403995] binder: 26533:26537 transaction failed 29189/-3, size 72-24 line 3136 [ 551.411276] binder: 26533:26537 Acquire 1 refcount change on invalid ref 3 ret -22 [ 551.411287] binder: 26533:26537 Release 1 refcount change on invalid ref 0 ret -22 [ 551.411296] binder: 26533:26537 got transaction to invalid handle [ 551.411305] binder: 26533:26537 transaction failed 29201/-22, size 0-24 line 3013 [ 551.513744] binder_alloc: 9902: binder_alloc_buf, no vma [ 551.513763] binder: 26552:26558 transaction failed 29189/-3, size 72-24 line 3136 [ 551.598663] binder: BINDER_SET_CONTEXT_MGR already set [ 551.598672] binder: 26581:26592 ioctl 40046207 0 returned -16 [ 551.608632] binder_alloc: 9902: binder_alloc_buf, no vma [ 551.608666] binder: 26581:26592 transaction failed 29189/-3, size 72-24 line 3136 [ 551.611576] binder: 26581:26592 Acquire 1 refcount change on invalid ref 3 ret -22 [ 551.611586] binder: 26581:26592 Release 1 refcount change on invalid ref 0 ret -22 [ 551.611594] binder: 26581:26592 got transaction to invalid handle [ 551.611603] binder: 26581:26592 transaction failed 29201/-22, size 0-24 line 3013 [ 551.670218] binder: BINDER_SET_CONTEXT_MGR already set [ 551.670227] binder: 26606:26615 ioctl 40046207 0 returned -16 [ 551.670336] binder_alloc: 9902: binder_alloc_buf, no vma [ 551.670356] binder: 26606:26615 transaction failed 29189/-3, size 72-24 line 3136 [ 551.671466] binder: 26606:26615 Acquire 1 refcount change on invalid ref 3 ret -22 [ 551.671475] binder: 26606:26615 Release 1 refcount change on invalid ref 0 ret -22 [ 551.671481] binder: 26606:26615 got transaction to invalid handle [ 551.671490] binder: 26606:26615 transaction failed 29201/-22, size 0-24 line 3013 [ 551.753616] binder: BINDER_SET_CONTEXT_MGR already set [ 551.753626] binder: 26621:26624 ioctl 40046207 0 returned -16 [ 551.753733] binder_alloc: 9902: binder_alloc_buf, no vma [ 551.753753] binder: 26621:26624 transaction failed 29189/-3, size 72-24 line 3136 [ 551.754650] binder: 26621:26624 Acquire 1 refcount change on invalid ref 3 ret -22 [ 551.754658] binder: 26621:26624 Release 1 refcount change on invalid ref 0 ret -22 [ 551.754666] binder: 26621:26624 got transaction to invalid handle [ 551.754674] binder: 26621:26624 transaction failed 29201/-22, size 0-24 line 3013 [ 551.818734] binder: BINDER_SET_CONTEXT_MGR already set [ 551.818744] binder: 26639:26650 ioctl 40046207 0 returned -16 [ 551.818866] binder_alloc: 9902: binder_alloc_buf, no vma [ 551.818886] binder: 26639:26650 transaction failed 29189/-3, size 72-24 line 3136 [ 551.822822] binder: 26639:26650 Acquire 1 refcount change on invalid ref 3 ret -22 [ 551.822831] binder: 26639:26650 Release 1 refcount change on invalid ref 0 ret -22 [ 551.822919] binder: 26639:26650 got transaction to invalid handle [ 551.822928] binder: 26639:26650 transaction failed 29201/-22, size 0-24 line 3013 [ 551.926053] binder: BINDER_SET_CONTEXT_MGR already set [ 551.926062] binder: 26669:26674 ioctl 40046207 0 returned -16 [ 551.926232] binder_alloc: 9902: binder_alloc_buf, no vma [ 551.926252] binder: 26669:26674 transaction failed 29189/-3, size 72-24 line 3136 [ 551.927256] binder: 26669:26674 Acquire 1 refcount change on invalid ref 3 ret -22 [ 551.927266] binder: 26669:26674 Release 1 refcount change on invalid ref 0 ret -22 [ 551.927273] binder: 26669:26674 got transaction to invalid handle [ 551.927281] binder: 26669:26674 transaction failed 29201/-22, size 0-24 line 3013 [ 551.985670] binder: BINDER_SET_CONTEXT_MGR already set [ 551.985679] binder: 26682:26689 ioctl 40046207 0 returned -16 [ 551.986068] binder_alloc: 9902: binder_alloc_buf, no vma [ 551.986088] binder: 26682:26689 transaction failed 29189/-3, size 72-24 line 3136 [ 551.987983] binder: 26682:26689 Acquire 1 refcount change on invalid ref 3 ret -22 [ 551.987992] binder: 26682:26689 Release 1 refcount change on invalid ref 0 ret -22 [ 551.987999] binder: 26682:26689 got transaction to invalid handle [ 551.988007] binder: 26682:26689 transaction failed 29201/-22, size 0-24 line 3013 [ 552.054881] binder: BINDER_SET_CONTEXT_MGR already set [ 552.054891] binder: 26706:26712 ioctl 40046207 0 returned -16 [ 552.054991] binder_alloc: 9902: binder_alloc_buf, no vma [ 552.055010] binder: 26706:26712 transaction failed 29189/-3, size 72-24 line 3136 [ 552.055456] binder: 26706:26712 Acquire 1 refcount change on invalid ref 3 ret -22 [ 552.055464] binder: 26706:26712 Release 1 refcount change on invalid ref 0 ret -22 [ 552.055470] binder: 26706:26712 got transaction to invalid handle [ 552.055477] binder: 26706:26712 transaction failed 29201/-22, size 0-24 line 3013 [ 552.152953] binder: BINDER_SET_CONTEXT_MGR already set [ 552.152962] binder: 26730:26736 ioctl 40046207 0 returned -16 [ 552.153079] binder_alloc: 9902: binder_alloc_buf, no vma [ 552.153098] binder: 26730:26736 transaction failed 29189/-3, size 72-24 line 3136 [ 552.153609] binder: 26730:26736 Acquire 1 refcount change on invalid ref 3 ret -22 [ 552.153721] binder: 26730:26736 Release 1 refcount change on invalid ref 0 ret -22 [ 552.153727] binder: 26730:26736 got transaction to invalid handle [ 552.153735] binder: 26730:26736 transaction failed 29201/-22, size 0-24 line 3013 [ 552.188276] binder: BINDER_SET_CONTEXT_MGR already set [ 552.188285] binder: 26745:26748 ioctl 40046207 0 returned -16 [ 552.188397] binder_alloc: 9902: binder_alloc_buf, no vma [ 552.188418] binder: 26745:26748 transaction failed 29189/-3, size 72-24 line 3136 [ 552.204342] binder: 26745:26748 Acquire 1 refcount change on invalid ref 3 ret -22 [ 552.204353] binder: 26745:26748 Release 1 refcount change on invalid ref 0 ret -22 [ 552.204360] binder: 26745:26748 got transaction to invalid handle [ 552.204368] binder: 26745:26748 transaction failed 29201/-22, size 0-24 line 3013 [ 552.268749] binder: BINDER_SET_CONTEXT_MGR already set [ 552.268758] binder: 26760:26764 ioctl 40046207 0 returned -16 [ 552.268872] binder_alloc: 9902: binder_alloc_buf, no vma [ 552.268893] binder: 26760:26764 transaction failed 29189/-3, size 72-24 line 3136 [ 552.270730] binder: 26760:26764 Acquire 1 refcount change on invalid ref 3 ret -22 [ 552.270738] binder: 26760:26764 Release 1 refcount change on invalid ref 0 ret -22 [ 552.270745] binder: 26760:26764 got transaction to invalid handle [ 552.270752] binder: 26760:26764 transaction failed 29201/-22, size 0-24 line 3013 [ 552.317497] binder: BINDER_SET_CONTEXT_MGR already set [ 552.317505] binder: 26779:26782 ioctl 40046207 0 returned -16 [ 552.324664] binder_alloc: 9902: binder_alloc_buf, no vma [ 552.324684] binder: 26779:26782 transaction failed 29189/-3, size 72-24 line 3136 [ 552.325441] binder: 26779:26782 Acquire 1 refcount change on invalid ref 3 ret -22 [ 552.325450] binder: 26779:26782 Release 1 refcount change on invalid ref 0 ret -22 [ 552.325456] binder: 26779:26782 got transaction to invalid handle [ 552.325464] binder: 26779:26782 transaction failed 29201/-22, size 0-24 line 3013 [ 552.484684] binder: BINDER_SET_CONTEXT_MGR already set [ 552.484695] binder: 26799:26802 ioctl 40046207 0 returned -16 [ 552.484815] binder_alloc: 9902: binder_alloc_buf, no vma [ 552.484836] binder: 26799:26802 transaction failed 29189/-3, size 72-24 line 3136 [ 552.485291] binder: 26799:26802 Acquire 1 refcount change on invalid ref 3 ret -22 [ 552.485300] binder: 26799:26802 Release 1 refcount change on invalid ref 0 ret -22 [ 552.485306] binder: 26799:26802 got transaction to invalid handle [ 552.485321] binder: 26799:26802 transaction failed 29201/-22, size 0-24 line 3013 [ 552.537741] binder: BINDER_SET_CONTEXT_MGR already set [ 552.537806] binder: 26828:26830 ioctl 40046207 0 returned -16 [ 552.537912] binder_alloc: 9902: binder_alloc_buf, no vma [ 552.537931] binder: 26828:26830 transaction failed 29189/-3, size 72-24 line 3136 [ 552.538924] binder: 26828:26830 Acquire 1 refcount change on invalid ref 3 ret -22 [ 552.538933] binder: 26828:26830 Release 1 refcount change on invalid ref 0 ret -22 [ 552.538940] binder: 26828:26830 got transaction to invalid handle [ 552.538949] binder: 26828:26830 transaction failed 29201/-22, size 0-24 line 3013 [ 552.677472] binder: BINDER_SET_CONTEXT_MGR already set [ 552.677483] binder: 26841:26863 ioctl 40046207 0 returned -16 [ 552.678615] binder_alloc: 9902: binder_alloc_buf, no vma [ 552.678636] binder: 26841:26863 transaction failed 29189/-3, size 72-24 line 3136 [ 552.679093] binder: 26841:26863 Acquire 1 refcount change on invalid ref 3 ret -22 [ 552.679102] binder: 26841:26863 Release 1 refcount change on invalid ref 0 ret -22 [ 552.679108] binder: 26841:26863 got transaction to invalid handle [ 552.679116] binder: 26841:26863 transaction failed 29201/-22, size 0-24 line 3013 [ 552.745924] binder: BINDER_SET_CONTEXT_MGR already set [ 552.745932] binder: 26877:26885 ioctl 40046207 0 returned -16 [ 552.746084] binder_alloc: 9902: binder_alloc_buf, no vma [ 552.746102] binder: 26877:26885 transaction failed 29189/-3, size 72-24 line 3136 [ 552.746980] binder: 26877:26885 Acquire 1 refcount change on invalid ref 3 ret -22 [ 552.746989] binder: 26877:26885 Release 1 refcount change on invalid ref 0 ret -22 [ 552.746995] binder: 26877:26885 got transaction to invalid handle [ 552.747003] binder: 26877:26885 transaction failed 29201/-22, size 0-24 line 3013 [ 552.893692] binder: BINDER_SET_CONTEXT_MGR already set [ 552.893702] binder: 26911:26921 ioctl 40046207 0 returned -16 [ 552.893802] binder_alloc: 9902: binder_alloc_buf, no vma [ 552.893822] binder: 26911:26921 transaction failed 29189/-3, size 72-24 line 3136 [ 552.895497] binder: 26911:26921 Acquire 1 refcount change on invalid ref 3 ret -22 [ 552.895505] binder: 26911:26921 Release 1 refcount change on invalid ref 0 ret -22 [ 552.895512] binder: 26911:26921 got transaction to invalid handle [ 552.895520] binder: 26911:26921 transaction failed 29201/-22, size 0-24 line 3013 [ 552.949743] binder: BINDER_SET_CONTEXT_MGR already set [ 552.949752] binder: 26933:26942 ioctl 40046207 0 returned -16 [ 552.952019] binder_alloc: 9902: binder_alloc_buf, no vma [ 552.952039] binder: 26933:26942 transaction failed 29189/-3, size 72-24 line 3136 [ 552.953967] binder: 26933:26942 Acquire 1 refcount change on invalid ref 3 ret -22 [ 552.953977] binder: 26933:26942 Release 1 refcount change on invalid ref 0 ret -22 [ 552.953984] binder: 26933:26942 got transaction to invalid handle [ 552.953992] binder: 26933:26942 transaction failed 29201/-22, size 0-24 line 3013 [ 553.002498] binder: BINDER_SET_CONTEXT_MGR already set [ 553.002508] binder: 26949:26954 ioctl 40046207 0 returned -16 [ 553.002629] binder_alloc: 9902: binder_alloc_buf, no vma [ 553.002648] binder: 26949:26954 transaction failed 29189/-3, size 72-24 line 3136 [ 553.004286] binder: 26949:26954 Acquire 1 refcount change on invalid ref 3 ret -22 [ 553.004295] binder: 26949:26954 Release 1 refcount change on invalid ref 0 ret -22 [ 553.004302] binder: 26949:26954 got transaction to invalid handle [ 553.004310] binder: 26949:26954 transaction failed 29201/-22, size 0-24 line 3013 [ 553.094648] binder: BINDER_SET_CONTEXT_MGR already set [ 553.094667] binder: 26967:26972 ioctl 40046207 0 returned -16 [ 553.094804] binder_alloc: 9902: binder_alloc_buf, no vma [ 553.094823] binder: 26967:26972 transaction failed 29189/-3, size 72-24 line 3136 [ 553.095947] binder: 26967:26972 Acquire 1 refcount change on invalid ref 3 ret -22 [ 553.095957] binder: 26967:26972 Release 1 refcount change on invalid ref 0 ret -22 [ 553.095964] binder: 26967:26972 got transaction to invalid handle [ 553.095974] binder: 26967:26972 transaction failed 29201/-22, size 0-24 line 3013 [ 553.129949] binder: BINDER_SET_CONTEXT_MGR already set [ 553.129958] binder: 26986:26989 ioctl 40046207 0 returned -16 [ 553.130070] binder_alloc: 9902: binder_alloc_buf, no vma [ 553.130090] binder: 26986:26989 transaction failed 29189/-3, size 72-24 line 3136 [ 553.130753] binder: 26986:26989 Acquire 1 refcount change on invalid ref 3 ret -22 [ 553.130762] binder: 26986:26989 Release 1 refcount change on invalid ref 0 ret -22 [ 553.130769] binder: 26986:26989 got transaction to invalid handle [ 553.130778] binder: 26986:26989 transaction failed 29201/-22, size 0-24 line 3013 [ 553.227304] binder: BINDER_SET_CONTEXT_MGR already set [ 553.227314] binder: 27003:27010 ioctl 40046207 0 returned -16 [ 553.227423] binder_alloc: 9902: binder_alloc_buf, no vma [ 553.227442] binder: 27003:27010 transaction failed 29189/-3, size 72-24 line 3136 [ 553.227925] binder: 27003:27010 Acquire 1 refcount change on invalid ref 3 ret -22 [ 553.227934] binder: 27003:27010 Release 1 refcount change on invalid ref 0 ret -22 [ 553.227940] binder: 27003:27010 got transaction to invalid handle [ 553.227948] binder: 27003:27010 transaction failed 29201/-22, size 0-24 line 3013 [ 553.355849] binder: BINDER_SET_CONTEXT_MGR already set [ 553.355858] binder: 27041:27044 ioctl 40046207 0 returned -16 [ 553.355967] binder_alloc: 9902: binder_alloc_buf, no vma [ 553.355985] binder: 27041:27044 transaction failed 29189/-3, size 72-24 line 3136 [ 553.361733] binder: 27041:27044 Acquire 1 refcount change on invalid ref 3 ret -22 [ 553.361742] binder: 27041:27044 Release 1 refcount change on invalid ref 0 ret -22 [ 553.361749] binder: 27041:27044 got transaction to invalid handle [ 553.361758] binder: 27041:27044 transaction failed 29201/-22, size 0-24 line 3013 [ 553.420998] binder: BINDER_SET_CONTEXT_MGR already set [ 553.421006] binder: 27056:27064 ioctl 40046207 0 returned -16 [ 553.422213] binder_alloc: 9902: binder_alloc_buf, no vma [ 553.422233] binder: 27056:27064 transaction failed 29189/-3, size 72-24 line 3136 [ 553.422681] binder: 27056:27064 Acquire 1 refcount change on invalid ref 3 ret -22 [ 553.422690] binder: 27056:27064 Release 1 refcount change on invalid ref 0 ret -22 [ 553.422697] binder: 27056:27064 got transaction to invalid handle [ 553.422705] binder: 27056:27064 transaction failed 29201/-22, size 0-24 line 3013 [ 553.511213] binder: BINDER_SET_CONTEXT_MGR already set [ 553.511222] binder: 27082:27089 ioctl 40046207 0 returned -16 [ 553.515797] binder_alloc: 9902: binder_alloc_buf, no vma [ 553.515816] binder: 27082:27089 transaction failed 29189/-3, size 72-24 line 3136 [ 553.519562] binder: 27082:27089 Acquire 1 refcount change on invalid ref 3 ret -22 [ 553.519571] binder: 27082:27089 Release 1 refcount change on invalid ref 0 ret -22 [ 553.519577] binder: 27082:27089 got transaction to invalid handle [ 553.519586] binder: 27082:27089 transaction failed 29201/-22, size 0-24 line 3013 [ 553.594516] binder: BINDER_SET_CONTEXT_MGR already set [ 553.594527] binder: 27108:27111 ioctl 40046207 0 returned -16 [ 553.594638] binder_alloc: 9902: binder_alloc_buf, no vma [ 553.594657] binder: 27108:27111 transaction failed 29189/-3, size 72-24 line 3136 [ 553.597126] binder: 27108:27111 Acquire 1 refcount change on invalid ref 3 ret -22 [ 553.597135] binder: 27108:27111 Release 1 refcount change on invalid ref 0 ret -22 [ 553.597143] binder: 27108:27111 got transaction to invalid handle [ 553.597151] binder: 27108:27111 transaction failed 29201/-22, size 0-24 line 3013 [ 553.705468] binder: BINDER_SET_CONTEXT_MGR already set [ 553.705476] binder: 27133:27143 ioctl 40046207 0 returned -16 [ 553.705570] binder_alloc: 9902: binder_alloc_buf, no vma [ 553.705588] binder: 27133:27143 transaction failed 29189/-3, size 72-24 line 3136 [ 553.706426] binder: 27133:27143 Acquire 1 refcount change on invalid ref 3 ret -22 [ 553.706435] binder: 27133:27143 Release 1 refcount change on invalid ref 0 ret -22 [ 553.706443] binder: 27133:27143 got transaction to invalid handle [ 553.706452] binder: 27133:27143 transaction failed 29201/-22, size 0-24 line 3013 [ 553.787317] binder: BINDER_SET_CONTEXT_MGR already set [ 553.787327] binder: 27151:27163 ioctl 40046207 0 returned -16 [ 553.787704] binder_alloc: 9902: binder_alloc_buf, no vma [ 553.787722] binder: 27151:27163 transaction failed 29189/-3, size 72-24 line 3136 [ 553.798207] binder: 27151:27163 Acquire 1 refcount change on invalid ref 3 ret -22 [ 553.798218] binder: 27151:27163 Release 1 refcount change on invalid ref 0 ret -22 [ 553.798226] binder: 27151:27163 got transaction to invalid handle [ 553.798236] binder: 27151:27163 transaction failed 29201/-22, size 0-24 line 3013 [ 553.890898] binder: BINDER_SET_CONTEXT_MGR already set [ 553.890907] binder: 27178:27187 ioctl 40046207 0 returned -16 [ 553.891016] binder_alloc: 9902: binder_alloc_buf, no vma [ 553.891035] binder: 27178:27187 transaction failed 29189/-3, size 72-24 line 3136 [ 553.892512] binder: 27178:27187 Acquire 1 refcount change on invalid ref 3 ret -22 [ 553.892521] binder: 27178:27187 Release 1 refcount change on invalid ref 0 ret -22 [ 553.892527] binder: 27178:27187 got transaction to invalid handle [ 553.892535] binder: 27178:27187 transaction failed 29201/-22, size 0-24 line 3013 [ 553.977851] binder: BINDER_SET_CONTEXT_MGR already set [ 553.977861] binder: 27195:27211 ioctl 40046207 0 returned -16 [ 553.980714] binder_alloc: 9902: binder_alloc_buf, no vma [ 553.980734] binder: 27195:27211 transaction failed 29189/-3, size 72-24 line 3136 [ 553.981254] binder: 27195:27211 Acquire 1 refcount change on invalid ref 3 ret -22 [ 553.981263] binder: 27195:27211 Release 1 refcount change on invalid ref 0 ret -22 [ 553.981270] binder: 27195:27211 got transaction to invalid handle [ 553.981278] binder: 27195:27211 transaction failed 29201/-22, size 0-24 line 3013 [ 554.096078] binder: BINDER_SET_CONTEXT_MGR already set [ 554.096087] binder: 27233:27239 ioctl 40046207 0 returned -16 [ 554.096207] binder_alloc: 9902: binder_alloc_buf, no vma [ 554.096226] binder: 27233:27239 transaction failed 29189/-3, size 72-24 line 3136 [ 554.097904] binder: 27233:27239 Acquire 1 refcount change on invalid ref 3 ret -22 [ 554.097913] binder: 27233:27239 Release 1 refcount change on invalid ref 0 ret -22 [ 554.097919] binder: 27233:27239 got transaction to invalid handle [ 554.097927] binder: 27233:27239 transaction failed 29201/-22, size 0-24 line 3013 [ 554.144603] binder: BINDER_SET_CONTEXT_MGR already set [ 554.144613] binder: 27257:27258 ioctl 40046207 0 returned -16 [ 554.144724] binder_alloc: 9902: binder_alloc_buf, no vma [ 554.144742] binder: 27257:27258 transaction failed 29189/-3, size 72-24 line 3136 [ 554.145202] binder: 27257:27258 Acquire 1 refcount change on invalid ref 3 ret -22 [ 554.145213] binder: 27257:27258 Release 1 refcount change on invalid ref 0 ret -22 [ 554.145220] binder: 27257:27258 got transaction to invalid handle [ 554.145228] binder: 27257:27258 transaction failed 29201/-22, size 0-24 line 3013 [ 554.220387] binder: BINDER_SET_CONTEXT_MGR already set [ 554.220395] binder: 27273:27278 ioctl 40046207 0 returned -16 [ 554.220495] binder_alloc: 9902: binder_alloc_buf, no vma [ 554.220513] binder: 27273:27278 transaction failed 29189/-3, size 72-24 line 3136 [ 554.220950] binder: 27273:27278 Acquire 1 refcount change on invalid ref 3 ret -22 [ 554.220959] binder: 27273:27278 Release 1 refcount change on invalid ref 0 ret -22 [ 554.220965] binder: 27273:27278 got transaction to invalid handle [ 554.220972] binder: 27273:27278 transaction failed 29201/-22, size 0-24 line 3013 [ 554.265530] binder: BINDER_SET_CONTEXT_MGR already set [ 554.265539] binder: 27290:27292 ioctl 40046207 0 returned -16 [ 554.265666] binder_alloc: 9902: binder_alloc_buf, no vma [ 554.265685] binder: 27290:27292 transaction failed 29189/-3, size 72-24 line 3136 [ 554.268983] binder: 27290:27292 Acquire 1 refcount change on invalid ref 3 ret -22 [ 554.268992] binder: 27290:27292 Release 1 refcount change on invalid ref 0 ret -22 [ 554.268999] binder: 27290:27292 got transaction to invalid handle [ 554.269008] binder: 27290:27292 transaction failed 29201/-22, size 0-24 line 3013 [ 554.299609] binder: BINDER_SET_CONTEXT_MGR already set [ 554.299618] binder: 27297:27302 ioctl 40046207 0 returned -16 [ 554.299735] binder_alloc: 9902: binder_alloc_buf, no vma [ 554.299763] binder: 27297:27302 transaction failed 29189/-3, size 72-24 line 3136 [ 554.308398] binder: 27297:27302 Acquire 1 refcount change on invalid ref 3 ret -22 [ 554.308408] binder: 27297:27302 Release 1 refcount change on invalid ref 0 ret -22 [ 554.308415] binder: 27297:27302 got transaction to invalid handle [ 554.308424] binder: 27297:27302 transaction failed 29201/-22, size 0-24 line 3013 [ 554.377842] binder: BINDER_SET_CONTEXT_MGR already set [ 554.377851] binder: 27315:27317 ioctl 40046207 0 returned -16 [ 554.377966] binder_alloc: 9902: binder_alloc_buf, no vma [ 554.377985] binder: 27315:27317 transaction failed 29189/-3, size 72-24 line 3136 [ 554.378623] binder: 27315:27317 Acquire 1 refcount change on invalid ref 3 ret -22 [ 554.378633] binder: 27315:27317 Release 1 refcount change on invalid ref 0 ret -22 [ 554.378640] binder: 27315:27317 got transaction to invalid handle [ 554.378648] binder: 27315:27317 transaction failed 29201/-22, size 0-24 line 3013 [ 554.418216] binder: BINDER_SET_CONTEXT_MGR already set [ 554.418226] binder: 27331:27334 ioctl 40046207 0 returned -16 [ 554.418328] binder_alloc: 9902: binder_alloc_buf, no vma [ 554.418347] binder: 27331:27334 transaction failed 29189/-3, size 72-24 line 3136 [ 554.419886] binder: 27331:27334 Acquire 1 refcount change on invalid ref 3 ret -22 [ 554.419894] binder: 27331:27334 Release 1 refcount change on invalid ref 0 ret -22 [ 554.419900] binder: 27331:27334 got transaction to invalid handle [ 554.419907] binder: 27331:27334 transaction failed 29201/-22, size 0-24 line 3013 [ 554.522852] binder: BINDER_SET_CONTEXT_MGR already set [ 554.522861] binder: 27349:27354 ioctl 40046207 0 returned -16 [ 554.522986] binder_alloc: 9902: binder_alloc_buf, no vma [ 554.523012] binder: 27349:27354 transaction failed 29189/-3, size 72-24 line 3136 [ 554.523595] binder: 27349:27354 Acquire 1 refcount change on invalid ref 3 ret -22 [ 554.523603] binder: 27349:27354 Release 1 refcount change on invalid ref 0 ret -22 [ 554.523609] binder: 27349:27354 got transaction to invalid handle [ 554.523617] binder: 27349:27354 transaction failed 29201/-22, size 0-24 line 3013 [ 554.607856] binder: BINDER_SET_CONTEXT_MGR already set [ 554.607866] binder: 27368:27369 ioctl 40046207 0 returned -16 [ 554.607966] binder_alloc: 9902: binder_alloc_buf, no vma [ 554.607986] binder: 27368:27369 transaction failed 29189/-3, size 72-24 line 3136 [ 554.609615] binder: 27368:27369 Acquire 1 refcount change on invalid ref 3 ret -22 [ 554.609628] binder: 27368:27369 Release 1 refcount change on invalid ref 0 ret -22 [ 554.609633] binder: 27368:27369 got transaction to invalid handle [ 554.609640] binder: 27368:27369 transaction failed 29201/-22, size 0-24 line 3013 [ 554.679560] binder: BINDER_SET_CONTEXT_MGR already set [ 554.679571] binder: 27390:27392 ioctl 40046207 0 returned -16 [ 554.679677] binder_alloc: 9902: binder_alloc_buf, no vma [ 554.679696] binder: 27390:27392 transaction failed 29189/-3, size 72-24 line 3136 [ 554.680189] binder: 27390:27392 Acquire 1 refcount change on invalid ref 3 ret -22 [ 554.680198] binder: 27390:27392 Release 1 refcount change on invalid ref 0 ret -22 [ 554.680204] binder: 27390:27392 got transaction to invalid handle [ 554.680212] binder: 27390:27392 transaction failed 29201/-22, size 0-24 line 3013 [ 554.729739] binder: BINDER_SET_CONTEXT_MGR already set [ 554.729748] binder: 27400:27404 ioctl 40046207 0 returned -16 [ 554.730156] binder_alloc: 9902: binder_alloc_buf, no vma [ 554.730174] binder: 27400:27404 transaction failed 29189/-3, size 72-24 line 3136 [ 554.730648] binder: 27400:27404 Acquire 1 refcount change on invalid ref 3 ret -22 [ 554.730666] binder: 27400:27404 Release 1 refcount change on invalid ref 0 ret -22 [ 554.730673] binder: 27400:27404 got transaction to invalid handle [ 554.730680] binder: 27400:27404 transaction failed 29201/-22, size 0-24 line 3013 [ 554.760292] binder: BINDER_SET_CONTEXT_MGR already set [ 554.760301] binder: 27412:27413 ioctl 40046207 0 returned -16 [ 554.760416] binder_alloc: 9902: binder_alloc_buf, no vma [ 554.760435] binder: 27412:27413 transaction failed 29189/-3, size 72-24 line 3136 11:39:20 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:20 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:20 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:20 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:20 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) [ 554.760934] binder: 27412:27413 Acquire 1 refcount change on invalid ref 3 ret -22 [ 554.760942] binder: 27412:27413 Release 1 refcount change on invalid ref 0 ret -22 [ 554.760949] binder: 27412:27413 got transaction to invalid handle [ 554.760957] binder: 27412:27413 transaction failed 29201/-22, size 0-24 line 3013 [ 554.834266] binder: BINDER_SET_CONTEXT_MGR already set [ 554.834276] binder: 27426:27432 ioctl 40046207 0 returned -16 [ 554.834375] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:20 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:20 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:20 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 554.834392] binder: 27426:27432 transaction failed 29189/-3, size 72-24 line 3136 11:39:20 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:20 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:20 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:20 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:20 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 554.835105] binder: 27426:27432 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:20 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:20 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 554.835113] binder: 27426:27432 Release 1 refcount change on invalid ref 0 ret -22 [ 554.835120] binder: 27426:27432 got transaction to invalid handle 11:39:20 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:20 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:20 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) [ 554.835128] binder: 27426:27432 transaction failed 29201/-22, size 0-24 line 3013 11:39:20 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:20 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:21 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 554.885559] binder: BINDER_SET_CONTEXT_MGR already set 11:39:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:21 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:21 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:21 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 554.885569] binder: 27442:27444 ioctl 40046207 0 returned -16 [ 554.885709] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:21 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) [ 554.885729] binder: 27442:27444 transaction failed 29189/-3, size 72-24 line 3136 11:39:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:21 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:21 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 554.888130] binder: 27442:27444 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:21 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:21 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:21 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 554.888139] binder: 27442:27444 Release 1 refcount change on invalid ref 0 ret -22 11:39:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:21 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:21 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:21 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 554.888146] binder: 27442:27444 got transaction to invalid handle [ 554.888155] binder: 27442:27444 transaction failed 29201/-22, size 0-24 line 3013 11:39:21 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:21 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:21 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:21 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 554.976442] binder: BINDER_SET_CONTEXT_MGR already set 11:39:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:21 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 554.976451] binder: 27452:27462 ioctl 40046207 0 returned -16 11:39:21 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:21 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:21 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:21 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 554.983151] binder_alloc: 9902: binder_alloc_buf, no vma [ 554.983180] binder: 27452:27462 transaction failed 29189/-3, size 72-24 line 3136 11:39:21 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:21 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:21 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 554.983671] binder: 27452:27462 Acquire 1 refcount change on invalid ref 3 ret -22 11:39:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:21 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 554.983680] binder: 27452:27462 Release 1 refcount change on invalid ref 0 ret -22 11:39:21 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:21 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:21 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:21 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:21 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:21 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 554.983686] binder: 27452:27462 got transaction to invalid handle [ 554.983694] binder: 27452:27462 transaction failed 29201/-22, size 0-24 line 3013 11:39:21 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 555.028608] binder: BINDER_SET_CONTEXT_MGR already set [ 555.028617] binder: 27478:27483 ioctl 40046207 0 returned -16 11:39:21 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:21 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:21 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:21 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:21 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) [ 555.029732] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:21 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 555.029751] binder: 27478:27483 transaction failed 29189/-3, size 72-24 line 3136 11:39:21 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 555.032560] binder: 27478:27483 Acquire 1 refcount change on invalid ref 3 ret -22 [ 555.032569] binder: 27478:27483 Release 1 refcount change on invalid ref 0 ret -22 [ 555.032575] binder: 27478:27483 got transaction to invalid handle [ 555.032583] binder: 27478:27483 transaction failed 29201/-22, size 0-24 line 3013 11:39:22 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:22 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:22 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:22 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:22 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:22 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) [ 555.117392] binder: BINDER_SET_CONTEXT_MGR already set [ 555.117401] binder: 27491:27502 ioctl 40046207 0 returned -16 [ 555.117519] binder_alloc: 9902: binder_alloc_buf, no vma 11:39:22 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:22 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:22 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) 11:39:22 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) [ 555.117538] binder: 27491:27502 transaction failed 29189/-3, size 72-24 line 3136 [ 555.118216] binder: 27491:27502 Acquire 1 refcount change on invalid ref 3 ret -22 [ 555.118225] binder: 27491:27502 Release 1 refcount change on invalid ref 0 ret -22 11:39:22 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) read(0xffffffffffffffff, &(0x7f0000000200)=""/250, 0x50c7e3e3) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net\x00', 0x200002, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000580)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) sendto$unix(r1, &(0x7f0000000340), 0x0, 0x4010, 0x0, 0x0) madvise(&(0x7f0000e87000/0x1000)=nil, 0x1000, 0x13) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0xfffffffffffffdca) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800003, 0x8012, r3, 0x0) getpid() fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000600)=ANY=[@ANYBLOB="04cabae5500100ef0f50c1f548b073b0cc8433"], 0x1, 0x1) read(r2, &(0x7f0000000480)=""/197, 0xc5) syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f00000001c0)) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000140)={0x1, 0xfb95, 0x5, 0x2}) write$P9_RLERROR(r1, &(0x7f0000000380)={0x51, 0x7, 0x0, {0x48, 'stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00'}}, 0x51) 11:39:22 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:22 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) 11:39:22 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:22 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x131f64) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() bind$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev}, 0x1c) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x29) fcntl$setstatus(r1, 0x4, 0x427fd) 11:39:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000200), &(0x7f0000000240)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x54, 0x0, &(0x7f0000000580)=[@acquire={0x40046305, 0x3}, @release, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)}}], 0xb9, 0x0, &(0x7f0000000640)="4c3674ad0e64a3216181a1972c2feada6c62761d011ae5209d8006e4194344751950392b5982492b7b2a10c9542ee23a9eee1eecb4c4aeb3f3d0ff32f81559f62e3cd9e9509bbe59354958511982cfe10ba8abfb4af5862144d53a8363c5df78c667103e39f7e15035339fb6178c9d229b6d1c6c45ac0833eb220dffb343924dbdda3a71733a39f4921e61f87647586275a65af709c85284ace6676528df42f0e156a90c26dfba29b94c69712d3961726ee36b534d9b854934"}) [ 555.118231] binder: 27491:27502 got transaction to invalid handle [ 555.118240] binder: 27491:27502 transaction failed 29201/-22, size 0-24 line 3013 [ 555.225951] binder: BINDER_SET_CONTEXT_MGR already set [ 555.225960] binder: 27509:27527 ioctl 40046207 0 returned -16 11:39:22 executing program 5: socket(0x2, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080), 0x4) 11:39:22 executing program 0: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0xfffffff9) mmap(&(0x7f00006fc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) close(r0) 11:39:22 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = memfd_create(&(0x7f0000000000), 0x0) ftruncate(0xffffffffffffffff, 0x3ffff) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0xfd88) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @loopback}, 0x10) sendfile(r0, r1, 0x0, 0xffe4) [ 555.226071] binder_alloc: 9902: binder_alloc_buf, no vma [ 555.226090] binder: 27509:27527 transaction failed 29189/-3, size 72-24 line 3136 [ 555.226562] binder: 27509:27527 Acquire 1 refcount change on invalid ref 3 ret -22 [ 555.226572] binder: 27509:27527 Release 1 refcount change on invalid ref 0 ret -22 [ 555.226578] binder: 27509:27527 got transaction to invalid handle [ 555.226587] binder: 27509:27527 transaction failed 29201/-22, size 0-24 line 3013 [ 555.270430] binder: BINDER_SET_CONTEXT_MGR already set [ 555.270439] binder: 27539:27541 ioctl 40046207 0 returned -16 [ 555.270537] binder_alloc: 9902: binder_alloc_buf, no vma [ 555.270556] binder: 27539:27541 transaction failed 29189/-3, size 72-24 line 3136 [ 555.270993] binder: 27539:27541 Acquire 1 refcount change on invalid ref 3 ret -22 [ 555.271001] binder: 27539:27541 Release 1 refcount change on invalid ref 0 ret -22 [ 555.271008] binder: 27539:27541 got transaction to invalid handle [ 555.271015] binder: 27539:27541 transaction failed 29201/-22, size 0-24 line 3013 [ 555.321323] binder: BINDER_SET_CONTEXT_MGR already set [ 555.321332] binder: 27552:27558 ioctl 40046207 0 returned -16 [ 555.321450] binder_alloc: 9902: binder_alloc_buf, no vma [ 555.321470] binder: 27552:27558 transaction failed 29189/-3, size 72-24 line 3136 [ 555.322075] binder: 27552:27558 Acquire 1 refcount change on invalid ref 3 ret -22 [ 555.322085] binder: 27552:27558 Release 1 refcount change on invalid ref 0 ret -22 [ 555.322091] binder: 27552:27558 got transaction to invalid handle [ 555.322100] binder: 27552:27558 transaction failed 29201/-22, size 0-24 line 3013 [ 555.498436] binder: BINDER_SET_CONTEXT_MGR already set [ 555.498445] binder: 27576:27597 ioctl 40046207 0 returned -16 [ 555.498565] binder_alloc: 9902: binder_alloc_buf, no vma [ 555.498583] binder: 27576:27597 transaction failed 29189/-3, size 72-24 line 3136 [ 555.499059] binder: 27576:27597 Acquire 1 refcount change on invalid ref 3 ret -22 [ 555.499067] binder: 27576:27597 Release 1 refcount change on invalid ref 0 ret -22 [ 555.499074] binder: 27576:27597 got transaction to invalid handle [ 555.499083] binder: 27576:27597 transaction failed 29201/-22, size 0-24 line 3013 [ 555.569633] binder: BINDER_SET_CONTEXT_MGR already set [ 555.569642] binder: 27608:27618 ioctl 40046207 0 returned -16 [ 555.570494] binder_alloc: 9902: binder_alloc_buf, no vma [ 555.570514] binder: 27608:27618 transaction failed 29189/-3, size 72-24 line 3136 [ 555.573809] binder: 27608:27618 Acquire 1 refcount change on invalid ref 3 ret -22 [ 555.573818] binder: 27608:27618 Release 1 refcount change on invalid ref 0 ret -22 [ 555.573825] binder: 27608:27618 got transaction to invalid handle [ 555.573833] binder: 27608:27618 transaction failed 29201/-22, size 0-24 line 3013 [ 555.653529] binder: BINDER_SET_CONTEXT_MGR already set [ 555.653540] binder: 27633:27641 ioctl 40046207 0 returned -16 [ 555.653652] binder_alloc: 9902: binder_alloc_buf, no vma [ 555.653683] binder: 27633:27641 transaction failed 29189/-3, size 72-24 line 3136 [ 555.656687] binder: 27633:27641 Acquire 1 refcount change on invalid ref 3 ret -22 [ 555.656696] binder: 27633:27641 Release 1 refcount change on invalid ref 0 ret -22 [ 555.656703] binder: 27633:27641 got transaction to invalid handle [ 555.656711] binder: 27633:27641 transaction failed 29201/-22, size 0-24 line 3013 [ 555.721301] binder: BINDER_SET_CONTEXT_MGR already set [ 555.721310] binder: 27651:27659 ioctl 40046207 0 returned -16 [ 555.721410] binder_alloc: 9902: binder_alloc_buf, no vma [ 555.721431] binder: 27651:27659 transaction failed 29189/-3, size 72-24 line 3136 [ 555.722875] binder: 27651:27659 Acquire 1 refcount change on invalid ref 3 ret -22 [ 555.722884] binder: 27651:27659 Release 1 refcount change on invalid ref 0 ret -22 [ 555.722890] binder: 27651:27659 got transaction to invalid handle [ 555.722899] binder: 27651:27659 transaction failed 29201/-22, size 0-24 line 3013 [ 555.833086] binder: BINDER_SET_CONTEXT_MGR already set [ 555.833095] binder: 27681:27686 ioctl 40046207 0 returned -16 [ 555.833213] binder_alloc: 9902: binder_alloc_buf, no vma [ 555.833235] binder: 27681:27686 transaction failed 29189/-3, size 72-24 line 3136 [ 555.847337] binder: 27681:27686 Acquire 1 refcount change on invalid ref 3 ret -22 [ 555.847349] binder: 27681:27686 Release 1 refcount change on invalid ref 0 ret -22 [ 555.847358] binder: 27681:27686 got transaction to invalid handle [ 555.847370] binder: 27681:27686 transaction failed 29201/-22, size 0-24 line 3013 [ 555.910752] binder: BINDER_SET_CONTEXT_MGR already set [ 555.910762] binder: 27700:27705 ioctl 40046207 0 returned -16 [ 555.910874] binder_alloc: 9902: binder_alloc_buf, no vma [ 555.910893] binder: 27700:27705 transaction failed 29189/-3, size 72-24 line 3136 [ 555.911462] binder: 27700:27705 Acquire 1 refcount change on invalid ref 3 ret -22 [ 555.911471] binder: 27700:27705 Release 1 refcount change on invalid ref 0 ret -22 [ 555.911478] binder: 27700:27705 got transaction to invalid handle [ 555.911487] binder: 27700:27705 transaction failed 29201/-22, size 0-24 line 3013 [ 555.972861] binder: BINDER_SET_CONTEXT_MGR already set [ 555.972870] binder: 27711:27720 ioctl 40046207 0 returned -16 [ 555.973133] binder_alloc: 9902: binder_alloc_buf, no vma [ 555.973164] binder: 27711:27720 transaction failed 29189/-3, size 72-24 line 3136 [ 555.974463] binder: 27711:27720 Acquire 1 refcount change on invalid ref 3 ret -22 [ 555.974473] binder: 27711:27720 Release 1 refcount change on invalid ref 0 ret -22 [ 555.974480] binder: 27711:27720 got transaction to invalid handle [ 555.974489] binder: 27711:27720 transaction failed 29201/-22, size 0-24 line 3013 [ 556.051191] binder: BINDER_SET_CONTEXT_MGR already set [ 556.051200] binder: 27737:27745 ioctl 40046207 0 returned -16 [ 556.051315] binder_alloc: 9902: binder_alloc_buf, no vma [ 556.051336] binder: 27737:27745 transaction failed 29189/-3, size 72-24 line 3136 [ 556.052076] binder: 27737:27745 Acquire 1 refcount change on invalid ref 3 ret -22 [ 556.052085] binder: 27737:27745 Release 1 refcount change on invalid ref 0 ret -22 [ 556.052091] binder: 27737:27745 got transaction to invalid handle [ 556.052113] binder: 27737:27745 transaction failed 29201/-22, size 0-24 line 3013 [ 556.168977] binder: BINDER_SET_CONTEXT_MGR already set [ 556.168985] binder: 27755:27769 ioctl 40046207 0 returned -16 [ 556.169547] binder_alloc: 9902: binder_alloc_buf, no vma [ 556.169568] binder: 27755:27769 transaction failed 29189/-3, size 72-24 line 3136 [ 556.171011] binder: 27755:27769 Acquire 1 refcount change on invalid ref 3 ret -22 [ 556.171020] binder: 27755:27769 Release 1 refcount change on invalid ref 0 ret -22 [ 556.171027] binder: 27755:27769 got transaction to invalid handle [ 556.171035] binder: 27755:27769 transaction failed 29201/-22, size 0-24 line 3013 [ 556.238469] binder: BINDER_SET_CONTEXT_MGR already set [ 556.238477] binder: 27785:27791 ioctl 40046207 0 returned -16 [ 556.239551] binder_alloc: 9902: binder_alloc_buf, no vma [ 556.239570] binder: 27785:27791 transaction failed 29189/-3, size 72-24 line 3136 [ 556.242388] binder: 27785:27791 Acquire 1 refcount change on invalid ref 3 ret -22 [ 556.242396] binder: 27785:27791 Release 1 refcount change on invalid ref 0 ret -22 [ 556.242403] binder: 27785:27791 got transaction to invalid handle [ 556.242411] binder: 27785:27791 transaction failed 29201/-22, size 0-24 line 3013 [ 556.315296] binder: BINDER_SET_CONTEXT_MGR already set [ 556.315307] binder: 27802:27816 ioctl 40046207 0 returned -16 [ 556.316376] binder_alloc: 9902: binder_alloc_buf, no vma [ 556.316396] binder: 27802:27816 transaction failed 29189/-3, size 72-24 line 3136 [ 556.317525] binder: 27802:27816 Acquire 1 refcount change on invalid ref 3 ret -22 [ 556.317534] binder: 27802:27816 Release 1 refcount change on invalid ref 0 ret -22 [ 556.317542] binder: 27802:27816 got transaction to invalid handle [ 556.317551] binder: 27802:27816 transaction failed 29201/-22, size 0-24 line 3013 [ 556.390840] binder: BINDER_SET_CONTEXT_MGR already set [ 556.390851] binder: 27826:27837 ioctl 40046207 0 returned -16 [ 556.393683] binder_alloc: 9902: binder_alloc_buf, no vma [ 556.397885] binder: 27826:27837 transaction failed 29189/-3, size 72-24 line 3136 [ 556.401692] binder: 27826:27837 Acquire 1 refcount change on invalid ref 3 ret -22 [ 556.401702] binder: 27826:27837 Release 1 refcount change on invalid ref 0 ret -22 [ 556.401709] binder: 27826:27837 got transaction to invalid handle [ 556.401718] binder: 27826:27837 transaction failed 29201/-22, size 0-24 line 3013 [ 556.462261] binder: BINDER_SET_CONTEXT_MGR already set [ 556.462271] binder: 27847:27856 ioctl 40046207 0 returned -16 [ 556.462572] binder_alloc: 9902: binder_alloc_buf, no vma [ 556.462592] binder: 27847:27856 transaction failed 29189/-3, size 72-24 line 3136 [ 556.474342] binder: 27847:27856 Acquire 1 refcount change on invalid ref 3 ret -22 [ 556.474353] binder: 27847:27856 Release 1 refcount change on invalid ref 0 ret -22 [ 556.474363] binder: 27847:27856 got transaction to invalid handle [ 556.474373] binder: 27847:27856 transaction failed 29201/-22, size 0-24 line 3013 [ 556.534286] binder: BINDER_SET_CONTEXT_MGR already set [ 556.534297] binder: 27863:27871 ioctl 40046207 0 returned -16 [ 556.534416] binder_alloc: 9902: binder_alloc_buf, no vma [ 556.534437] binder: 27863:27871 transaction failed 29189/-3, size 72-24 line 3136 [ 556.534916] binder: 27863:27871 Acquire 1 refcount change on invalid ref 3 ret -22 [ 556.534924] binder: 27863:27871 Release 1 refcount change on invalid ref 0 ret -22 [ 556.534931] binder: 27863:27871 got transaction to invalid handle [ 556.534938] binder: 27863:27871 transaction failed 29201/-22, size 0-24 line 3013 [ 556.618271] binder: BINDER_SET_CONTEXT_MGR already set [ 556.618282] binder: 27881:27884 ioctl 40046207 0 returned -16 [ 556.618385] binder_alloc: 9902: binder_alloc_buf, no vma [ 556.618405] binder: 27881:27884 transaction failed 29189/-3, size 72-24 line 3136 [ 556.619152] binder: 27881:27884 Acquire 1 refcount change on invalid ref 3 ret -22 [ 556.619173] binder: 27881:27884 Release 1 refcount change on invalid ref 0 ret -22 [ 556.619180] binder: 27881:27884 got transaction to invalid handle [ 556.619188] binder: 27881:27884 transaction failed 29201/-22, size 0-24 line 3013 [ 556.714020] binder: BINDER_SET_CONTEXT_MGR already set [ 556.714029] binder: 27903:27915 ioctl 40046207 0 returned -16 [ 556.714148] binder_alloc: 9902: binder_alloc_buf, no vma [ 556.714177] binder: 27903:27915 transaction failed 29189/-3, size 72-24 line 3136 [ 556.717231] binder: 27903:27915 Acquire 1 refcount change on invalid ref 3 ret -22 [ 556.717240] binder: 27903:27915 Release 1 refcount change on invalid ref 0 ret -22 [ 556.717247] binder: 27903:27915 got transaction to invalid handle [ 556.717255] binder: 27903:27915 transaction failed 29201/-22, size 0-24 line 3013 [ 556.792940] binder: BINDER_SET_CONTEXT_MGR already set [ 556.792949] binder: 27929:27939 ioctl 40046207 0 returned -16 [ 556.793084] binder_alloc: 9902: binder_alloc_buf, no vma [ 556.793104] binder: 27929:27939 transaction failed 29189/-3, size 72-24 line 3136 [ 556.801348] binder: 27929:27939 Acquire 1 refcount change on invalid ref 3 ret -22 [ 556.801359] binder: 27929:27939 Release 1 refcount change on invalid ref 0 ret -22 [ 556.801367] binder: 27929:27939 got transaction to invalid handle [ 556.801376] binder: 27929:27939 transaction failed 29201/-22, size 0-24 line 3013 [ 556.875835] binder: BINDER_SET_CONTEXT_MGR already set [ 556.875844] binder: 27954:27963 ioctl 40046207 0 returned -16 [ 556.875947] binder_alloc: 9902: binder_alloc_buf, no vma [ 556.875966] binder: 27954:27963 transaction failed 29189/-3, size 72-24 line 3136 [ 556.878130] binder: 27954:27963 Acquire 1 refcount change on invalid ref 3 ret -22 [ 556.878139] binder: 27954:27963 Release 1 refcount change on invalid ref 0 ret -22 [ 556.878145] binder: 27954:27963 got transaction to invalid handle [ 556.878162] binder: 27954:27963 transaction failed 29201/-22, size 0-24 line 3013 [ 556.932387] binder: BINDER_SET_CONTEXT_MGR already set [ 556.932396] binder: 27968:27975 ioctl 40046207 0 returned -16 [ 556.932510] binder_alloc: 9902: binder_alloc_buf, no vma [ 556.932530] binder: 27968:27975 transaction failed 29189/-3, size 72-24 line 3136 [ 556.933006] binder: 27968:27975 Acquire 1 refcount change on invalid ref 3 ret -22 [ 556.933014] binder: 27968:27975 Release 1 refcount change on invalid ref 0 ret -22 [ 556.933021] binder: 27968:27975 got transaction to invalid handle [ 556.933029] binder: 27968:27975 transaction failed 29201/-22, size 0-24 line 3013 [ 557.017023] binder: BINDER_SET_CONTEXT_MGR already set [ 557.017031] binder: 27987:27995 ioctl 40046207 0 returned -16 [ 557.017148] binder_alloc: 9902: binder_alloc_buf, no vma [ 557.017178] binder: 27987:27995 transaction failed 29189/-3, size 72-24 line 3136 [ 557.017682] binder: 27987:27995 Acquire 1 refcount change on invalid ref 3 ret -22 [ 557.017690] binder: 27987:27995 Release 1 refcount change on invalid ref 0 ret -22 [ 557.017697] binder: 27987:27995 got transaction to invalid handle [ 557.017704] binder: 27987:27995 transaction failed 29201/-22, size 0-24 line 3013 [ 557.100143] binder: BINDER_SET_CONTEXT_MGR already set [ 557.100151] binder: 28009:28012 ioctl 40046207 0 returned -16 [ 557.100280] binder_alloc: 9902: binder_alloc_buf, no vma [ 557.101053] binder: 28009:28012 transaction failed 29189/-3, size 72-24 line 3136 [ 557.101554] binder: 28009:28012 Acquire 1 refcount change on invalid ref 3 ret -22 [ 557.101563] binder: 28009:28012 Release 1 refcount change on invalid ref 0 ret -22 [ 557.101570] binder: 28009:28012 got transaction to invalid handle [ 557.101578] binder: 28009:28012 transaction failed 29201/-22, size 0-24 line 3013 [ 557.177193] binder: BINDER_SET_CONTEXT_MGR already set [ 557.177202] binder: 28026:28034 ioctl 40046207 0 returned -16 [ 557.177299] binder_alloc: 9902: binder_alloc_buf, no vma [ 557.177318] binder: 28026:28034 transaction failed 29189/-3, size 72-24 line 3136 [ 557.181026] binder: 28026:28034 Acquire 1 refcount change on invalid ref 3 ret -22 [ 557.181035] binder: 28026:28034 Release 1 refcount change on invalid ref 0 ret -22 [ 557.181042] binder: 28026:28034 got transaction to invalid handle [ 557.181050] binder: 28026:28034 transaction failed 29201/-22, size 0-24 line 3013 [ 557.257002] binder: BINDER_SET_CONTEXT_MGR already set [ 557.257012] binder: 28047:28053 ioctl 40046207 0 returned -16 [ 557.257133] binder_alloc: 9902: binder_alloc_buf, no vma [ 557.257153] binder: 28047:28053 transaction failed 29189/-3, size 72-24 line 3136 [ 557.266150] binder: 28047:28053 Acquire 1 refcount change on invalid ref 3 ret -22 [ 557.266159] binder: 28047:28053 Release 1 refcount change on invalid ref 0 ret -22 [ 557.266166] binder: 28047:28053 got transaction to invalid handle [ 557.266175] binder: 28047:28053 transaction failed 29201/-22, size 0-24 line 3013 [ 557.340912] binder: BINDER_SET_CONTEXT_MGR already set [ 557.340923] binder: 28071:28077 ioctl 40046207 0 returned -16 [ 557.342121] binder_alloc: 9902: binder_alloc_buf, no vma [ 557.342141] binder: 28071:28077 transaction failed 29189/-3, size 72-24 line 3136 [ 557.356356] binder: 28071:28077 Acquire 1 refcount change on invalid ref 3 ret -22 [ 557.356422] binder: 28071:28077 Release 1 refcount change on invalid ref 0 ret -22 [ 557.356430] binder: 28071:28077 got transaction to invalid handle [ 557.356439] binder: 28071:28077 transaction failed 29201/-22, size 0-24 line 3013 [ 557.475375] binder: BINDER_SET_CONTEXT_MGR already set [ 557.475384] binder: 28103:28115 ioctl 40046207 0 returned -16 [ 557.475495] binder_alloc: 9902: binder_alloc_buf, no vma [ 557.475514] binder: 28103:28115 transaction failed 29189/-3, size 72-24 line 3136 [ 557.477875] binder: 28103:28115 Acquire 1 refcount change on invalid ref 3 ret -22 [ 557.477884] binder: 28103:28115 Release 1 refcount change on invalid ref 0 ret -22 [ 557.477890] binder: 28103:28115 got transaction to invalid handle [ 557.477898] binder: 28103:28115 transaction failed 29201/-22, size 0-24 line 3013 [ 557.549682] binder: BINDER_SET_CONTEXT_MGR already set [ 557.549691] binder: 28125:28126 ioctl 40046207 0 returned -16 [ 557.549994] binder_alloc: 9902: binder_alloc_buf, no vma [ 557.550014] binder: 28125:28126 transaction failed 29189/-3, size 72-24 line 3136 [ 557.550551] binder: 28125:28126 Acquire 1 refcount change on invalid ref 3 ret -22 [ 557.550556] binder: 28125:28126 Release 1 refcount change on invalid ref 0 ret -22 [ 557.550560] binder: 28125:28126 got transaction to invalid handle [ 557.550565] binder: 28125:28126 transaction failed 29201/-22, size 0-24 line 3013 [ 557.607171] binder: BINDER_SET_CONTEXT_MGR already set [ 557.607180] binder: 28144:28149 ioctl 40046207 0 returned -16 [ 557.607296] binder_alloc: 9902: binder_alloc_buf, no vma [ 557.607316] binder: 28144:28149 transaction failed 29189/-3, size 72-24 line 3136 [ 557.608027] binder: 28144:28149 Acquire 1 refcount change on invalid ref 3 ret -22 [ 557.608036] binder: 28144:28149 Release 1 refcount change on invalid ref 0 ret -22 [ 557.608043] binder: 28144:28149 got transaction to invalid handle [ 557.608051] binder: 28144:28149 transaction failed 29201/-22, size 0-24 line 3013 [ 557.663515] binder: BINDER_SET_CONTEXT_MGR already set [ 557.663524] binder: 28156:28163 ioctl 40046207 0 returned -16 [ 557.663639] binder_alloc: 9902: binder_alloc_buf, no vma [ 557.663658] binder: 28156:28163 transaction failed 29189/-3, size 72-24 line 3136 [ 557.664647] binder: 28156:28163 Acquire 1 refcount change on invalid ref 3 ret -22 [ 557.664656] binder: 28156:28163 Release 1 refcount change on invalid ref 0 ret -22 [ 557.664662] binder: 28156:28163 got transaction to invalid handle [ 557.664670] binder: 28156:28163 transaction failed 29201/-22, size 0-24 line 3013 [ 557.735850] binder: BINDER_SET_CONTEXT_MGR already set [ 557.735859] binder: 28176:28185 ioctl 40046207 0 returned -16 [ 557.735969] binder_alloc: 9902: binder_alloc_buf, no vma [ 557.735988] binder: 28176:28185 transaction failed 29189/-3, size 72-24 line 3136 [ 557.738126] binder: 28176:28185 Acquire 1 refcount change on invalid ref 3 ret -22 [ 557.738135] binder: 28176:28185 Release 1 refcount change on invalid ref 0 ret -22 [ 557.738142] binder: 28176:28185 got transaction to invalid handle [ 557.738150] binder: 28176:28185 transaction failed 29201/-22, size 0-24 line 3013 [ 557.784545] binder: BINDER_SET_CONTEXT_MGR already set [ 557.784554] binder: 28192:28195 ioctl 40046207 0 returned -16 [ 557.784667] binder_alloc: 9902: binder_alloc_buf, no vma [ 557.784685] binder: 28192:28195 transaction failed 29189/-3, size 72-24 line 3136 [ 557.787587] binder: 28192:28195 Acquire 1 refcount change on invalid ref 3 ret -22 [ 557.787596] binder: 28192:28195 Release 1 refcount change on invalid ref 0 ret -22 [ 557.787602] binder: 28192:28195 got transaction to invalid handle [ 557.787610] binder: 28192:28195 transaction failed 29201/-22, size 0-24 line 3013 [ 557.848731] binder: BINDER_SET_CONTEXT_MGR already set [ 557.848740] binder: 28203:28206 ioctl 40046207 0 returned -16 [ 557.849061] binder_alloc: 9902: binder_alloc_buf, no vma [ 557.849080] binder: 28203:28206 transaction failed 29189/-3, size 72-24 line 3136 [ 557.850535] binder: 28203:28206 Acquire 1 refcount change on invalid ref 3 ret -22 [ 557.850543] binder: 28203:28206 Release 1 refcount change on invalid ref 0 ret -22 [ 557.850550] binder: 28203:28206 got transaction to invalid handle [ 557.850558] binder: 28203:28206 transaction failed 29201/-22, size 0-24 line 3013 [ 557.923972] binder: BINDER_SET_CONTEXT_MGR already set [ 557.923980] binder: 28226:28235 ioctl 40046207 0 returned -16 [ 557.926553] binder_alloc: 9902: binder_alloc_buf, no vma [ 557.926571] binder: 28226:28235 transaction failed 29189/-3, size 72-24 line 3136 [ 557.929910] binder: 28226:28235 Acquire 1 refcount change on invalid ref 3 ret -22 [ 557.929920] binder: 28226:28235 Release 1 refcount change on invalid ref 0 ret -22 [ 557.929927] binder: 28226:28235 got transaction to invalid handle [ 557.929935] binder: 28226:28235 transaction failed 29201/-22, size 0-24 line 3013 [ 557.992572] binder: BINDER_SET_CONTEXT_MGR already set [ 557.992581] binder: 28245:28252 ioctl 40046207 0 returned -16 [ 557.992709] binder_alloc: 9902: binder_alloc_buf, no vma [ 557.992728] binder: 28245:28252 transaction failed 29189/-3, size 72-24 line 3136 [ 557.993264] binder: 28245:28252 Acquire 1 refcount change on invalid ref 3 ret -22 [ 557.993274] binder: 28245:28252 Release 1 refcount change on invalid ref 0 ret -22 [ 557.993281] binder: 28245:28252 got transaction to invalid handle [ 557.993290] binder: 28245:28252 transaction failed 29201/-22, size 0-24 line 3013 [ 558.052272] binder: BINDER_SET_CONTEXT_MGR already set [ 558.052281] binder: 28265:28272 ioctl 40046207 0 returned -16 [ 558.052517] binder_alloc: 9902: binder_alloc_buf, no vma [ 558.052537] binder: 28265:28272 transaction failed 29189/-3, size 72-24 line 3136 [ 558.054534] binder: 28265:28272 Acquire 1 refcount change on invalid ref 3 ret -22 [ 558.054544] binder: 28265:28272 Release 1 refcount change on invalid ref 0 ret -22 [ 558.054551] binder: 28265:28272 got transaction to invalid handle [ 558.054559] binder: 28265:28272 transaction failed 29201/-22, size 0-24 line 3013 [ 558.124223] binder: BINDER_SET_CONTEXT_MGR already set [ 558.124233] binder: 28284:28294 ioctl 40046207 0 returned -16 [ 558.124342] binder_alloc: 9902: binder_alloc_buf, no vma [ 558.124361] binder: 28284:28294 transaction failed 29189/-3, size 72-24 line 3136 [ 558.125005] binder: 28284:28294 Acquire 1 refcount change on invalid ref 3 ret -22 [ 558.125014] binder: 28284:28294 Release 1 refcount change on invalid ref 0 ret -22 [ 558.125021] binder: 28284:28294 got transaction to invalid handle [ 558.125029] binder: 28284:28294 transaction failed 29201/-22, size 0-24 line 3013 [ 558.204415] binder: BINDER_SET_CONTEXT_MGR already set [ 558.204425] binder: 28309:28314 ioctl 40046207 0 returned -16 [ 558.204527] binder_alloc: 9902: binder_alloc_buf, no vma [ 558.204545] binder: 28309:28314 transaction failed 29189/-3, size 72-24 line 3136 [ 558.205655] binder: 28309:28314 Acquire 1 refcount change on invalid ref 3 ret -22 [ 558.205663] binder: 28309:28314 Release 1 refcount change on invalid ref 0 ret -22 [ 558.205670] binder: 28309:28314 got transaction to invalid handle [ 558.205677] binder: 28309:28314 transaction failed 29201/-22, size 0-24 line 3013 [ 558.262747] binder: BINDER_SET_CONTEXT_MGR already set [ 558.262756] binder: 28321:28323 ioctl 40046207 0 returned -16 [ 558.262871] binder_alloc: 9902: binder_alloc_buf, no vma [ 558.262897] binder: 28321:28323 transaction failed 29189/-3, size 72-24 line 3136 [ 558.263476] binder: 28321:28323 Acquire 1 refcount change on invalid ref 3 ret -22 [ 558.263485] binder: 28321:28323 Release 1 refcount change on invalid ref 0 ret -22 [ 558.263511] binder: 28321:28323 got transaction to invalid handle [ 558.263528] binder: 28321:28323 transaction failed 29201/-22, size 0-24 line 3013 [ 558.355791] binder: BINDER_SET_CONTEXT_MGR already set [ 558.355801] binder: 28346:28350 ioctl 40046207 0 returned -16 [ 558.355901] binder_alloc: 9902: binder_alloc_buf, no vma [ 558.355919] binder: 28346:28350 transaction failed 29189/-3, size 72-24 line 3136 [ 558.378916] binder: 28346:28350 Acquire 1 refcount change on invalid ref 3 ret -22 [ 558.378928] binder: 28346:28350 Release 1 refcount change on invalid ref 0 ret -22 [ 558.378935] binder: 28346:28350 got transaction to invalid handle [ 558.378944] binder: 28346:28350 transaction failed 29201/-22, size 0-24 line 3013 [ 558.458282] binder: BINDER_SET_CONTEXT_MGR already set [ 558.458292] binder: 28372:28377 ioctl 40046207 0 returned -16 [ 558.458411] binder_alloc: 9902: binder_alloc_buf, no vma [ 558.458431] binder: 28372:28377 transaction failed 29189/-3, size 72-24 line 3136 [ 558.459385] binder: 28372:28377 Acquire 1 refcount change on invalid ref 3 ret -22 [ 558.459394] binder: 28372:28377 Release 1 refcount change on invalid ref 0 ret -22 [ 558.459401] binder: 28372:28377 got transaction to invalid handle [ 558.459409] binder: 28372:28377 transaction failed 29201/-22, size 0-24 line 3013 [ 558.530764] binder: BINDER_SET_CONTEXT_MGR already set [ 558.530773] binder: 28391:28398 ioctl 40046207 0 returned -16 [ 558.530875] binder_alloc: 9902: binder_alloc_buf, no vma [ 558.530893] binder: 28391:28398 transaction failed 29189/-3, size 72-24 line 3136 [ 558.536812] binder: 28391:28398 Acquire 1 refcount change on invalid ref 3 ret -22 [ 558.536820] binder: 28391:28398 Release 1 refcount change on invalid ref 0 ret -22 [ 558.536827] binder: 28391:28398 got transaction to invalid handle [ 558.536834] binder: 28391:28398 transaction failed 29201/-22, size 0-24 line 3013 [ 558.615308] binder: BINDER_SET_CONTEXT_MGR already set [ 558.615317] binder: 28409:28414 ioctl 40046207 0 returned -16 [ 558.615423] binder_alloc: 9902: binder_alloc_buf, no vma [ 558.615442] binder: 28409:28414 transaction failed 29189/-3, size 72-24 line 3136 [ 558.631535] binder: 28409:28414 Acquire 1 refcount change on invalid ref 3 ret -22 [ 558.631542] binder: 28409:28414 Release 1 refcount change on invalid ref 0 ret -22 [ 558.631548] binder: 28409:28414 got transaction to invalid handle [ 558.631555] binder: 28409:28414 transaction failed 29201/-22, size 0-24 line 3013 [ 558.815665] binder: BINDER_SET_CONTEXT_MGR already set [ 558.815674] binder: 28437:28445 ioctl 40046207 0 returned -16 [ 558.815790] binder_alloc: 9902: binder_alloc_buf, no vma [ 558.815810] binder: 28437:28445 transaction failed 29189/-3, size 72-24 line 3136 [ 558.824537] binder: 28437:28445 Acquire 1 refcount change on invalid ref 3 ret -22 [ 558.824556] binder: 28437:28445 Release 1 refcount change on invalid ref 0 ret -22 [ 558.824585] binder: 28437:28445 got transaction to invalid handle [ 558.824595] binder: 28437:28445 transaction failed 29201/-22, size 0-24 line 3013 [ 558.857986] binder: BINDER_SET_CONTEXT_MGR already set [ 558.857994] binder: 28468:28471 ioctl 40046207 0 returned -16 [ 558.858113] binder_alloc: 9902: binder_alloc_buf, no vma [ 558.858133] binder: 28468:28471 transaction failed 29189/-3, size 72-24 line 3136 [ 558.858607] binder: 28468:28471 Acquire 1 refcount change on invalid ref 3 ret -22 [ 558.858617] binder: 28468:28471 Release 1 refcount change on invalid ref 0 ret -22 [ 558.858623] binder: 28468:28471 got transaction to invalid handle [ 558.858632] binder: 28468:28471 transaction failed 29201/-22, size 0-24 line 3013 [ 558.956396] binder: BINDER_SET_CONTEXT_MGR already set [ 558.956405] binder: 28495:28499 ioctl 40046207 0 returned -16 [ 558.956514] binder_alloc: 9902: binder_alloc_buf, no vma [ 558.956533] binder: 28495:28499 transaction failed 29189/-3, size 72-24 line 3136 [ 559.027273] binder: 28495:28509 Acquire 1 refcount change on invalid ref 3 ret -22 [ 559.027284] binder: 28495:28509 Release 1 refcount change on invalid ref 0 ret -22 [ 559.027293] binder: 28495:28509 got transaction to invalid handle [ 559.027305] binder: 28495:28509 transaction failed 29201/-22, size 0-24 line 3013 [ 559.101877] binder: BINDER_SET_CONTEXT_MGR already set [ 559.101886] binder: 28516:28523 ioctl 40046207 0 returned -16 [ 559.101989] binder_alloc: 9902: binder_alloc_buf, no vma [ 559.102009] binder: 28516:28523 transaction failed 29189/-3, size 72-24 line 3136 [ 559.102476] binder: 28516:28523 Acquire 1 refcount change on invalid ref 3 ret -22 [ 559.102485] binder: 28516:28523 Release 1 refcount change on invalid ref 0 ret -22 [ 559.102491] binder: 28516:28523 got transaction to invalid handle [ 559.102499] binder: 28516:28523 transaction failed 29201/-22, size 0-24 line 3013 [ 559.179398] binder: BINDER_SET_CONTEXT_MGR already set [ 559.179407] binder: 28534:28542 ioctl 40046207 0 returned -16 [ 559.179521] binder_alloc: 9902: binder_alloc_buf, no vma [ 559.179540] binder: 28534:28542 transaction failed 29189/-3, size 72-24 line 3136 [ 559.180985] binder: 28534:28542 Acquire 1 refcount change on invalid ref 3 ret -22 [ 559.181001] binder: 28534:28542 Release 1 refcount change on invalid ref 0 ret -22 [ 559.181065] binder: 28534:28542 got transaction to invalid handle [ 559.181073] binder: 28534:28542 transaction failed 29201/-22, size 0-24 line 3013 [ 559.229468] binder: BINDER_SET_CONTEXT_MGR already set [ 559.229477] binder: 28548:28552 ioctl 40046207 0 returned -16 [ 559.229869] binder_alloc: 9902: binder_alloc_buf, no vma [ 559.229889] binder: 28548:28552 transaction failed 29189/-3, size 72-24 line 3136 [ 559.231022] binder: 28548:28552 Acquire 1 refcount change on invalid ref 3 ret -22 [ 559.231031] binder: 28548:28552 Release 1 refcount change on invalid ref 0 ret -22 [ 559.231038] binder: 28548:28552 got transaction to invalid handle [ 559.231046] binder: 28548:28552 transaction failed 29201/-22, size 0-24 line 3013 [ 559.272269] binder: BINDER_SET_CONTEXT_MGR already set [ 559.272278] binder: 28563:28569 ioctl 40046207 0 returned -16 [ 559.272389] binder_alloc: 9902: binder_alloc_buf, no vma [ 559.272408] binder: 28563:28569 transaction failed 29189/-3, size 72-24 line 3136 [ 559.273338] binder: 28563:28569 Acquire 1 refcount change on invalid ref 3 ret -22 [ 559.273347] binder: 28563:28569 Release 1 refcount change on invalid ref 0 ret -22 [ 559.273353] binder: 28563:28569 got transaction to invalid handle [ 559.273361] binder: 28563:28569 transaction failed 29201/-22, size 0-24 line 3013 [ 559.340499] binder: BINDER_SET_CONTEXT_MGR already set [ 559.340508] binder: 28577:28583 ioctl 40046207 0 returned -16 [ 559.340616] binder_alloc: 9902: binder_alloc_buf, no vma [ 559.340636] binder: 28577:28583 transaction failed 29189/-3, size 72-24 line 3136 [ 559.341091] binder: 28577:28583 Acquire 1 refcount change on invalid ref 3 ret -22 [ 559.341100] binder: 28577:28583 Release 1 refcount change on invalid ref 0 ret -22 [ 559.341107] binder: 28577:28583 got transaction to invalid handle [ 559.341115] binder: 28577:28583 transaction failed 29201/-22, size 0-24 line 3013 [ 559.425031] binder: BINDER_SET_CONTEXT_MGR already set [ 559.425040] binder: 28597:28603 ioctl 40046207 0 returned -16 [ 559.425599] binder_alloc: 9902: binder_alloc_buf, no vma [ 559.425617] binder: 28597:28603 transaction failed 29189/-3, size 72-24 line 3136 [ 559.426698] binder: 28597:28603 Acquire 1 refcount change on invalid ref 3 ret -22 [ 559.426708] binder: 28597:28603 Release 1 refcount change on invalid ref 0 ret -22 [ 559.426714] binder: 28597:28603 got transaction to invalid handle [ 559.426724] binder: 28597:28603 transaction failed 29201/-22, size 0-24 line 3013 [ 559.465397] binder: BINDER_SET_CONTEXT_MGR already set [ 559.465405] binder: 28612:28616 ioctl 40046207 0 returned -16 [ 559.465594] binder_alloc: 9902: binder_alloc_buf, no vma [ 559.465614] binder: 28612:28616 transaction failed 29189/-3, size 72-24 line 3136 [ 559.466045] binder: 28612:28616 Acquire 1 refcount change on invalid ref 3 ret -22 [ 559.466054] binder: 28612:28616 Release 1 refcount change on invalid ref 0 ret -22 [ 559.466061] binder: 28612:28616 got transaction to invalid handle [ 559.466069] binder: 28612:28616 transaction failed 29201/-22, size 0-24 line 3013 [ 559.559637] binder: BINDER_SET_CONTEXT_MGR already set [ 559.559646] binder: 28632:28634 ioctl 40046207 0 returned -16 [ 559.559952] binder_alloc: 9902: binder_alloc_buf, no vma [ 559.559974] binder: 28632:28634 transaction failed 29189/-3, size 72-24 line 3136 [ 559.562429] binder: 28632:28634 Acquire 1 refcount change on invalid ref 3 ret -22 [ 559.562438] binder: 28632:28634 Release 1 refcount change on invalid ref 0 ret -22 [ 559.562444] binder: 28632:28634 got transaction to invalid handle [ 559.562453] binder: 28632:28634 transaction failed 29201/-22, size 0-24 line 3013 [ 559.615832] binder: BINDER_SET_CONTEXT_MGR already set [ 559.615841] binder: 28647:28655 ioctl 40046207 0 returned -16 [ 559.615952] binder_alloc: 9902: binder_alloc_buf, no vma [ 559.615971] binder: 28647:28655 transaction failed 29189/-3, size 72-24 line 3136 [ 559.633405] binder: 28647:28655 Acquire 1 refcount change on invalid ref 3 ret -22 [ 559.633415] binder: 28647:28655 Release 1 refcount change on invalid ref 0 ret -22 [ 559.633422] binder: 28647:28655 got transaction to invalid handle [ 559.633431] binder: 28647:28655 transaction failed 29201/-22, size 0-24 line 3013 [ 559.692280] binder: BINDER_SET_CONTEXT_MGR already set [ 559.692289] binder: 28668:28673 ioctl 40046207 0 returned -16 [ 559.692392] binder_alloc: 9902: binder_alloc_buf, no vma [ 559.692411] binder: 28668:28673 transaction failed 29189/-3, size 72-24 line 3136 [ 559.693533] binder: 28668:28673 Acquire 1 refcount change on invalid ref 3 ret -22 [ 559.693543] binder: 28668:28673 Release 1 refcount change on invalid ref 0 ret -22 [ 559.693549] binder: 28668:28673 got transaction to invalid handle [ 559.693557] binder: 28668:28673 transaction failed 29201/-22, size 0-24 line 3013 [ 559.753401] binder: BINDER_SET_CONTEXT_MGR already set [ 559.753410] binder: 28687:28693 ioctl 40046207 0 returned -16 [ 559.753524] binder_alloc: 9902: binder_alloc_buf, no vma [ 559.753544] binder: 28687:28693 transaction failed 29189/-3, size 72-24 line 3136 [ 559.755530] binder: 28687:28693 Acquire 1 refcount change on invalid ref 3 ret -22 [ 559.755540] binder: 28687:28693 Release 1 refcount change on invalid ref 0 ret -22 [ 559.755546] binder: 28687:28693 got transaction to invalid handle [ 559.755554] binder: 28687:28693 transaction failed 29201/-22, size 0-24 line 3013 [ 559.807530] binder: BINDER_SET_CONTEXT_MGR already set [ 559.807539] binder: 28703:28711 ioctl 40046207 0 returned -16 [ 559.807647] binder_alloc: 9902: binder_alloc_buf, no vma [ 559.807676] binder: 28703:28711 transaction failed 29189/-3, size 72-24 line 3136 [ 559.808233] binder: 28703:28711 Acquire 1 refcount change on invalid ref 3 ret -22 [ 559.808242] binder: 28703:28711 Release 1 refcount change on invalid ref 0 ret -22 [ 559.808249] binder: 28703:28711 got transaction to invalid handle [ 559.808257] binder: 28703:28711 transaction failed 29201/-22, size 0-24 line 3013 [ 559.881517] binder: BINDER_SET_CONTEXT_MGR already set [ 559.881527] binder: 28721:28732 ioctl 40046207 0 returned -16 [ 559.882428] binder_alloc: 9902: binder_alloc_buf, no vma [ 559.882455] binder: 28721:28732 transaction failed 29189/-3, size 72-24 line 3136 [ 559.887638] binder: 28721:28732 Acquire 1 refcount change on invalid ref 3 ret -22 [ 559.887648] binder: 28721:28732 Release 1 refcount change on invalid ref 0 ret -22 [ 559.887655] binder: 28721:28732 got transaction to invalid handle [ 559.887664] binder: 28721:28732 transaction failed 29201/-22, size 0-24 line 3013 [ 559.985148] binder: BINDER_SET_CONTEXT_MGR already set [ 559.985167] binder: 28751:28757 ioctl 40046207 0 returned -16 [ 559.987304] binder_alloc: 9902: binder_alloc_buf, no vma [ 559.987324] binder: 28751:28757 transaction failed 29189/-3, size 72-24 line 3136 [ 559.987799] binder: 28751:28757 Acquire 1 refcount change on invalid ref 3 ret -22 [ 559.987808] binder: 28751:28757 Release 1 refcount change on invalid ref 0 ret -22 [ 559.987815] binder: 28751:28757 got transaction to invalid handle [ 559.987824] binder: 28751:28757 transaction failed 29201/-22, size 0-24 line 3013 [ 560.077246] binder: BINDER_SET_CONTEXT_MGR already set [ 560.077256] binder: 28771:28779 ioctl 40046207 0 returned -16 [ 560.077366] binder_alloc: 9902: binder_alloc_buf, no vma [ 560.077387] binder: 28771:28779 transaction failed 29189/-3, size 72-24 line 3136 [ 560.078100] binder: 28771:28779 Acquire 1 refcount change on invalid ref 3 ret -22 [ 560.078109] binder: 28771:28779 Release 1 refcount change on invalid ref 0 ret -22 [ 560.078116] binder: 28771:28779 got transaction to invalid handle [ 560.078124] binder: 28771:28779 transaction failed 29201/-22, size 0-24 line 3013 [ 560.123100] binder: BINDER_SET_CONTEXT_MGR already set [ 560.123109] binder: 28789:28791 ioctl 40046207 0 returned -16 [ 560.123217] binder_alloc: 9902: binder_alloc_buf, no vma [ 560.123237] binder: 28789:28791 transaction failed 29189/-3, size 72-24 line 3136 [ 560.124055] binder: 28789:28791 Acquire 1 refcount change on invalid ref 3 ret -22 [ 560.124063] binder: 28789:28791 Release 1 refcount change on invalid ref 0 ret -22 [ 560.124070] binder: 28789:28791 got transaction to invalid handle [ 560.124077] binder: 28789:28791 transaction failed 29201/-22, size 0-24 line 3013 [ 560.193385] binder: BINDER_SET_CONTEXT_MGR already set [ 560.193393] binder: 28808:28813 ioctl 40046207 0 returned -16 [ 560.193572] binder_alloc: 9902: binder_alloc_buf, no vma [ 560.193591] binder: 28808:28813 transaction failed 29189/-3, size 72-24 line 3136 [ 560.200732] binder: 28808:28813 Acquire 1 refcount change on invalid ref 3 ret -22 [ 560.200743] binder: 28808:28813 Release 1 refcount change on invalid ref 0 ret -22 [ 560.200750] binder: 28808:28813 got transaction to invalid handle [ 560.200758] binder: 28808:28813 transaction failed 29201/-22, size 0-24 line 3013 [ 560.299001] binder: BINDER_SET_CONTEXT_MGR already set [ 560.299010] binder: 28836:28839 ioctl 40046207 0 returned -16 [ 560.299124] binder_alloc: 9902: binder_alloc_buf, no vma [ 560.299144] binder: 28836:28839 transaction failed 29189/-3, size 72-24 line 3136 [ 560.299602] binder: 28836:28839 Acquire 1 refcount change on invalid ref 3 ret -22 [ 560.299611] binder: 28836:28839 Release 1 refcount change on invalid ref 0 ret -22 [ 560.299618] binder: 28836:28839 got transaction to invalid handle [ 560.299626] binder: 28836:28839 transaction failed 29201/-22, size 0-24 line 3013 [ 560.368647] binder: BINDER_SET_CONTEXT_MGR already set [ 560.368655] binder: 28851:28856 ioctl 40046207 0 returned -16 [ 560.368766] binder_alloc: 9902: binder_alloc_buf, no vma [ 560.368786] binder: 28851:28856 transaction failed 29189/-3, size 72-24 line 3136 [ 560.371996] binder: 28851:28856 Acquire 1 refcount change on invalid ref 3 ret -22 [ 560.372004] binder: 28851:28856 Release 1 refcount change on invalid ref 0 ret -22 [ 560.372011] binder: 28851:28856 got transaction to invalid handle [ 560.372019] binder: 28851:28856 transaction failed 29201/-22, size 0-24 line 3013 [ 560.470908] binder: BINDER_SET_CONTEXT_MGR already set [ 560.470916] binder: 28878:28883 ioctl 40046207 0 returned -16 [ 560.472085] binder_alloc: 9902: binder_alloc_buf, no vma [ 560.472122] binder: 28878:28883 transaction failed 29189/-3, size 72-24 line 3136 [ 560.472930] binder: 28878:28883 Acquire 1 refcount change on invalid ref 3 ret -22 [ 560.472939] binder: 28878:28883 Release 1 refcount change on invalid ref 0 ret -22 [ 560.472945] binder: 28878:28883 got transaction to invalid handle [ 560.472953] binder: 28878:28883 transaction failed 29201/-22, size 0-24 line 3013 [ 560.562448] binder: BINDER_SET_CONTEXT_MGR already set [ 560.562515] binder: 28902:28907 ioctl 40046207 0 returned -16 [ 560.562623] binder_alloc: 9902: binder_alloc_buf, no vma [ 560.562643] binder: 28902:28907 transaction failed 29189/-3, size 72-24 line 3136 [ 560.569459] binder: 28902:28907 Acquire 1 refcount change on invalid ref 3 ret -22 [ 560.569469] binder: 28902:28907 Release 1 refcount change on invalid ref 0 ret -22 [ 560.569476] binder: 28902:28907 got transaction to invalid handle [ 560.569485] binder: 28902:28907 transaction failed 29201/-22, size 0-24 line 3013 [ 560.634185] binder: BINDER_SET_CONTEXT_MGR already set [ 560.634194] binder: 28922:28931 ioctl 40046207 0 returned -16 [ 560.634305] binder_alloc: 9902: binder_alloc_buf, no vma [ 560.634323] binder: 28922:28931 transaction failed 29189/-3, size 72-24 line 3136 [ 560.645641] binder: 28922:28931 Acquire 1 refcount change on invalid ref 3 ret -22 [ 560.645650] binder: 28922:28931 Release 1 refcount change on invalid ref 0 ret -22 [ 560.645657] binder: 28922:28931 got transaction to invalid handle [ 560.645665] binder: 28922:28931 transaction failed 29201/-22, size 0-24 line 3013 [ 560.722690] binder: BINDER_SET_CONTEXT_MGR already set [ 560.722698] binder: 28950:28956 ioctl 40046207 0 returned -16 [ 560.725945] binder_alloc: 9902: binder_alloc_buf, no vma [ 560.725964] binder: 28950:28956 transaction failed 29189/-3, size 72-24 line 3136 [ 560.726843] binder: 28950:28956 Acquire 1 refcount change on invalid ref 3 ret -22 [ 560.726851] binder: 28950:28956 Release 1 refcount change on invalid ref 0 ret -22 [ 560.726857] binder: 28950:28956 got transaction to invalid handle [ 560.726865] binder: 28950:28956 transaction failed 29201/-22, size 0-24 line 3013 [ 560.911491] binder: BINDER_SET_CONTEXT_MGR already set [ 560.911501] binder: 28970:28989 ioctl 40046207 0 returned -16 [ 560.911599] binder_alloc: 9902: binder_alloc_buf, no vma [ 560.911618] binder: 28970:28989 transaction failed 29189/-3, size 72-24 line 3136 [ 560.912277] binder: 28970:28989 Acquire 1 refcount change on invalid ref 3 ret -22 [ 560.912285] binder: 28970:28989 Release 1 refcount change on invalid ref 0 ret -22 [ 560.912293] binder: 28970:28989 got transaction to invalid handle [ 560.912302] binder: 28970:28989 transaction failed 29201/-22, size 0-24 line 3013 [ 561.006341] binder: BINDER_SET_CONTEXT_MGR already set [ 561.006349] binder: 29024:29030 ioctl 40046207 0 returned -16 [ 561.007184] binder_alloc: 9902: binder_alloc_buf, no vma [ 561.007202] binder: 29024:29030 transaction failed 29189/-3, size 72-24 line 3136 [ 561.007858] binder: 29024:29030 Acquire 1 refcount change on invalid ref 3 ret -22 [ 561.007866] binder: 29024:29030 Release 1 refcount change on invalid ref 0 ret -22 [ 561.007873] binder: 29024:29030 got transaction to invalid handle [ 561.007881] binder: 29024:29030 transaction failed 29201/-22, size 0-24 line 3013 [ 561.110508] binder: BINDER_SET_CONTEXT_MGR already set [ 561.110517] binder: 29047:29055 ioctl 40046207 0 returned -16 [ 561.112680] binder_alloc: 9902: binder_alloc_buf, no vma [ 561.112699] binder: 29047:29055 transaction failed 29189/-3, size 72-24 line 3136 [ 561.114098] binder: 29047:29055 Acquire 1 refcount change on invalid ref 3 ret -22 [ 561.114106] binder: 29047:29055 Release 1 refcount change on invalid ref 0 ret -22 [ 561.114113] binder: 29047:29055 got transaction to invalid handle [ 561.114121] binder: 29047:29055 transaction failed 29201/-22, size 0-24 line 3013 [ 561.178415] binder: BINDER_SET_CONTEXT_MGR already set [ 561.178442] binder: 29075:29077 ioctl 40046207 0 returned -16 [ 561.178565] binder_alloc: 9902: binder_alloc_buf, no vma [ 561.178584] binder: 29075:29077 transaction failed 29189/-3, size 72-24 line 3136 [ 561.188667] binder: 29075:29077 Acquire 1 refcount change on invalid ref 3 ret -22 [ 561.188677] binder: 29075:29077 Release 1 refcount change on invalid ref 0 ret -22 [ 561.188684] binder: 29075:29077 got transaction to invalid handle [ 561.188693] binder: 29075:29077 transaction failed 29201/-22, size 0-24 line 3013 [ 561.225428] binder: BINDER_SET_CONTEXT_MGR already set [ 561.225438] binder: 29083:29089 ioctl 40046207 0 returned -16 [ 561.225539] binder_alloc: 9902: binder_alloc_buf, no vma [ 561.225558] binder: 29083:29089 transaction failed 29189/-3, size 72-24 line 3136 [ 561.225978] binder: 29083:29089 Acquire 1 refcount change on invalid ref 3 ret -22 [ 561.225987] binder: 29083:29089 Release 1 refcount change on invalid ref 0 ret -22 [ 561.225993] binder: 29083:29089 got transaction to invalid handle [ 561.226001] binder: 29083:29089 transaction failed 29201/-22, size 0-24 line 3013 [ 561.307746] binder: BINDER_SET_CONTEXT_MGR already set [ 561.307756] binder: 29103:29104 ioctl 40046207 0 returned -16 [ 561.307882] binder_alloc: 9902: binder_alloc_buf, no vma [ 561.307902] binder: 29103:29104 transaction failed 29189/-3, size 72-24 line 3136 [ 561.308429] binder: 29103:29104 Acquire 1 refcount change on invalid ref 3 ret -22 [ 561.308439] binder: 29103:29104 Release 1 refcount change on invalid ref 0 ret -22 [ 561.308445] binder: 29103:29104 got transaction to invalid handle [ 561.308454] binder: 29103:29104 transaction failed 29201/-22, size 0-24 line 3013 [ 561.356556] binder: BINDER_SET_CONTEXT_MGR already set [ 561.356565] binder: 29115:29124 ioctl 40046207 0 returned -16 [ 561.356665] binder_alloc: 9902: binder_alloc_buf, no vma [ 561.356683] binder: 29115:29124 transaction failed 29189/-3, size 72-24 line 3136 [ 561.357217] binder: 29115:29124 Acquire 1 refcount change on invalid ref 3 ret -22 [ 561.357226] binder: 29115:29124 Release 1 refcount change on invalid ref 0 ret -22 [ 561.357233] binder: 29115:29124 got transaction to invalid handle [ 561.357241] binder: 29115:29124 transaction failed 29201/-22, size 0-24 line 3013 [ 561.433185] binder: BINDER_SET_CONTEXT_MGR already set [ 561.433194] binder: 29138:29143 ioctl 40046207 0 returned -16 [ 561.433298] binder_alloc: 9902: binder_alloc_buf, no vma [ 561.433317] binder: 29138:29143 transaction failed 29189/-3, size 72-24 line 3136 [ 561.433751] binder: 29138:29143 Acquire 1 refcount change on invalid ref 3 ret -22 [ 561.433760] binder: 29138:29143 Release 1 refcount change on invalid ref 0 ret -22 [ 561.433766] binder: 29138:29143 got transaction to invalid handle [ 561.433773] binder: 29138:29143 transaction failed 29201/-22, size 0-24 line 3013 [ 561.542690] binder: BINDER_SET_CONTEXT_MGR already set [ 561.542699] binder: 29167:29174 ioctl 40046207 0 returned -16 [ 561.542817] binder_alloc: 9902: binder_alloc_buf, no vma [ 561.542837] binder: 29167:29174 transaction failed 29189/-3, size 72-24 line 3136 [ 561.544512] binder: 29167:29174 Acquire 1 refcount change on invalid ref 3 ret -22 [ 561.544521] binder: 29167:29174 Release 1 refcount change on invalid ref 0 ret -22 [ 561.544527] binder: 29167:29174 got transaction to invalid handle [ 561.544535] binder: 29167:29174 transaction failed 29201/-22, size 0-24 line 3013 [ 561.620048] binder: BINDER_SET_CONTEXT_MGR already set [ 561.620057] binder: 29180:29188 ioctl 40046207 0 returned -16 [ 561.620681] binder_alloc: 9902: binder_alloc_buf, no vma [ 561.620702] binder: 29180:29188 transaction failed 29189/-3, size 72-24 line 3136 [ 561.621569] binder: 29180:29188 Acquire 1 refcount change on invalid ref 3 ret -22 [ 561.621578] binder: 29180:29188 Release 1 refcount change on invalid ref 0 ret -22 [ 561.621584] binder: 29180:29188 got transaction to invalid handle [ 561.621592] binder: 29180:29188 transaction failed 29201/-22, size 0-24 line 3013 [ 561.711818] binder: BINDER_SET_CONTEXT_MGR already set [ 561.711827] binder: 29193:29210 ioctl 40046207 0 returned -16 [ 561.711941] binder_alloc: 9902: binder_alloc_buf, no vma [ 561.711960] binder: 29193:29210 transaction failed 29189/-3, size 72-24 line 3136 [ 561.712728] binder: 29193:29210 Acquire 1 refcount change on invalid ref 3 ret -22 [ 561.712736] binder: 29193:29210 Release 1 refcount change on invalid ref 0 ret -22 [ 561.712742] binder: 29193:29210 got transaction to invalid handle [ 561.712749] binder: 29193:29210 transaction failed 29201/-22, size 0-24 line 3013 [ 561.787971] binder: BINDER_SET_CONTEXT_MGR already set [ 561.787980] binder: 29223:29229 ioctl 40046207 0 returned -16 [ 561.788076] binder_alloc: 9902: binder_alloc_buf, no vma [ 561.788094] binder: 29223:29229 transaction failed 29189/-3, size 72-24 line 3136 [ 561.790307] binder: 29223:29229 Acquire 1 refcount change on invalid ref 3 ret -22 [ 561.790315] binder: 29223:29229 Release 1 refcount change on invalid ref 0 ret -22 [ 561.790322] binder: 29223:29229 got transaction to invalid handle [ 561.790329] binder: 29223:29229 transaction failed 29201/-22, size 0-24 line 3013 [ 561.863480] binder: BINDER_SET_CONTEXT_MGR already set [ 561.863489] binder: 29240:29254 ioctl 40046207 0 returned -16 [ 561.866678] binder_alloc: 9902: binder_alloc_buf, no vma [ 561.866697] binder: 29240:29254 transaction failed 29189/-3, size 72-24 line 3136 [ 561.867904] binder: 29240:29254 Acquire 1 refcount change on invalid ref 3 ret -22 [ 561.867914] binder: 29240:29254 Release 1 refcount change on invalid ref 0 ret -22 [ 561.867920] binder: 29240:29254 got transaction to invalid handle [ 561.867929] binder: 29240:29254 transaction failed 29201/-22, size 0-24 line 3013 [ 561.953150] binder: BINDER_SET_CONTEXT_MGR already set [ 561.953158] binder: 29268:29274 ioctl 40046207 0 returned -16 [ 561.953256] binder_alloc: 9902: binder_alloc_buf, no vma [ 561.953273] binder: 29268:29274 transaction failed 29189/-3, size 72-24 line 3136 [ 561.953743] binder: 29268:29274 Acquire 1 refcount change on invalid ref 3 ret -22 [ 561.953752] binder: 29268:29274 Release 1 refcount change on invalid ref 0 ret -22 [ 561.953758] binder: 29268:29274 got transaction to invalid handle [ 561.953766] binder: 29268:29274 transaction failed 29201/-22, size 0-24 line 3013 [ 562.001010] binder: BINDER_SET_CONTEXT_MGR already set [ 562.001019] binder: 29286:29292 ioctl 40046207 0 returned -16 [ 562.001244] binder_alloc: 9902: binder_alloc_buf, no vma [ 562.001271] binder: 29286:29292 transaction failed 29189/-3, size 72-24 line 3136 [ 562.001732] binder: 29286:29292 Acquire 1 refcount change on invalid ref 3 ret -22 [ 562.001741] binder: 29286:29292 Release 1 refcount change on invalid ref 0 ret -22 [ 562.001748] binder: 29286:29292 got transaction to invalid handle [ 562.001757] binder: 29286:29292 transaction failed 29201/-22, size 0-24 line 3013 [ 562.111001] binder: BINDER_SET_CONTEXT_MGR already set [ 562.111010] binder: 29301:29311 ioctl 40046207 0 returned -16 [ 562.111133] binder_alloc: 9902: binder_alloc_buf, no vma [ 562.111153] binder: 29301:29311 transaction failed 29189/-3, size 72-24 line 3136 [ 562.113514] binder: 29301:29311 Acquire 1 refcount change on invalid ref 3 ret -22 [ 562.113523] binder: 29301:29311 Release 1 refcount change on invalid ref 0 ret -22 [ 562.113530] binder: 29301:29311 got transaction to invalid handle [ 562.113537] binder: 29301:29311 transaction failed 29201/-22, size 0-24 line 3013 [ 562.198784] binder: BINDER_SET_CONTEXT_MGR already set [ 562.198792] binder: 29323:29333 ioctl 40046207 0 returned -16 [ 562.198904] binder_alloc: 9902: binder_alloc_buf, no vma [ 562.198924] binder: 29323:29333 transaction failed 29189/-3, size 72-24 line 3136 [ 562.199555] binder: 29323:29333 Acquire 1 refcount change on invalid ref 3 ret -22 [ 562.199564] binder: 29323:29333 Release 1 refcount change on invalid ref 0 ret -22 [ 562.199571] binder: 29323:29333 got transaction to invalid handle [ 562.199579] binder: 29323:29333 transaction failed 29201/-22, size 0-24 line 3013 [ 562.264930] binder: BINDER_SET_CONTEXT_MGR already set [ 562.264941] binder: 29342:29349 ioctl 40046207 0 returned -16 [ 562.265081] binder_alloc: 9902: binder_alloc_buf, no vma [ 562.265102] binder: 29342:29349 transaction failed 29189/-3, size 72-24 line 3136 [ 562.282609] binder: 29342:29349 Acquire 1 refcount change on invalid ref 3 ret -22 [ 562.282621] binder: 29342:29349 Release 1 refcount change on invalid ref 0 ret -22 [ 562.282629] binder: 29342:29349 got transaction to invalid handle [ 562.282642] binder: 29342:29349 transaction failed 29201/-22, size 0-24 line 3013 [ 562.362432] binder: BINDER_SET_CONTEXT_MGR already set [ 562.362440] binder: 29365:29372 ioctl 40046207 0 returned -16 [ 562.365219] binder_alloc: 9902: binder_alloc_buf, no vma [ 562.365241] binder: 29365:29372 transaction failed 29189/-3, size 72-24 line 3136 [ 562.379302] binder: 29365:29372 Acquire 1 refcount change on invalid ref 3 ret -22 [ 562.379312] binder: 29365:29372 Release 1 refcount change on invalid ref 0 ret -22 [ 562.379319] binder: 29365:29372 got transaction to invalid handle [ 562.379328] binder: 29365:29372 transaction failed 29201/-22, size 0-24 line 3013 [ 562.420441] binder: BINDER_SET_CONTEXT_MGR already set [ 562.420451] binder: 29386:29388 ioctl 40046207 0 returned -16 [ 562.420577] binder_alloc: 9902: binder_alloc_buf, no vma [ 562.420596] binder: 29386:29388 transaction failed 29189/-3, size 72-24 line 3136 [ 562.421512] binder: 29386:29388 Acquire 1 refcount change on invalid ref 3 ret -22 [ 562.421521] binder: 29386:29388 Release 1 refcount change on invalid ref 0 ret -22 [ 562.421527] binder: 29386:29388 got transaction to invalid handle [ 562.421536] binder: 29386:29388 transaction failed 29201/-22, size 0-24 line 3013 [ 562.487683] binder: BINDER_SET_CONTEXT_MGR already set [ 562.487692] binder: 29401:29405 ioctl 40046207 0 returned -16 [ 562.487875] binder_alloc: 9902: binder_alloc_buf, no vma [ 562.487894] binder: 29401:29405 transaction failed 29189/-3, size 72-24 line 3136 [ 562.499098] binder: 29401:29405 Acquire 1 refcount change on invalid ref 3 ret -22 [ 562.499108] binder: 29401:29405 Release 1 refcount change on invalid ref 0 ret -22 [ 562.499116] binder: 29401:29405 got transaction to invalid handle [ 562.499125] binder: 29401:29405 transaction failed 29201/-22, size 0-24 line 3013 [ 562.568818] binder: BINDER_SET_CONTEXT_MGR already set [ 562.568828] binder: 29418:29419 ioctl 40046207 0 returned -16 [ 562.572909] binder_alloc: 9902: binder_alloc_buf, no vma [ 562.572930] binder: 29418:29419 transaction failed 29189/-3, size 72-24 line 3136 [ 562.580009] binder: 29418:29419 Acquire 1 refcount change on invalid ref 3 ret -22 [ 562.580018] binder: 29418:29419 Release 1 refcount change on invalid ref 0 ret -22 [ 562.580026] binder: 29418:29419 got transaction to invalid handle [ 562.580036] binder: 29418:29419 transaction failed 29201/-22, size 0-24 line 3013 [ 562.623036] binder: BINDER_SET_CONTEXT_MGR already set [ 562.623044] binder: 29436:29443 ioctl 40046207 0 returned -16 [ 562.626447] binder_alloc: 9902: binder_alloc_buf, no vma [ 562.626469] binder: 29436:29443 transaction failed 29189/-3, size 72-24 line 3136 [ 562.627999] binder: 29436:29443 Acquire 1 refcount change on invalid ref 3 ret -22 [ 562.628009] binder: 29436:29443 Release 1 refcount change on invalid ref 0 ret -22 [ 562.628015] binder: 29436:29443 got transaction to invalid handle [ 562.628024] binder: 29436:29443 transaction failed 29201/-22, size 0-24 line 3013 [ 562.695203] binder: BINDER_SET_CONTEXT_MGR already set [ 562.695212] binder: 29455:29459 ioctl 40046207 0 returned -16 [ 562.695318] binder_alloc: 9902: binder_alloc_buf, no vma [ 562.695336] binder: 29455:29459 transaction failed 29189/-3, size 72-24 line 3136 [ 562.697168] binder: 29455:29459 Acquire 1 refcount change on invalid ref 3 ret -22 [ 562.697177] binder: 29455:29459 Release 1 refcount change on invalid ref 0 ret -22 [ 562.697184] binder: 29455:29459 got transaction to invalid handle [ 562.697192] binder: 29455:29459 transaction failed 29201/-22, size 0-24 line 3013 [ 562.750847] binder: BINDER_SET_CONTEXT_MGR already set [ 562.750856] binder: 29472:29474 ioctl 40046207 0 returned -16 [ 562.750969] binder_alloc: 9902: binder_alloc_buf, no vma [ 562.750989] binder: 29472:29474 transaction failed 29189/-3, size 72-24 line 3136 [ 562.752002] binder: 29472:29474 Acquire 1 refcount change on invalid ref 3 ret -22 [ 562.752011] binder: 29472:29474 Release 1 refcount change on invalid ref 0 ret -22 [ 562.752018] binder: 29472:29474 got transaction to invalid handle [ 562.752026] binder: 29472:29474 transaction failed 29201/-22, size 0-24 line 3013 [ 562.813907] binder: BINDER_SET_CONTEXT_MGR already set [ 562.813915] binder: 29487:29491 ioctl 40046207 0 returned -16 [ 562.816311] binder_alloc: 9902: binder_alloc_buf, no vma [ 562.816330] binder: 29487:29491 transaction failed 29189/-3, size 72-24 line 3136 [ 562.816843] binder: 29487:29491 Acquire 1 refcount change on invalid ref 3 ret -22 [ 562.816852] binder: 29487:29491 Release 1 refcount change on invalid ref 0 ret -22 [ 562.816859] binder: 29487:29491 got transaction to invalid handle [ 562.816867] binder: 29487:29491 transaction failed 29201/-22, size 0-24 line 3013 [ 562.894268] binder: BINDER_SET_CONTEXT_MGR already set [ 562.894277] binder: 29504:29508 ioctl 40046207 0 returned -16 [ 562.894399] binder_alloc: 9902: binder_alloc_buf, no vma [ 562.894420] binder: 29504:29508 transaction failed 29189/-3, size 72-24 line 3136 [ 562.895029] binder: 29504:29508 Acquire 1 refcount change on invalid ref 3 ret -22 [ 562.895038] binder: 29504:29508 Release 1 refcount change on invalid ref 0 ret -22 [ 562.895044] binder: 29504:29508 got transaction to invalid handle [ 562.895059] binder: 29504:29508 transaction failed 29201/-22, size 0-24 line 3013 [ 562.947424] binder: BINDER_SET_CONTEXT_MGR already set [ 562.947433] binder: 29521:29525 ioctl 40046207 0 returned -16 [ 562.947547] binder_alloc: 9902: binder_alloc_buf, no vma [ 562.947565] binder: 29521:29525 transaction failed 29189/-3, size 72-24 line 3136 [ 562.948835] binder: 29521:29525 Acquire 1 refcount change on invalid ref 3 ret -22 [ 562.948843] binder: 29521:29525 Release 1 refcount change on invalid ref 0 ret -22 [ 562.948849] binder: 29521:29525 got transaction to invalid handle [ 562.951681] binder: 29521:29525 transaction failed 29201/-22, size 0-24 line 3013 [ 563.026506] binder: BINDER_SET_CONTEXT_MGR already set [ 563.026516] binder: 29539:29542 ioctl 40046207 0 returned -16 [ 563.026708] binder_alloc: 9902: binder_alloc_buf, no vma [ 563.026729] binder: 29539:29542 transaction failed 29189/-3, size 72-24 line 3136 [ 563.029281] binder: 29539:29542 Acquire 1 refcount change on invalid ref 3 ret -22 [ 563.029290] binder: 29539:29542 Release 1 refcount change on invalid ref 0 ret -22 [ 563.029297] binder: 29539:29542 got transaction to invalid handle [ 563.029305] binder: 29539:29542 transaction failed 29201/-22, size 0-24 line 3013 [ 563.129183] binder: BINDER_SET_CONTEXT_MGR already set [ 563.129191] binder: 29560:29566 ioctl 40046207 0 returned -16 [ 563.129301] binder_alloc: 9902: binder_alloc_buf, no vma [ 563.129320] binder: 29560:29566 transaction failed 29189/-3, size 72-24 line 3136 [ 563.140039] binder: 29560:29566 Acquire 1 refcount change on invalid ref 3 ret -22 [ 563.140050] binder: 29560:29566 Release 1 refcount change on invalid ref 0 ret -22 [ 563.140058] binder: 29560:29566 got transaction to invalid handle [ 563.140069] binder: 29560:29566 transaction failed 29201/-22, size 0-24 line 3013 [ 563.171018] binder: BINDER_SET_CONTEXT_MGR already set [ 563.171026] binder: 29575:29581 ioctl 40046207 0 returned -16 [ 563.171130] binder_alloc: 9902: binder_alloc_buf, no vma [ 563.171150] binder: 29575:29581 transaction failed 29189/-3, size 72-24 line 3136 [ 563.171712] binder: 29575:29581 Acquire 1 refcount change on invalid ref 3 ret -22 [ 563.171721] binder: 29575:29581 Release 1 refcount change on invalid ref 0 ret -22 [ 563.171728] binder: 29575:29581 got transaction to invalid handle [ 563.171736] binder: 29575:29581 transaction failed 29201/-22, size 0-24 line 3013 [ 563.219731] binder: BINDER_SET_CONTEXT_MGR already set [ 563.219741] binder: 29588:29591 ioctl 40046207 0 returned -16 [ 563.222482] binder_alloc: 9902: binder_alloc_buf, no vma [ 563.222504] binder: 29588:29591 transaction failed 29189/-3, size 72-24 line 3136 [ 563.224252] binder: 29588:29591 Acquire 1 refcount change on invalid ref 3 ret -22 [ 563.224262] binder: 29588:29591 Release 1 refcount change on invalid ref 0 ret -22 [ 563.224268] binder: 29588:29591 got transaction to invalid handle [ 563.224276] binder: 29588:29591 transaction failed 29201/-22, size 0-24 line 3013 [ 563.289653] binder: BINDER_SET_CONTEXT_MGR already set [ 563.289661] binder: 29606:29611 ioctl 40046207 0 returned -16 [ 563.290364] binder_alloc: 9902: binder_alloc_buf, no vma [ 563.290383] binder: 29606:29611 transaction failed 29189/-3, size 72-24 line 3136 [ 563.290912] binder: 29606:29611 Acquire 1 refcount change on invalid ref 3 ret -22 [ 563.290921] binder: 29606:29611 Release 1 refcount change on invalid ref 0 ret -22 [ 563.290927] binder: 29606:29611 got transaction to invalid handle [ 563.290936] binder: 29606:29611 transaction failed 29201/-22, size 0-24 line 3013 [ 563.326770] binder: BINDER_SET_CONTEXT_MGR already set [ 563.326779] binder: 29617:29619 ioctl 40046207 0 returned -16 [ 563.327294] binder_alloc: 9902: binder_alloc_buf, no vma [ 563.327314] binder: 29617:29619 transaction failed 29189/-3, size 72-24 line 3136 [ 563.327768] binder: 29617:29619 Acquire 1 refcount change on invalid ref 3 ret -22 [ 563.327777] binder: 29617:29619 Release 1 refcount change on invalid ref 0 ret -22 [ 563.327783] binder: 29617:29619 got transaction to invalid handle [ 563.327791] binder: 29617:29619 transaction failed 29201/-22, size 0-24 line 3013 [ 563.380998] binder: BINDER_SET_CONTEXT_MGR already set [ 563.381009] binder: 29629:29635 ioctl 40046207 0 returned -16 [ 563.381341] binder_alloc: 9902: binder_alloc_buf, no vma [ 563.381362] binder: 29629:29635 transaction failed 29189/-3, size 72-24 line 3136 [ 563.383299] binder: 29629:29635 Acquire 1 refcount change on invalid ref 3 ret -22 [ 563.383310] binder: 29629:29635 Release 1 refcount change on invalid ref 0 ret -22 [ 563.383317] binder: 29629:29635 got transaction to invalid handle [ 563.383325] binder: 29629:29635 transaction failed 29201/-22, size 0-24 line 3013 [ 563.535057] binder: BINDER_SET_CONTEXT_MGR already set [ 563.535066] binder: 29656:29664 ioctl 40046207 0 returned -16 [ 563.535157] binder_alloc: 9902: binder_alloc_buf, no vma [ 563.535175] binder: 29656:29664 transaction failed 29189/-3, size 72-24 line 3136 [ 563.535589] binder: 29656:29664 Acquire 1 refcount change on invalid ref 3 ret -22 [ 563.535597] binder: 29656:29664 Release 1 refcount change on invalid ref 0 ret -22 [ 563.535603] binder: 29656:29664 got transaction to invalid handle [ 563.535611] binder: 29656:29664 transaction failed 29201/-22, size 0-24 line 3013 [ 563.657467] binder: BINDER_SET_CONTEXT_MGR already set [ 563.657476] binder: 29687:29691 ioctl 40046207 0 returned -16 [ 563.658531] binder_alloc: 9902: binder_alloc_buf, no vma [ 563.658550] binder: 29687:29691 transaction failed 29189/-3, size 72-24 line 3136 [ 563.659042] binder: 29687:29691 Acquire 1 refcount change on invalid ref 3 ret -22 [ 563.659050] binder: 29687:29691 Release 1 refcount change on invalid ref 0 ret -22 [ 563.659057] binder: 29687:29691 got transaction to invalid handle [ 563.659066] binder: 29687:29691 transaction failed 29201/-22, size 0-24 line 3013 [ 563.702531] binder: BINDER_SET_CONTEXT_MGR already set [ 563.702539] binder: 29708:29711 ioctl 40046207 0 returned -16 [ 563.702635] binder_alloc: 9902: binder_alloc_buf, no vma [ 563.702651] binder: 29708:29711 transaction failed 29189/-3, size 72-24 line 3136 [ 563.710528] binder: 29708:29711 Acquire 1 refcount change on invalid ref 3 ret -22 [ 563.710539] binder: 29708:29711 Release 1 refcount change on invalid ref 0 ret -22 [ 563.710546] binder: 29708:29711 got transaction to invalid handle [ 563.710555] binder: 29708:29711 transaction failed 29201/-22, size 0-24 line 3013 [ 563.802442] binder: BINDER_SET_CONTEXT_MGR already set [ 563.802452] binder: 29723:29731 ioctl 40046207 0 returned -16 [ 563.802550] binder_alloc: 9902: binder_alloc_buf, no vma [ 563.802570] binder: 29723:29731 transaction failed 29189/-3, size 72-24 line 3136 [ 563.805765] binder: 29723:29731 Acquire 1 refcount change on invalid ref 3 ret -22 [ 563.805774] binder: 29723:29731 Release 1 refcount change on invalid ref 0 ret -22 [ 563.805780] binder: 29723:29731 got transaction to invalid handle [ 563.805789] binder: 29723:29731 transaction failed 29201/-22, size 0-24 line 3013 [ 564.011719] binder: BINDER_SET_CONTEXT_MGR already set [ 564.011729] binder: 29760:29774 ioctl 40046207 0 returned -16 [ 564.011842] binder_alloc: 9902: binder_alloc_buf, no vma [ 564.011872] binder: 29760:29774 transaction failed 29189/-3, size 72-24 line 3136 [ 564.012416] binder: 29760:29774 Acquire 1 refcount change on invalid ref 3 ret -22 [ 564.012425] binder: 29760:29774 Release 1 refcount change on invalid ref 0 ret -22 [ 564.012431] binder: 29760:29774 got transaction to invalid handle [ 564.012439] binder: 29760:29774 transaction failed 29201/-22, size 0-24 line 3013 [ 564.066380] binder: BINDER_SET_CONTEXT_MGR already set [ 564.066390] binder: 29794:29801 ioctl 40046207 0 returned -16 [ 564.067504] binder_alloc: 9902: binder_alloc_buf, no vma [ 564.067524] binder: 29794:29801 transaction failed 29189/-3, size 72-24 line 3136 [ 564.069418] binder: 29794:29801 Acquire 1 refcount change on invalid ref 3 ret -22 [ 564.069428] binder: 29794:29801 Release 1 refcount change on invalid ref 0 ret -22 [ 564.069435] binder: 29794:29801 got transaction to invalid handle [ 564.069444] binder: 29794:29801 transaction failed 29201/-22, size 0-24 line 3013 [ 564.153042] binder: BINDER_SET_CONTEXT_MGR already set [ 564.153070] binder: 29822:29825 ioctl 40046207 0 returned -16 [ 564.153170] binder_alloc: 9902: binder_alloc_buf, no vma [ 564.153188] binder: 29822:29825 transaction failed 29189/-3, size 72-24 line 3136 [ 564.153623] binder: 29822:29825 Acquire 1 refcount change on invalid ref 3 ret -22 [ 564.153631] binder: 29822:29825 Release 1 refcount change on invalid ref 0 ret -22 [ 564.153637] binder: 29822:29825 got transaction to invalid handle [ 564.153645] binder: 29822:29825 transaction failed 29201/-22, size 0-24 line 3013 [ 564.294552] binder: BINDER_SET_CONTEXT_MGR already set [ 564.294561] binder: 29840:29848 ioctl 40046207 0 returned -16 [ 564.294678] binder_alloc: 9902: binder_alloc_buf, no vma [ 564.294698] binder: 29840:29848 transaction failed 29189/-3, size 72-24 line 3136 [ 564.295178] binder: 29840:29848 Acquire 1 refcount change on invalid ref 3 ret -22 [ 564.295187] binder: 29840:29848 Release 1 refcount change on invalid ref 0 ret -22 [ 564.295193] binder: 29840:29848 got transaction to invalid handle [ 564.295202] binder: 29840:29848 transaction failed 29201/-22, size 0-24 line 3013 [ 564.336246] binder: BINDER_SET_CONTEXT_MGR already set [ 564.336255] binder: 29863:29869 ioctl 40046207 0 returned -16 [ 564.336672] binder_alloc: 9902: binder_alloc_buf, no vma [ 564.336692] binder: 29863:29869 transaction failed 29189/-3, size 72-24 line 3136 [ 564.337805] binder: 29863:29869 Acquire 1 refcount change on invalid ref 3 ret -22 [ 564.337814] binder: 29863:29869 Release 1 refcount change on invalid ref 0 ret -22 [ 564.337820] binder: 29863:29869 got transaction to invalid handle [ 564.337829] binder: 29863:29869 transaction failed 29201/-22, size 0-24 line 3013 [ 564.420744] binder: BINDER_SET_CONTEXT_MGR already set [ 564.420754] binder: 29881:29888 ioctl 40046207 0 returned -16 [ 564.420877] binder_alloc: 9902: binder_alloc_buf, no vma [ 564.420892] binder: 29881:29888 transaction failed 29189/-3, size 72-24 line 3136 [ 564.421672] binder: 29881:29888 Acquire 1 refcount change on invalid ref 3 ret -22 [ 564.421682] binder: 29881:29888 Release 1 refcount change on invalid ref 0 ret -22 [ 564.421688] binder: 29881:29888 got transaction to invalid handle [ 564.421696] binder: 29881:29888 transaction failed 29201/-22, size 0-24 line 3013 [ 564.476297] binder: BINDER_SET_CONTEXT_MGR already set [ 564.476306] binder: 29898:29900 ioctl 40046207 0 returned -16 [ 564.476413] binder_alloc: 9902: binder_alloc_buf, no vma [ 564.476434] binder: 29898:29900 transaction failed 29189/-3, size 72-24 line 3136 [ 564.477922] binder: 29898:29900 Acquire 1 refcount change on invalid ref 3 ret -22 [ 564.477930] binder: 29898:29900 Release 1 refcount change on invalid ref 0 ret -22 [ 564.477937] binder: 29898:29900 got transaction to invalid handle [ 564.477945] binder: 29898:29900 transaction failed 29201/-22, size 0-24 line 3013 [ 564.593682] binder: BINDER_SET_CONTEXT_MGR already set [ 564.593691] binder: 29918:29921 ioctl 40046207 0 returned -16 [ 564.593802] binder_alloc: 9902: binder_alloc_buf, no vma [ 564.593889] binder: 29918:29921 transaction failed 29189/-3, size 72-24 line 3136 [ 564.594998] binder: 29918:29921 Acquire 1 refcount change on invalid ref 3 ret -22 [ 564.595007] binder: 29918:29921 Release 1 refcount change on invalid ref 0 ret -22 [ 564.595014] binder: 29918:29921 got transaction to invalid handle [ 564.595022] binder: 29918:29921 transaction failed 29201/-22, size 0-24 line 3013 [ 564.681594] binder: BINDER_SET_CONTEXT_MGR already set [ 564.681602] binder: 29950:29953 ioctl 40046207 0 returned -16 [ 564.681728] binder_alloc: 9902: binder_alloc_buf, no vma [ 564.681744] binder: 29950:29953 transaction failed 29189/-3, size 72-24 line 3136 [ 564.691736] binder: 29950:29953 Acquire 1 refcount change on invalid ref 3 ret -22 [ 564.691746] binder: 29950:29953 Release 1 refcount change on invalid ref 0 ret -22 [ 564.691754] binder: 29950:29953 got transaction to invalid handle [ 564.691772] binder: 29950:29953 transaction failed 29201/-22, size 0-24 line 3013 [ 564.775874] binder: BINDER_SET_CONTEXT_MGR already set [ 564.775884] binder: 29968:29975 ioctl 40046207 0 returned -16 [ 564.775997] binder_alloc: 9902: binder_alloc_buf, no vma [ 564.776016] binder: 29968:29975 transaction failed 29189/-3, size 72-24 line 3136 [ 564.778948] binder: 29968:29975 Acquire 1 refcount change on invalid ref 3 ret -22 [ 564.778957] binder: 29968:29975 Release 1 refcount change on invalid ref 0 ret -22 [ 564.778964] binder: 29968:29975 got transaction to invalid handle [ 564.778973] binder: 29968:29975 transaction failed 29201/-22, size 0-24 line 3013 [ 564.871393] binder: BINDER_SET_CONTEXT_MGR already set [ 564.871402] binder: 29991:30004 ioctl 40046207 0 returned -16 [ 564.872378] binder_alloc: 9902: binder_alloc_buf, no vma [ 564.872405] binder: 29991:30004 transaction failed 29189/-3, size 72-24 line 3136 [ 564.873479] binder: 29991:30004 Acquire 1 refcount change on invalid ref 3 ret -22 [ 564.873488] binder: 29991:30004 Release 1 refcount change on invalid ref 0 ret -22 [ 564.873493] binder: 29991:30004 got transaction to invalid handle [ 564.873501] binder: 29991:30004 transaction failed 29201/-22, size 0-24 line 3013 [ 564.930536] binder: BINDER_SET_CONTEXT_MGR already set [ 564.930545] binder: 30013:30022 ioctl 40046207 0 returned -16 [ 564.930665] binder_alloc: 9902: binder_alloc_buf, no vma [ 564.930684] binder: 30013:30022 transaction failed 29189/-3, size 72-24 line 3136 [ 564.931170] binder: 30013:30022 Acquire 1 refcount change on invalid ref 3 ret -22 [ 564.931180] binder: 30013:30022 Release 1 refcount change on invalid ref 0 ret -22 [ 564.931192] binder: 30013:30022 got transaction to invalid handle [ 564.931420] binder: 30013:30022 transaction failed 29201/-22, size 0-24 line 3013 [ 565.052721] binder: BINDER_SET_CONTEXT_MGR already set [ 565.052730] binder: 30046:30052 ioctl 40046207 0 returned -16 [ 565.053780] binder_alloc: 9902: binder_alloc_buf, no vma [ 565.053801] binder: 30046:30052 transaction failed 29189/-3, size 72-24 line 3136 [ 565.054660] binder: 30046:30052 Acquire 1 refcount change on invalid ref 3 ret -22 [ 565.054669] binder: 30046:30052 Release 1 refcount change on invalid ref 0 ret -22 [ 565.054676] binder: 30046:30052 got transaction to invalid handle [ 565.054684] binder: 30046:30052 transaction failed 29201/-22, size 0-24 line 3013 [ 565.122979] binder: BINDER_SET_CONTEXT_MGR already set [ 565.122988] binder: 30065:30069 ioctl 40046207 0 returned -16 [ 565.123090] binder_alloc: 9902: binder_alloc_buf, no vma [ 565.123110] binder: 30065:30069 transaction failed 29189/-3, size 72-24 line 3136 [ 565.123656] binder: 30065:30069 Acquire 1 refcount change on invalid ref 3 ret -22 [ 565.123674] binder: 30065:30069 Release 1 refcount change on invalid ref 0 ret -22 [ 565.123680] binder: 30065:30069 got transaction to invalid handle [ 565.123688] binder: 30065:30069 transaction failed 29201/-22, size 0-24 line 3013 [ 565.197006] binder: BINDER_SET_CONTEXT_MGR already set [ 565.197015] binder: 30083:30092 ioctl 40046207 0 returned -16 [ 565.197978] binder_alloc: 9902: binder_alloc_buf, no vma [ 565.197996] binder: 30083:30092 transaction failed 29189/-3, size 72-24 line 3136 [ 565.199715] binder: 30083:30092 Acquire 1 refcount change on invalid ref 3 ret -22 [ 565.199724] binder: 30083:30092 Release 1 refcount change on invalid ref 0 ret -22 [ 565.199730] binder: 30083:30092 got transaction to invalid handle [ 565.199738] binder: 30083:30092 transaction failed 29201/-22, size 0-24 line 3013 [ 565.278112] binder: BINDER_SET_CONTEXT_MGR already set [ 565.278121] binder: 30106:30110 ioctl 40046207 0 returned -16 [ 565.278236] binder_alloc: 9902: binder_alloc_buf, no vma [ 565.278256] binder: 30106:30110 transaction failed 29189/-3, size 72-24 line 3136 [ 565.280039] binder: 30106:30110 Acquire 1 refcount change on invalid ref 3 ret -22 [ 565.280047] binder: 30106:30110 Release 1 refcount change on invalid ref 0 ret -22 [ 565.280052] binder: 30106:30110 got transaction to invalid handle [ 565.280059] binder: 30106:30110 transaction failed 29201/-22, size 0-24 line 3013 [ 565.351020] binder: BINDER_SET_CONTEXT_MGR already set [ 565.351029] binder: 30118:30126 ioctl 40046207 0 returned -16 [ 565.351134] binder_alloc: 9902: binder_alloc_buf, no vma [ 565.351154] binder: 30118:30126 transaction failed 29189/-3, size 72-24 line 3136 [ 565.351627] binder: 30118:30126 Acquire 1 refcount change on invalid ref 3 ret -22 [ 565.351636] binder: 30118:30126 Release 1 refcount change on invalid ref 0 ret -22 [ 565.351643] binder: 30118:30126 got transaction to invalid handle [ 565.351651] binder: 30118:30126 transaction failed 29201/-22, size 0-24 line 3013 [ 565.394898] binder: BINDER_SET_CONTEXT_MGR already set [ 565.394907] binder: 30131:30139 ioctl 40046207 0 returned -16 [ 565.395116] binder_alloc: 9902: binder_alloc_buf, no vma [ 565.395136] binder: 30131:30139 transaction failed 29189/-3, size 72-24 line 3136 [ 565.396012] binder: 30131:30139 Acquire 1 refcount change on invalid ref 3 ret -22 [ 565.396019] binder: 30131:30139 Release 1 refcount change on invalid ref 0 ret -22 [ 565.396026] binder: 30131:30139 got transaction to invalid handle [ 565.396035] binder: 30131:30139 transaction failed 29201/-22, size 0-24 line 3013 [ 565.491644] binder: BINDER_SET_CONTEXT_MGR already set [ 565.491653] binder: 30155:30163 ioctl 40046207 0 returned -16 [ 565.491783] binder_alloc: 9902: binder_alloc_buf, no vma [ 565.491804] binder: 30155:30163 transaction failed 29189/-3, size 72-24 line 3136 [ 565.494369] binder: 30155:30163 Acquire 1 refcount change on invalid ref 3 ret -22 [ 565.494378] binder: 30155:30163 Release 1 refcount change on invalid ref 0 ret -22 [ 565.494385] binder: 30155:30163 got transaction to invalid handle [ 565.494394] binder: 30155:30163 transaction failed 29201/-22, size 0-24 line 3013 [ 565.545887] binder: BINDER_SET_CONTEXT_MGR already set [ 565.545896] binder: 30173:30175 ioctl 40046207 0 returned -16 [ 565.545996] binder_alloc: 9902: binder_alloc_buf, no vma [ 565.546024] binder: 30173:30175 transaction failed 29189/-3, size 72-24 line 3136 [ 565.548777] binder: 30173:30175 Acquire 1 refcount change on invalid ref 3 ret -22 [ 565.548786] binder: 30173:30175 Release 1 refcount change on invalid ref 0 ret -22 [ 565.548792] binder: 30173:30175 got transaction to invalid handle [ 565.548801] binder: 30173:30175 transaction failed 29201/-22, size 0-24 line 3013 [ 565.636255] binder: BINDER_SET_CONTEXT_MGR already set [ 565.636273] binder: 30189:30197 ioctl 40046207 0 returned -16 [ 565.637620] binder_alloc: 9902: binder_alloc_buf, no vma [ 565.637640] binder: 30189:30197 transaction failed 29189/-3, size 72-24 line 3136 [ 565.638137] binder: 30189:30197 Acquire 1 refcount change on invalid ref 3 ret -22 [ 565.638147] binder: 30189:30197 Release 1 refcount change on invalid ref 0 ret -22 [ 565.638153] binder: 30189:30197 got transaction to invalid handle [ 565.638161] binder: 30189:30197 transaction failed 29201/-22, size 0-24 line 3013 [ 565.715360] binder: BINDER_SET_CONTEXT_MGR already set [ 565.715369] binder: 30211:30215 ioctl 40046207 0 returned -16 [ 565.715471] binder_alloc: 9902: binder_alloc_buf, no vma [ 565.715489] binder: 30211:30215 transaction failed 29189/-3, size 72-24 line 3136 [ 565.716603] binder: 30211:30215 Acquire 1 refcount change on invalid ref 3 ret -22 [ 565.716611] binder: 30211:30215 Release 1 refcount change on invalid ref 0 ret -22 [ 565.716616] binder: 30211:30215 got transaction to invalid handle [ 565.716623] binder: 30211:30215 transaction failed 29201/-22, size 0-24 line 3013 [ 565.798082] binder: BINDER_SET_CONTEXT_MGR already set [ 565.798092] binder: 30225:30237 ioctl 40046207 0 returned -16 [ 565.798212] binder_alloc: 9902: binder_alloc_buf, no vma [ 565.798234] binder: 30225:30237 transaction failed 29189/-3, size 72-24 line 3136 [ 565.800893] binder: 30225:30237 Acquire 1 refcount change on invalid ref 3 ret -22 [ 565.800902] binder: 30225:30237 Release 1 refcount change on invalid ref 0 ret -22 [ 565.800909] binder: 30225:30237 got transaction to invalid handle [ 565.800916] binder: 30225:30237 transaction failed 29201/-22, size 0-24 line 3013 [ 565.871340] binder: BINDER_SET_CONTEXT_MGR already set [ 565.871350] binder: 30248:30258 ioctl 40046207 0 returned -16 [ 565.871697] binder_alloc: 9902: binder_alloc_buf, no vma [ 565.871717] binder: 30248:30258 transaction failed 29189/-3, size 72-24 line 3136 [ 565.883596] binder: 30248:30258 Acquire 1 refcount change on invalid ref 3 ret -22 [ 565.883607] binder: 30248:30258 Release 1 refcount change on invalid ref 0 ret -22 [ 565.883615] binder: 30248:30258 got transaction to invalid handle [ 565.883625] binder: 30248:30258 transaction failed 29201/-22, size 0-24 line 3013 [ 565.947296] binder: BINDER_SET_CONTEXT_MGR already set [ 565.947307] binder: 30271:30280 ioctl 40046207 0 returned -16 [ 565.955563] binder_alloc: 9902: binder_alloc_buf, no vma [ 565.955588] binder: 30271:30280 transaction failed 29189/-3, size 72-24 line 3136 [ 565.957287] binder: 30271:30280 Acquire 1 refcount change on invalid ref 3 ret -22 [ 565.957297] binder: 30271:30280 Release 1 refcount change on invalid ref 0 ret -22 [ 565.957304] binder: 30271:30280 got transaction to invalid handle [ 565.957312] binder: 30271:30280 transaction failed 29201/-22, size 0-24 line 3013 [ 566.073690] binder: BINDER_SET_CONTEXT_MGR already set [ 566.073698] binder: 30291:30305 ioctl 40046207 0 returned -16 [ 566.074627] binder_alloc: 9902: binder_alloc_buf, no vma [ 566.074647] binder: 30291:30305 transaction failed 29189/-3, size 72-24 line 3136 [ 566.076002] binder: 30291:30305 Acquire 1 refcount change on invalid ref 3 ret -22 [ 566.076011] binder: 30291:30305 Release 1 refcount change on invalid ref 0 ret -22 [ 566.076018] binder: 30291:30305 got transaction to invalid handle [ 566.076026] binder: 30291:30305 transaction failed 29201/-22, size 0-24 line 3013 [ 566.174545] binder: BINDER_SET_CONTEXT_MGR already set [ 566.174554] binder: 30331:30333 ioctl 40046207 0 returned -16 [ 566.174673] binder_alloc: 9902: binder_alloc_buf, no vma [ 566.174693] binder: 30331:30333 transaction failed 29189/-3, size 72-24 line 3136 [ 566.175319] binder: 30331:30333 Acquire 1 refcount change on invalid ref 3 ret -22 [ 566.175328] binder: 30331:30333 Release 1 refcount change on invalid ref 0 ret -22 [ 566.175334] binder: 30331:30333 got transaction to invalid handle [ 566.175342] binder: 30331:30333 transaction failed 29201/-22, size 0-24 line 3013 [ 566.242330] binder: BINDER_SET_CONTEXT_MGR already set [ 566.242340] binder: 30348:30351 ioctl 40046207 0 returned -16 [ 566.242456] binder_alloc: 9902: binder_alloc_buf, no vma [ 566.242476] binder: 30348:30351 transaction failed 29189/-3, size 72-24 line 3136 [ 566.242968] binder: 30348:30351 Acquire 1 refcount change on invalid ref 3 ret -22 [ 566.242976] binder: 30348:30351 Release 1 refcount change on invalid ref 0 ret -22 [ 566.242981] binder: 30348:30351 got transaction to invalid handle [ 566.242988] binder: 30348:30351 transaction failed 29201/-22, size 0-24 line 3013 [ 566.297711] binder: BINDER_SET_CONTEXT_MGR already set [ 566.297720] binder: 30363:30369 ioctl 40046207 0 returned -16 [ 566.298274] binder_alloc: 9902: binder_alloc_buf, no vma [ 566.298294] binder: 30363:30369 transaction failed 29189/-3, size 72-24 line 3136 [ 566.299456] binder: 30363:30369 Acquire 1 refcount change on invalid ref 3 ret -22 [ 566.299465] binder: 30363:30369 Release 1 refcount change on invalid ref 0 ret -22 [ 566.299471] binder: 30363:30369 got transaction to invalid handle [ 566.299480] binder: 30363:30369 transaction failed 29201/-22, size 0-24 line 3013 [ 566.389839] binder: BINDER_SET_CONTEXT_MGR already set [ 566.389848] binder: 30379:30387 ioctl 40046207 0 returned -16 [ 566.389975] binder_alloc: 9902: binder_alloc_buf, no vma [ 566.389994] binder: 30379:30387 transaction failed 29189/-3, size 72-24 line 3136 [ 566.394185] binder: 30379:30387 Acquire 1 refcount change on invalid ref 3 ret -22 [ 566.394194] binder: 30379:30387 Release 1 refcount change on invalid ref 0 ret -22 [ 566.394201] binder: 30379:30387 got transaction to invalid handle [ 566.394210] binder: 30379:30387 transaction failed 29201/-22, size 0-24 line 3013 [ 566.435733] binder: BINDER_SET_CONTEXT_MGR already set [ 566.435741] binder: 30406:30410 ioctl 40046207 0 returned -16 [ 566.435840] binder_alloc: 9902: binder_alloc_buf, no vma [ 566.435859] binder: 30406:30410 transaction failed 29189/-3, size 72-24 line 3136 [ 566.436287] binder: 30406:30410 Acquire 1 refcount change on invalid ref 3 ret -22 [ 566.436296] binder: 30406:30410 Release 1 refcount change on invalid ref 0 ret -22 [ 566.436302] binder: 30406:30410 got transaction to invalid handle [ 566.436310] binder: 30406:30410 transaction failed 29201/-22, size 0-24 line 3013 [ 566.504941] binder: BINDER_SET_CONTEXT_MGR already set [ 566.504951] binder: 30417:30421 ioctl 40046207 0 returned -16 [ 566.505055] binder_alloc: 9902: binder_alloc_buf, no vma [ 566.505076] binder: 30417:30421 transaction failed 29189/-3, size 72-24 line 3136 [ 566.507981] binder: 30417:30421 Acquire 1 refcount change on invalid ref 3 ret -22 [ 566.507990] binder: 30417:30421 Release 1 refcount change on invalid ref 0 ret -22 [ 566.507996] binder: 30417:30421 got transaction to invalid handle [ 566.508004] binder: 30417:30421 transaction failed 29201/-22, size 0-24 line 3013 [ 566.550160] binder: BINDER_SET_CONTEXT_MGR already set [ 566.550169] binder: 30439:30441 ioctl 40046207 0 returned -16 [ 566.550304] binder_alloc: 9902: binder_alloc_buf, no vma [ 566.550323] binder: 30439:30441 transaction failed 29189/-3, size 72-24 line 3136 [ 566.555530] binder: 30439:30441 Acquire 1 refcount change on invalid ref 3 ret -22 [ 566.555539] binder: 30439:30441 Release 1 refcount change on invalid ref 0 ret -22 [ 566.555546] binder: 30439:30441 got transaction to invalid handle [ 566.555554] binder: 30439:30441 transaction failed 29201/-22, size 0-24 line 3013 [ 566.632349] binder: BINDER_SET_CONTEXT_MGR already set [ 566.632359] binder: 30454:30460 ioctl 40046207 0 returned -16 [ 566.632492] binder_alloc: 9902: binder_alloc_buf, no vma [ 566.632522] binder: 30454:30460 transaction failed 29189/-3, size 72-24 line 3136 [ 566.633908] binder: 30454:30460 Acquire 1 refcount change on invalid ref 3 ret -22 [ 566.633917] binder: 30454:30460 Release 1 refcount change on invalid ref 0 ret -22 [ 566.633924] binder: 30454:30460 got transaction to invalid handle [ 566.633932] binder: 30454:30460 transaction failed 29201/-22, size 0-24 line 3013 [ 566.678371] binder: BINDER_SET_CONTEXT_MGR already set [ 566.678382] binder: 30469:30472 ioctl 40046207 0 returned -16 [ 566.678491] binder_alloc: 9902: binder_alloc_buf, no vma [ 566.678512] binder: 30469:30472 transaction failed 29189/-3, size 72-24 line 3136 [ 566.679079] binder: 30469:30472 Acquire 1 refcount change on invalid ref 3 ret -22 [ 566.679087] binder: 30469:30472 Release 1 refcount change on invalid ref 0 ret -22 [ 566.679094] binder: 30469:30472 got transaction to invalid handle [ 566.679102] binder: 30469:30472 transaction failed 29201/-22, size 0-24 line 3013 [ 566.809721] binder: BINDER_SET_CONTEXT_MGR already set [ 566.809732] binder: 30488:30493 ioctl 40046207 0 returned -16 [ 566.810509] binder_alloc: 9902: binder_alloc_buf, no vma [ 566.810529] binder: 30488:30493 transaction failed 29189/-3, size 72-24 line 3136 [ 566.815820] binder: 30488:30493 Acquire 1 refcount change on invalid ref 3 ret -22 [ 566.815829] binder: 30488:30493 Release 1 refcount change on invalid ref 0 ret -22 [ 566.815835] binder: 30488:30493 got transaction to invalid handle [ 566.815842] binder: 30488:30493 transaction failed 29201/-22, size 0-24 line 3013 [ 566.892206] binder: BINDER_SET_CONTEXT_MGR already set [ 566.892216] binder: 30513:30518 ioctl 40046207 0 returned -16 [ 566.892318] binder_alloc: 9902: binder_alloc_buf, no vma [ 566.892338] binder: 30513:30518 transaction failed 29189/-3, size 72-24 line 3136 [ 566.892940] binder: 30513:30518 Acquire 1 refcount change on invalid ref 3 ret -22 [ 566.892949] binder: 30513:30518 Release 1 refcount change on invalid ref 0 ret -22 [ 566.892956] binder: 30513:30518 got transaction to invalid handle [ 566.892964] binder: 30513:30518 transaction failed 29201/-22, size 0-24 line 3013 [ 566.969675] binder: BINDER_SET_CONTEXT_MGR already set [ 566.969684] binder: 30536:30548 ioctl 40046207 0 returned -16 [ 566.984085] binder_alloc: 9902: binder_alloc_buf, no vma [ 566.984108] binder: 30536:30548 transaction failed 29189/-3, size 72-24 line 3136 [ 566.984676] binder: 30536:30548 Acquire 1 refcount change on invalid ref 3 ret -22 [ 566.984685] binder: 30536:30548 Release 1 refcount change on invalid ref 0 ret -22 [ 566.984692] binder: 30536:30548 got transaction to invalid handle [ 566.984700] binder: 30536:30548 transaction failed 29201/-22, size 0-24 line 3013 [ 567.076697] binder: BINDER_SET_CONTEXT_MGR already set [ 567.076706] binder: 30561:30563 ioctl 40046207 0 returned -16 [ 567.076820] binder_alloc: 9902: binder_alloc_buf, no vma [ 567.076841] binder: 30561:30563 transaction failed 29189/-3, size 72-24 line 3136 [ 567.086313] binder: 30561:30563 Acquire 1 refcount change on invalid ref 3 ret -22 [ 567.086323] binder: 30561:30563 Release 1 refcount change on invalid ref 0 ret -22 [ 567.086331] binder: 30561:30563 got transaction to invalid handle [ 567.086340] binder: 30561:30563 transaction failed 29201/-22, size 0-24 line 3013 [ 567.152942] binder: BINDER_SET_CONTEXT_MGR already set [ 567.152951] binder: 30588:30592 ioctl 40046207 0 returned -16 [ 567.153074] binder_alloc: 9902: binder_alloc_buf, no vma [ 567.153093] binder: 30588:30592 transaction failed 29189/-3, size 72-24 line 3136 [ 567.153558] binder: 30588:30592 Acquire 1 refcount change on invalid ref 3 ret -22 [ 567.153567] binder: 30588:30592 Release 1 refcount change on invalid ref 0 ret -22 [ 567.153574] binder: 30588:30592 got transaction to invalid handle [ 567.153582] binder: 30588:30592 transaction failed 29201/-22, size 0-24 line 3013 [ 567.242337] binder: BINDER_SET_CONTEXT_MGR already set [ 567.242345] binder: 30604:30609 ioctl 40046207 0 returned -16 [ 567.243390] binder_alloc: 9902: binder_alloc_buf, no vma [ 567.243411] binder: 30604:30609 transaction failed 29189/-3, size 72-24 line 3136 [ 567.244442] binder: 30604:30609 Acquire 1 refcount change on invalid ref 3 ret -22 [ 567.244451] binder: 30604:30609 Release 1 refcount change on invalid ref 0 ret -22 [ 567.244457] binder: 30604:30609 got transaction to invalid handle [ 567.244465] binder: 30604:30609 transaction failed 29201/-22, size 0-24 line 3013 [ 567.287954] binder: BINDER_SET_CONTEXT_MGR already set [ 567.287964] binder: 30626:30633 ioctl 40046207 0 returned -16 [ 567.288076] binder_alloc: 9902: binder_alloc_buf, no vma [ 567.288096] binder: 30626:30633 transaction failed 29189/-3, size 72-24 line 3136 [ 567.300996] binder: 30626:30633 Acquire 1 refcount change on invalid ref 3 ret -22 [ 567.301007] binder: 30626:30633 Release 1 refcount change on invalid ref 0 ret -22 [ 567.301014] binder: 30626:30633 got transaction to invalid handle [ 567.301025] binder: 30626:30633 transaction failed 29201/-22, size 0-24 line 3013 [ 567.421260] binder: BINDER_SET_CONTEXT_MGR already set [ 567.421270] binder: 30652:30664 ioctl 40046207 0 returned -16 [ 567.421375] binder_alloc: 9902: binder_alloc_buf, no vma [ 567.421392] binder: 30652:30664 transaction failed 29189/-3, size 72-24 line 3136 [ 567.426635] binder: 30652:30664 Acquire 1 refcount change on invalid ref 3 ret -22 [ 567.426645] binder: 30652:30664 Release 1 refcount change on invalid ref 0 ret -22 [ 567.426652] binder: 30652:30664 got transaction to invalid handle [ 567.426672] binder: 30652:30664 transaction failed 29201/-22, size 0-24 line 3013 [ 567.577380] binder: BINDER_SET_CONTEXT_MGR already set [ 567.577389] binder: 30674:30695 ioctl 40046207 0 returned -16 [ 567.578858] binder_alloc: 9902: binder_alloc_buf, no vma [ 567.578880] binder: 30674:30695 transaction failed 29189/-3, size 72-24 line 3136 [ 567.579531] binder: 30674:30695 Acquire 1 refcount change on invalid ref 3 ret -22 [ 567.579539] binder: 30674:30695 Release 1 refcount change on invalid ref 0 ret -22 [ 567.579545] binder: 30674:30695 got transaction to invalid handle [ 567.579553] binder: 30674:30695 transaction failed 29201/-22, size 0-24 line 3013 [ 567.729978] binder: BINDER_SET_CONTEXT_MGR already set [ 567.729988] binder: 30730:30735 ioctl 40046207 0 returned -16 [ 567.730086] binder_alloc: 9902: binder_alloc_buf, no vma [ 567.730106] binder: 30730:30735 transaction failed 29189/-3, size 72-24 line 3136 [ 567.745777] binder: 30730:30735 Acquire 1 refcount change on invalid ref 3 ret -22 [ 567.745788] binder: 30730:30735 Release 1 refcount change on invalid ref 0 ret -22 [ 567.745798] binder: 30730:30735 got transaction to invalid handle [ 567.745809] binder: 30730:30735 transaction failed 29201/-22, size 0-24 line 3013 [ 567.909495] binder: BINDER_SET_CONTEXT_MGR already set [ 567.909504] binder: 30761:30777 ioctl 40046207 0 returned -16 [ 567.909605] binder_alloc: 9902: binder_alloc_buf, no vma [ 567.909625] binder: 30761:30777 transaction failed 29189/-3, size 72-24 line 3136 [ 567.910594] binder: 30761:30777 Acquire 1 refcount change on invalid ref 3 ret -22 [ 567.910604] binder: 30761:30777 Release 1 refcount change on invalid ref 0 ret -22 [ 567.910610] binder: 30761:30777 got transaction to invalid handle [ 567.910619] binder: 30761:30777 transaction failed 29201/-22, size 0-24 line 3013 [ 568.169451] binder: BINDER_SET_CONTEXT_MGR already set [ 568.169464] binder: 30803:30810 ioctl 40046207 0 returned -16 [ 568.169601] binder_alloc: 9902: binder_alloc_buf, no vma [ 568.169621] binder: 30803:30810 transaction failed 29189/-3, size 72-24 line 3136 [ 568.170299] binder: 30803:30810 Acquire 1 refcount change on invalid ref 3 ret -22 [ 568.170309] binder: 30803:30810 Release 1 refcount change on invalid ref 0 ret -22 [ 568.170315] binder: 30803:30810 got transaction to invalid handle [ 568.170325] binder: 30803:30810 transaction failed 29201/-22, size 0-24 line 3013 [ 568.233130] binder: BINDER_SET_CONTEXT_MGR already set [ 568.233139] binder: 30835:30840 ioctl 40046207 0 returned -16 [ 568.233252] binder_alloc: 9902: binder_alloc_buf, no vma [ 568.233280] binder: 30835:30840 transaction failed 29189/-3, size 72-24 line 3136 [ 568.234723] binder: 30835:30840 Acquire 1 refcount change on invalid ref 3 ret -22 [ 568.234731] binder: 30835:30840 Release 1 refcount change on invalid ref 0 ret -22 [ 568.234737] binder: 30835:30840 got transaction to invalid handle [ 568.234745] binder: 30835:30840 transaction failed 29201/-22, size 0-24 line 3013 [ 571.146511] binder: BINDER_SET_CONTEXT_MGR already set [ 571.146520] binder: 30858:30862 ioctl 40046207 0 returned -16 [ 571.146613] binder_alloc: 9902: binder_alloc_buf, no vma [ 571.146633] binder: 30858:30862 transaction failed 29189/-3, size 72-24 line 3136 [ 571.147237] binder: 30858:30862 Acquire 1 refcount change on invalid ref 3 ret -22 [ 571.147247] binder: 30858:30862 Release 1 refcount change on invalid ref 0 ret -22 [ 571.147253] binder: 30858:30862 got transaction to invalid handle [ 571.147261] binder: 30858:30862 transaction failed 29201/-22, size 0-24 line 3013 [ 571.214865] binder: BINDER_SET_CONTEXT_MGR already set [ 571.214877] binder: 30878:30885 ioctl 40046207 0 returned -16 [ 571.221289] binder_alloc: 9902: binder_alloc_buf, no vma [ 571.221309] binder: 30878:30885 transaction failed 29189/-3, size 72-24 line 3136 [ 571.232052] binder: 30878:30885 Acquire 1 refcount change on invalid ref 3 ret -22 [ 571.232062] binder: 30878:30885 Release 1 refcount change on invalid ref 0 ret -22 [ 571.232069] binder: 30878:30885 got transaction to invalid handle [ 571.232079] binder: 30878:30885 transaction failed 29201/-22, size 0-24 line 3013 [ 571.290074] binder: BINDER_SET_CONTEXT_MGR already set [ 571.290083] binder: 30900:30904 ioctl 40046207 0 returned -16 [ 571.290197] binder_alloc: 9902: binder_alloc_buf, no vma [ 571.290216] binder: 30900:30904 transaction failed 29189/-3, size 72-24 line 3136 [ 571.290956] binder: 30900:30904 Acquire 1 refcount change on invalid ref 3 ret -22 [ 571.290965] binder: 30900:30904 Release 1 refcount change on invalid ref 0 ret -22 [ 571.290971] binder: 30900:30904 got transaction to invalid handle [ 571.290985] binder: 30900:30904 transaction failed 29201/-22, size 0-24 line 3013 [ 571.384038] binder: BINDER_SET_CONTEXT_MGR already set [ 571.384047] binder: 30923:30927 ioctl 40046207 0 returned -16 [ 571.384180] binder_alloc: 9902: binder_alloc_buf, no vma [ 571.384200] binder: 30923:30927 transaction failed 29189/-3, size 72-24 line 3136 [ 571.385096] binder: 30923:30927 Acquire 1 refcount change on invalid ref 3 ret -22 [ 571.385106] binder: 30923:30927 Release 1 refcount change on invalid ref 0 ret -22 [ 571.385112] binder: 30923:30927 got transaction to invalid handle [ 571.385121] binder: 30923:30927 transaction failed 29201/-22, size 0-24 line 3013 [ 571.440122] binder: BINDER_SET_CONTEXT_MGR already set [ 571.440132] binder: 30943:30951 ioctl 40046207 0 returned -16 [ 571.440317] binder_alloc: 9902: binder_alloc_buf, no vma [ 571.440337] binder: 30943:30951 transaction failed 29189/-3, size 72-24 line 3136 [ 571.440816] binder: 30943:30951 Acquire 1 refcount change on invalid ref 3 ret -22 [ 571.440825] binder: 30943:30951 Release 1 refcount change on invalid ref 0 ret -22 [ 571.440831] binder: 30943:30951 got transaction to invalid handle [ 571.440838] binder: 30943:30951 transaction failed 29201/-22, size 0-24 line 3013 [ 571.505147] binder: BINDER_SET_CONTEXT_MGR already set [ 571.505155] binder: 30960:30963 ioctl 40046207 0 returned -16 [ 571.505258] binder_alloc: 9902: binder_alloc_buf, no vma [ 571.505276] binder: 30960:30963 transaction failed 29189/-3, size 72-24 line 3136 [ 571.506274] binder: 30960:30963 Acquire 1 refcount change on invalid ref 3 ret -22 [ 571.506282] binder: 30960:30963 Release 1 refcount change on invalid ref 0 ret -22 [ 571.506288] binder: 30960:30963 got transaction to invalid handle [ 571.506296] binder: 30960:30963 transaction failed 29201/-22, size 0-24 line 3013 [ 571.572953] binder: BINDER_SET_CONTEXT_MGR already set [ 571.572962] binder: 30978:30984 ioctl 40046207 0 returned -16 [ 571.573520] binder_alloc: 9902: binder_alloc_buf, no vma [ 571.573541] binder: 30978:30984 transaction failed 29189/-3, size 72-24 line 3136 [ 571.574607] binder: 30978:30984 Acquire 1 refcount change on invalid ref 3 ret -22 [ 571.574616] binder: 30978:30984 Release 1 refcount change on invalid ref 0 ret -22 [ 571.574623] binder: 30978:30984 got transaction to invalid handle [ 571.574631] binder: 30978:30984 transaction failed 29201/-22, size 0-24 line 3013 [ 571.651264] binder: BINDER_SET_CONTEXT_MGR already set [ 571.651273] binder: 30999:31003 ioctl 40046207 0 returned -16 [ 571.651390] binder_alloc: 9902: binder_alloc_buf, no vma [ 571.651409] binder: 30999:31003 transaction failed 29189/-3, size 72-24 line 3136 [ 571.652510] binder: 30999:31003 Acquire 1 refcount change on invalid ref 3 ret -22 [ 571.652520] binder: 30999:31003 Release 1 refcount change on invalid ref 0 ret -22 [ 571.652527] binder: 30999:31003 got transaction to invalid handle [ 571.652535] binder: 30999:31003 transaction failed 29201/-22, size 0-24 line 3013 [ 571.717200] binder: BINDER_SET_CONTEXT_MGR already set [ 571.717208] binder: 31010:31024 ioctl 40046207 0 returned -16 [ 571.717334] binder_alloc: 9902: binder_alloc_buf, no vma [ 571.717354] binder: 31010:31024 transaction failed 29189/-3, size 72-24 line 3136 [ 571.718487] binder: 31010:31024 Acquire 1 refcount change on invalid ref 3 ret -22 [ 571.718496] binder: 31010:31024 Release 1 refcount change on invalid ref 0 ret -22 [ 571.718502] binder: 31010:31024 got transaction to invalid handle [ 571.718511] binder: 31010:31024 transaction failed 29201/-22, size 0-24 line 3013 [ 571.784417] binder: BINDER_SET_CONTEXT_MGR already set [ 571.784426] binder: 31033:31037 ioctl 40046207 0 returned -16 [ 571.784525] binder_alloc: 9902: binder_alloc_buf, no vma [ 571.784545] binder: 31033:31037 transaction failed 29189/-3, size 72-24 line 3136 [ 571.786417] binder: 31033:31037 Acquire 1 refcount change on invalid ref 3 ret -22 [ 571.786426] binder: 31033:31037 Release 1 refcount change on invalid ref 0 ret -22 [ 571.786433] binder: 31033:31037 got transaction to invalid handle [ 571.786441] binder: 31033:31037 transaction failed 29201/-22, size 0-24 line 3013 [ 571.894156] binder: BINDER_SET_CONTEXT_MGR already set [ 571.894164] binder: 31063:31067 ioctl 40046207 0 returned -16 [ 571.894279] binder_alloc: 9902: binder_alloc_buf, no vma [ 571.894299] binder: 31063:31067 transaction failed 29189/-3, size 72-24 line 3136 [ 571.894875] binder: 31063:31067 Acquire 1 refcount change on invalid ref 3 ret -22 [ 571.894884] binder: 31063:31067 Release 1 refcount change on invalid ref 0 ret -22 [ 571.894897] binder: 31063:31067 got transaction to invalid handle [ 571.895030] binder: 31063:31067 transaction failed 29201/-22, size 0-24 line 3013 [ 572.017501] binder: BINDER_SET_CONTEXT_MGR already set [ 572.017513] binder: 31093:31100 ioctl 40046207 0 returned -16 [ 572.017630] binder_alloc: 9902: binder_alloc_buf, no vma [ 572.017651] binder: 31093:31100 transaction failed 29189/-3, size 72-24 line 3136 [ 572.020292] binder: 31093:31100 Acquire 1 refcount change on invalid ref 3 ret -22 [ 572.020300] binder: 31093:31100 Release 1 refcount change on invalid ref 0 ret -22 [ 572.020307] binder: 31093:31100 got transaction to invalid handle [ 572.020316] binder: 31093:31100 transaction failed 29201/-22, size 0-24 line 3013 [ 572.093603] binder: BINDER_SET_CONTEXT_MGR already set [ 572.093613] binder: 31112:31121 ioctl 40046207 0 returned -16 [ 572.094644] binder_alloc: 9902: binder_alloc_buf, no vma [ 572.094664] binder: 31112:31121 transaction failed 29189/-3, size 72-24 line 3136 [ 572.095794] binder: 31112:31121 Acquire 1 refcount change on invalid ref 3 ret -22 [ 572.095803] binder: 31112:31121 Release 1 refcount change on invalid ref 0 ret -22 [ 572.095810] binder: 31112:31121 got transaction to invalid handle [ 572.095818] binder: 31112:31121 transaction failed 29201/-22, size 0-24 line 3013 [ 572.183132] binder: BINDER_SET_CONTEXT_MGR already set [ 572.183140] binder: 31133:31140 ioctl 40046207 0 returned -16 [ 572.183333] binder_alloc: 9902: binder_alloc_buf, no vma [ 572.183349] binder: 31133:31140 transaction failed 29189/-3, size 72-24 line 3136 [ 572.186349] binder: 31133:31140 Acquire 1 refcount change on invalid ref 3 ret -22 [ 572.186358] binder: 31133:31140 Release 1 refcount change on invalid ref 0 ret -22 [ 572.186365] binder: 31133:31140 got transaction to invalid handle [ 572.186374] binder: 31133:31140 transaction failed 29201/-22, size 0-24 line 3013 [ 572.282822] binder: BINDER_SET_CONTEXT_MGR already set [ 572.282831] binder: 31156:31163 ioctl 40046207 0 returned -16 [ 572.282936] binder_alloc: 9902: binder_alloc_buf, no vma [ 572.282956] binder: 31156:31163 transaction failed 29189/-3, size 72-24 line 3136 [ 572.283702] binder: 31156:31163 Acquire 1 refcount change on invalid ref 3 ret -22 [ 572.283710] binder: 31156:31163 Release 1 refcount change on invalid ref 0 ret -22 [ 572.283716] binder: 31156:31163 got transaction to invalid handle [ 572.283724] binder: 31156:31163 transaction failed 29201/-22, size 0-24 line 3013 [ 572.348292] binder: BINDER_SET_CONTEXT_MGR already set [ 572.348301] binder: 31176:31184 ioctl 40046207 0 returned -16 [ 572.348520] binder_alloc: 9902: binder_alloc_buf, no vma [ 572.348547] binder: 31176:31184 transaction failed 29189/-3, size 72-24 line 3136 [ 572.353027] binder: 31176:31184 Acquire 1 refcount change on invalid ref 3 ret -22 [ 572.353036] binder: 31176:31184 Release 1 refcount change on invalid ref 0 ret -22 [ 572.353044] binder: 31176:31184 got transaction to invalid handle [ 572.353059] binder: 31176:31184 transaction failed 29201/-22, size 0-24 line 3013 [ 572.417426] binder: BINDER_SET_CONTEXT_MGR already set [ 572.417436] binder: 31194:31197 ioctl 40046207 0 returned -16 [ 572.417537] binder_alloc: 9902: binder_alloc_buf, no vma [ 572.417558] binder: 31194:31197 transaction failed 29189/-3, size 72-24 line 3136 [ 572.418003] binder: 31194:31197 Acquire 1 refcount change on invalid ref 3 ret -22 [ 572.418012] binder: 31194:31197 Release 1 refcount change on invalid ref 0 ret -22 [ 572.418018] binder: 31194:31197 got transaction to invalid handle [ 572.418026] binder: 31194:31197 transaction failed 29201/-22, size 0-24 line 3013 [ 572.497657] binder: BINDER_SET_CONTEXT_MGR already set [ 572.497666] binder: 31206:31219 ioctl 40046207 0 returned -16 [ 572.519270] binder_alloc: 9902: binder_alloc_buf, no vma [ 572.519297] binder: 31206:31219 transaction failed 29189/-3, size 72-24 line 3136 [ 572.526593] binder: 31206:31219 Acquire 1 refcount change on invalid ref 3 ret -22 [ 572.526602] binder: 31206:31219 Release 1 refcount change on invalid ref 0 ret -22 [ 572.526609] binder: 31206:31219 got transaction to invalid handle [ 572.526617] binder: 31206:31219 transaction failed 29201/-22, size 0-24 line 3013 [ 572.640538] binder: BINDER_SET_CONTEXT_MGR already set [ 572.640550] binder: 31234:31243 ioctl 40046207 0 returned -16 [ 572.640694] binder_alloc: 9902: binder_alloc_buf, no vma [ 572.640713] binder: 31234:31243 transaction failed 29189/-3, size 72-24 line 3136 [ 572.641213] binder: 31234:31243 Acquire 1 refcount change on invalid ref 3 ret -22 [ 572.641222] binder: 31234:31243 Release 1 refcount change on invalid ref 0 ret -22 [ 572.641228] binder: 31234:31243 got transaction to invalid handle [ 572.641236] binder: 31234:31243 transaction failed 29201/-22, size 0-24 line 3013 [ 572.717841] binder: BINDER_SET_CONTEXT_MGR already set [ 572.717851] binder: 31259:31267 ioctl 40046207 0 returned -16 [ 572.717962] binder_alloc: 9902: binder_alloc_buf, no vma [ 572.717980] binder: 31259:31267 transaction failed 29189/-3, size 72-24 line 3136 [ 572.718675] binder: 31259:31267 Acquire 1 refcount change on invalid ref 3 ret -22 [ 572.718684] binder: 31259:31267 Release 1 refcount change on invalid ref 0 ret -22 [ 572.718691] binder: 31259:31267 got transaction to invalid handle [ 572.718699] binder: 31259:31267 transaction failed 29201/-22, size 0-24 line 3013 [ 572.740042] INFO: task kworker/u4:4:2120 blocked for more than 140 seconds. [ 572.740047] Not tainted 4.9.141+ #23 [ 572.740049] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 572.740066] kworker/u4:4 D25352 2120 2 0x80000000 [ 572.740084] Workqueue: events_unbound fsnotify_mark_destroy_workfn [ 572.740096] ffff8801d1ae97c0 0000000000000000 ffff8801d2e32100 ffff8801da6f2f80 [ 572.740105] ffff8801db721018 ffff8801adf2f7c0 ffffffff828075c2 0000000000000096 [ 572.740114] ffffffff83cdc420 ffffffff830d2c20 0000000000004fac ffff8801db7218f0 [ 572.740116] Call Trace: [ 572.740128] [] ? __schedule+0x662/0x1b10 [ 572.740135] [] schedule+0x7f/0x1b0 [ 572.740142] [] schedule_timeout+0x735/0xe20 [ 572.740149] [] ? mod_timer+0x5b2/0xf80 [ 572.740157] [] ? calc_wheel_index+0x33/0x1b0 [ 572.740164] [] ? usleep_range+0x140/0x140 [ 572.740172] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 572.740179] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 572.740186] [] ? mark_held_locks+0xc7/0x130 [ 572.740192] [] ? _raw_spin_unlock_irq+0x27/0x50 [ 572.740199] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 572.740206] [] wait_for_common+0x3ef/0x5d0 [ 572.740213] [] ? out_of_line_wait_on_atomic_t+0x1e0/0x1e0 [ 572.740220] [] ? wake_up_q+0xe0/0xe0 [ 572.740226] [] ? srcu_reschedule+0x85/0x310 [ 572.740232] [] ? srcu_advance_batches+0x1e4/0x430 [ 572.740239] [] wait_for_completion+0x18/0x20 [ 572.740246] [] __synchronize_srcu+0x254/0x3b0 [ 572.740253] [] ? srcu_advance_batches+0x430/0x430 [ 572.740260] [] ? trace_raw_output_rcu_utilization+0x150/0x150 [ 572.740268] [] ? fsnotify_mark_destroy_list+0x80/0x390 [ 572.740276] [] ? fsnotify_mark_destroy_list+0x103/0x390 [ 572.740284] [] synchronize_srcu+0x1e/0x40 [ 572.740291] [] fsnotify_mark_destroy_list+0x10f/0x390 [ 572.740301] [] ? debug_object_deactivate+0x214/0x340 [ 572.740309] [] ? fsnotify_init_mark+0xa0/0xa0 [ 572.740328] [] fsnotify_mark_destroy_workfn+0xe/0x10 [ 572.740337] [] process_one_work+0x831/0x15f0 [ 572.740344] [] ? process_one_work+0x774/0x15f0 [ 572.740352] [] ? cancel_delayed_work_sync+0x20/0x20 [ 572.740367] [] worker_thread+0xd6/0x1140 [ 572.740374] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 572.740384] [] kthread+0x26d/0x300 [ 572.740391] [] ? process_one_work+0x15f0/0x15f0 [ 572.740398] [] ? kthread_park+0xa0/0xa0 [ 572.740406] [] ? __switch_to_asm+0x34/0x70 [ 572.740414] [] ? kthread_park+0xa0/0xa0 [ 572.740421] [] ? kthread_park+0xa0/0xa0 [ 572.740428] [] ret_from_fork+0x5c/0x70 [ 572.740432] [ 572.740432] Showing all locks held in the system: [ 572.740438] 2 locks held by khungtaskd/24: [ 572.740455] #0: (rcu_read_lock){......}, at: [] watchdog+0x11c/0xa20 [ 572.740471] #1: (tasklist_lock){.+.+..}, at: [] debug_show_all_locks+0x79/0x218 [ 572.740478] 1 lock held by rsyslogd/1910: [ 572.740492] #0: (&f->f_pos_lock){+.+.+.}, at: [] __fdget_pos+0xac/0xd0 [ 572.740497] 2 locks held by getty/2037: [ 572.740511] #0: (&tty->ldisc_sem){++++++}, at: [] ldsem_down_read+0x32/0x40 [ 572.740527] #1: (&ldata->atomic_read_lock){+.+...}, at: [] n_tty_read+0x202/0x16e0 [ 572.740532] 2 locks held by kworker/u4:4/2120: [ 572.740546] #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 [ 572.740559] #1: ((reaper_work).work){+.+...}, at: [] process_one_work+0x774/0x15f0 [ 572.740874] 1 lock held by init/24202: [ 572.740888] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 [ 572.740892] 1 lock held by init/24203: [ 572.740905] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 [ 572.740909] 1 lock held by init/24204: [ 572.740921] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 [ 572.740925] 1 lock held by init/24205: [ 572.740938] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 [ 572.740942] 1 lock held by init/24206: [ 572.740955] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 [ 572.740959] 1 lock held by init/24208: [ 572.740972] #0: (tty_mutex){+.+.+.}, at: [] tty_open+0x476/0xdf0 [ 572.740978] 2 locks held by kworker/u4:1/24717: [ 572.740991] #0: ("events_unbound"){.+.+.+}, at: [] process_one_work+0x73c/0x15f0 [ 572.741003] #1: ((&sub_info->work)){+.+.+.}, at: [] process_one_work+0x774/0x15f0 [ 572.741133] [ 572.741135] ============================================= [ 572.741135] [ 572.741139] NMI backtrace for cpu 1 [ 572.741147] CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #23 [ 572.741159] ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001 [ 572.741168] 0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40 [ 572.741177] ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000003 [ 572.741179] Call Trace: [ 572.741189] [] dump_stack+0xc1/0x128 [ 572.741198] [] ? irq_force_complete_move+0x330/0x330 [ 572.741206] [] nmi_cpu_backtrace.cold.0+0x48/0x87 [ 572.741214] [] ? irq_force_complete_move+0x330/0x330 [ 572.741221] [] nmi_trigger_cpumask_backtrace+0x12c/0x151 [ 572.741229] [] arch_trigger_cpumask_backtrace+0x14/0x20 [ 572.741236] [] watchdog+0x6ad/0xa20 [ 572.741243] [] ? watchdog+0x11c/0xa20 [ 572.741251] [] kthread+0x26d/0x300 [ 572.741259] [] ? reset_hung_task_detector+0x20/0x20 [ 572.741266] [] ? kthread_park+0xa0/0xa0 [ 572.741274] [] ? __switch_to_asm+0x34/0x70 [ 572.741281] [] ? kthread_park+0xa0/0xa0 [ 572.741288] [] ? kthread_park+0xa0/0xa0 [ 572.741294] [] ret_from_fork+0x5c/0x70 [ 572.741300] Sending NMI from CPU 1 to CPUs 0: [ 572.741703] NMI backtrace for cpu 0 [ 572.741707] CPU: 0 PID: 31266 Comm: syz-executor.0 Not tainted 4.9.141+ #23 [ 572.741710] task: ffff880161762f80 task.stack: ffff88015cac8000 [ 572.741713] RIP: 0010:[] c [] unmap_page_range+0xb55/0x1680 [ 572.741716] RSP: 0018:ffff88015cacf708 EFLAGS: 00000246 [ 572.741720] RAX: dead000000000100 RBX: 00000000f7025000 RCX: dffffc0000000000 [ 572.741723] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: ffff88015cacf990 [ 572.741726] RBP: ffff88015cacf858 R08: ffff880161763850 R09: 9e50ee563b4102ff [ 572.741729] R10: ffff880161762f80 R11: 0000000000000001 R12: 00000000f7026000 [ 572.741733] R13: 0000000000000002 R14: ffffea0006e41340 R15: ffff88018d9b9128 [ 572.741736] FS: 0000000000000000(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 [ 572.741739] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 572.741742] CR2: 0000000000ee6668 CR3: 00000001b6181000 CR4: 00000000001606b0 [ 572.741744] Stack: [ 572.741747] 1ffff1002b959efac dffffc0000000003c fffffbfff067cf3ac 0000000000000019c [ 572.741751] 00000000f71f5fffc 00000000f71f5fffc 00000000f71f5fffc 00000000f71f6000c [ 572.741755] 0000000000000000c ffffed002b9aadb8c ffff8801675c4840c 00000000f71f6000c [ 572.741756] Call Trace: [ 572.741759] [] ? do_wp_page+0x2010/0x2010 [ 572.741762] [] ? uprobe_munmap+0x94/0x220 [ 572.741765] [] unmap_single_vma+0x11c/0x170 [ 572.741767] [] unmap_vmas+0x81/0xd0 [ 572.741770] [] exit_mmap+0x1cc/0x3a0 [ 572.741773] [] ? SyS_munmap+0xa0/0xa0 [ 572.741776] [] ? __might_sleep+0x95/0x1a0 [ 572.741778] [] mmput+0xcd/0x360 [ 572.741781] [] do_exit+0x6c9/0x2a50 [ 572.741784] [] ? trace_hardirqs_on+0x10/0x10 [ 572.741787] [] ? futex_wait_restart+0x230/0x230 [ 572.741790] [] ? release_task.part.4+0x14b0/0x14b0 [ 572.741793] [] ? __dequeue_signal+0x79/0x5f0 [ 572.741796] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 572.741798] [] ? recalc_sigpending+0x72/0x90 [ 572.741801] [] ? dequeue_signal+0xc4/0x4b0 [ 572.741804] [] ? check_preemption_disabled+0x3b/0x200 [ 572.741807] [] do_group_exit+0x111/0x300 [ 572.741810] [] get_signal+0x4e1/0x1460 [ 572.741813] [] ? trace_hardirqs_on+0x10/0x10 [ 572.741816] [] do_signal+0x95/0x1b00 [ 572.741819] [] ? setup_sigcontext+0x7d0/0x7d0 [ 572.741821] [] ? ktime_get_ts64+0x24e/0x2e0 [ 572.741824] [] ? posix_ktime_get_ts+0x15/0x20 [ 572.741827] [] ? __might_fault+0x92/0x1d0 [ 572.741830] [] ? compat_SyS_get_robust_list+0x310/0x310 [ 572.741833] [] ? compat_SyS_clock_gettime+0x131/0x1b0 [ 572.741836] [] ? exit_to_usermode_loop+0xbe/0x150 [ 572.741839] [] exit_to_usermode_loop+0x10e/0x150 [ 572.741842] [] do_fast_syscall_32+0x6dc/0xa10 [ 572.741845] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 572.741848] [] entry_SYSENTER_compat+0x90/0xa2 [ 572.741858] Code: c82 c22 ce8 cff c49 c8d c46 c20 c48 cbe c00 c00 c00 c00 c00 cfc cff cdf c48 c89 c85 c68 cff cff cff c48 cc1 ce8 c03 c80 c3c c30 c00 c0f c85 c64 c09 c00 c00 c49 c8b c46 c20 c<4d> c89 cf5 ca8 c01 c0f c85 c7a c07 c00 c00 ce8 c4b c22 ce8 cff c49 c8d c7d c08 c48 c [ 572.742319] Kernel panic - not syncing: hung_task: blocked tasks [ 572.742327] CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #23 [ 572.742339] ffff8801d9907cc8 ffffffff81b42e79 ffffffff82a78560 00000000ffffffff [ 572.742349] 0000000000000000 0000000000000001 dffffc0000000000 ffff8801d9907d88 [ 572.742358] ffffffff813f7125 0000000041b58ab3 ffffffff82e2b62b ffffffff813f6f66 [ 572.742359] Call Trace: [ 572.742370] [] dump_stack+0xc1/0x128 [ 572.742377] [] panic+0x1bf/0x39f [ 572.742384] [] ? add_taint.cold.5+0x16/0x16 [ 572.742392] [] ? nmi_trigger_cpumask_backtrace+0x102/0x151 [ 572.742400] [] watchdog+0x6be/0xa20 [ 572.742406] [] ? watchdog+0x11c/0xa20 [ 572.742414] [] kthread+0x26d/0x300 [ 572.742421] [] ? reset_hung_task_detector+0x20/0x20 [ 572.742428] [] ? kthread_park+0xa0/0xa0 [ 572.742436] [] ? __switch_to_asm+0x34/0x70 [ 572.742443] [] ? kthread_park+0xa0/0xa0 [ 572.742451] [] ? kthread_park+0xa0/0xa0 [ 572.742457] [] ret_from_fork+0x5c/0x70 [ 572.742748] Kernel Offset: disabled