D(r0, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done], 0xfffffffffffffeb3, 0x0, &(0x7f00000007c0)}) [ 427.121616][T10404] binder_alloc: allocated: 2456 (num: 101 largest: 32), free: 9832 (num: 1 largest: 9832) 08:47:19 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:19 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 427.282070][T10422] binder: 10417:10422 ioctl c0306201 0 returned -14 08:47:19 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xff00, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:19 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x03'}, 0x48) 08:47:19 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xff00, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 427.350286][T10431] binder: BINDER_SET_CONTEXT_MGR already set 08:47:19 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 427.416013][T10431] binder: 10417:10431 ioctl 40046207 0 returned -16 [ 427.428414][T10437] binder: 10428:10437 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:20 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x80ffffff, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\a'}, 0x48) 08:47:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:20 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done], 0xfffffffffffffeb3, 0x0, &(0x7f00000007c0)}) 08:47:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xff00, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:20 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x80ffffff, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\n'}, 0x48) 08:47:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 427.699692][ T5] binder: release 10417:10422 transaction 635 out, still active [ 427.707731][ T5] binder: unexpected work type, 4, not freed [ 427.713795][ T5] binder: undelivered TRANSACTION_COMPLETE 08:47:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 427.750525][T10570] binder: 10569:10570 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:20 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x80ffffff, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) [ 427.820521][T10572] binder: 10571:10572 ioctl c0306201 0 returned -14 08:47:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x500000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 427.914626][T10583] binder: BINDER_SET_CONTEXT_MGR already set 08:47:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 427.955561][T10583] binder: 10571:10583 ioctl 40046207 0 returned -16 [ 428.022513][T10590] binder: 10589:10590 got transaction with invalid offset (0, min 0 max 0) or object. [ 428.054742][T10590] binder_transaction: 41 callbacks suppressed [ 428.054760][T10590] binder: 10589:10590 transaction failed 29201/-22, size 0-8 line 3241 [ 428.075599][ T17] binder_release_work: 41 callbacks suppressed [ 428.075607][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:20 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done], 0xfffffffffffffeb3, 0x0, &(0x7f00000007c0)}) 08:47:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x600000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 428.158075][ T5] binder: release 10571:10572 transaction 646 out, still active [ 428.165767][ T5] binder: unexpected work type, 4, not freed 08:47:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xff00, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) [ 428.196622][T10702] binder: 10701:10702 transaction failed 29201/-22, size 0-8 line 3241 [ 428.204607][T10705] binder: 10698:10705 transaction failed 29201/-22, size 0-8 line 3241 [ 428.217721][T10709] binder: 10699:10709 transaction failed 29201/-28, size 0-12288 line 3147 [ 428.218916][ T5] binder: undelivered TRANSACTION_COMPLETE [ 428.262742][T10708] binder: 10707:10708 ioctl c0306201 0 returned -14 [ 428.281140][T10709] binder: 10699:10709 transaction failed 29201/-28, size 0-12288 line 3147 [ 428.281145][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xff00, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) [ 428.321828][T10708] binder: BINDER_SET_CONTEXT_MGR already set 08:47:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:20 executing program 4: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FITRIM(r0, 0x4008550d, 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0405405, &(0x7f0000000000)={{0x3, 0x3, 0x20, 0x0, 0x7}, 0x8, 0x4, 0x97}) 08:47:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 428.362776][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 428.370253][T10708] binder: 10707:10708 ioctl 40046207 0 returned -16 [ 428.377959][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 428.384262][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 428.454564][T10730] binder: 10725:10730 transaction failed 29201/-28, size 0-12288 line 3147 [ 428.515095][T10794] binder: 10783:10794 transaction failed 29201/-22, size 0-8 line 3241 [ 428.535097][ T5] binder: undelivered TRANSACTION_ERROR: 29201 08:47:21 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x48, 0x0, &(0x7f0000000700)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae420e087d59c0c7be7fcad1abb7e1f8f446f373f611ca1ee9c2231708e18a47bc68a2a79a0b48931f6ff6d"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done], 0xfffffffffffffeb3, 0x0, &(0x7f00000007c0)}) 08:47:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xff00, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:21 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:21 executing program 4: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x48, 0x0, &(0x7f0000000700)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae420e087d59c0c7be7fcad1abb7e1f8f446f373f611ca1ee9c2231708e18a47bc68a2a79a0b48931f6ff6d"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done], 0xfffffffffffffeb3, 0x0, &(0x7f00000007c0)}) 08:47:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 428.575108][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:21 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 428.683856][T10843] binder: 10842:10843 ioctl c018620b 0 returned -14 [ 428.698179][T10848] binder: 10848 RLIMIT_NICE not set [ 428.707435][T10851] binder: 10850:10851 transaction failed 29201/-22, size 0-8 line 3241 [ 428.741476][T10848] binder: BINDER_SET_CONTEXT_MGR already set [ 428.749416][T10854] binder: 10854 RLIMIT_NICE not set [ 428.769892][T10848] binder: 10847:10848 ioctl 40046207 0 returned -16 [ 428.769992][T10849] binder: 10844:10849 transaction failed 29201/-28, size 0-12288 line 3147 08:47:21 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 428.795452][T10843] binder: BINDER_SET_CONTEXT_MGR already set [ 428.827022][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 428.833409][T10843] binder: 10842:10843 ioctl 40046207 0 returned -16 08:47:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 428.841492][ T5] binder: undelivered TRANSACTION_ERROR: 29201 08:47:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0xa00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 428.873993][T10859] binder: 10847:10859 BC_ACQUIRE_DONE node 658 has no pending acquire request [ 428.931797][T10843] binder: 10842:10843 BC_ACQUIRE_DONE node 661 has no pending acquire request [ 428.967334][T10871] binder: 10868:10871 transaction failed 29201/-28, size 0-12288 line 3147 [ 428.980175][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 429.436585][ T5] binder: release 10842:10854 transaction 660 out, still active [ 429.468543][ T5] binder: release 10847:10848 transaction 657 out, still active [ 429.476243][ T5] binder: unexpected work type, 4, not freed 08:47:22 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x48, 0x0, &(0x7f0000000700)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae420e087d59c0c7be7fcad1abb7e1f8f446f373f611ca1ee9c2231708e18a47bc68a2a79a0b48931f6ff6d"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done], 0xfffffffffffffeb3, 0x0, &(0x7f00000007c0)}) 08:47:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:22 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:22 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 429.488141][ T5] binder: undelivered TRANSACTION_COMPLETE 08:47:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:22 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:22 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 429.564140][T10891] binder: 10891 RLIMIT_NICE not set [ 429.582893][T10891] binder: BINDER_SET_CONTEXT_MGR already set [ 429.670595][T10891] binder: 10890:10891 ioctl 40046207 0 returned -16 08:47:22 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:22 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x48, 0x0, &(0x7f0000000700)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae420e087d59c0c7be7fcad1abb7e1f8f446f373f611ca1ee9c2231708e18a47bc68a2a79a0b48931f6ff6d"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done], 0xfffffffffffffeb3, 0x0, &(0x7f00000007c0)}) 08:47:22 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x4c000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:22 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 429.909656][T11024] binder_alloc_new_buf_locked: 14 callbacks suppressed [ 429.909669][T11024] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:22 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 429.950448][T11026] binder: 11026 RLIMIT_NICE not set 08:47:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x4800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:22 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 429.988275][T11026] binder: BINDER_SET_CONTEXT_MGR already set [ 429.994324][T11026] binder: 11025:11026 ioctl 40046207 0 returned -16 08:47:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x68000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:22 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 430.084947][T11039] binder: 11025:11039 BC_ACQUIRE_DONE node 673 has no pending acquire request [ 430.160077][T11046] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 430.213976][T11046] binder_alloc_new_buf_locked: 15 callbacks suppressed [ 430.213996][T11046] binder_alloc: allocated: 2608 (num: 105 largest: 32), free: 9680 (num: 2 largest: 9672) 08:47:23 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x48, 0x0, &(0x7f0000000700)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae420e087d59c0c7be7fcad1abb7e1f8f446f373f611ca1ee9c2231708e18a47bc68a2a79a0b48931f6ff6d"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 08:47:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x4c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:23 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:23 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x6c000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 430.729008][ T17] binder: release 11025:11026 transaction 672 out, still active 08:47:23 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 430.775685][T11065] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:23 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 430.817306][T11065] binder_alloc: allocated: 2608 (num: 105 largest: 32), free: 9680 (num: 2 largest: 9672) [ 430.834173][T11068] binder: 11068 RLIMIT_NICE not set [ 430.857336][T11068] binder: BINDER_SET_CONTEXT_MGR already set [ 430.885568][T11066] binder_transaction: 9 callbacks suppressed [ 430.885585][T11066] binder: 11056:11066 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:23 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:23 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 430.933499][T11068] binder: 11067:11068 ioctl 40046207 0 returned -16 08:47:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:23 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x48, 0x0, &(0x7f0000000700)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae420e087d59c0c7be7fcad1abb7e1f8f446f373f611ca1ee9c2231708e18a47bc68a2a79a0b48931f6ff6d"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x74000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 431.015883][ T17] binder: release 11067:11078 transaction 679 out, still active 08:47:23 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:23 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\xff'}, 0x48) [ 431.120905][T11094] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 431.134997][T11095] binder: 11095 RLIMIT_NICE not set [ 431.146835][T11094] binder_alloc: allocated: 2640 (num: 106 largest: 32), free: 9648 (num: 2 largest: 9640) [ 431.158159][T11095] binder: BINDER_SET_CONTEXT_MGR already set 08:47:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 431.178085][T11095] binder: 11093:11095 ioctl 40046207 0 returned -16 [ 431.187619][T11097] binder: 11096:11097 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x6800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x7a000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:23 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\xff'}, 0x48) 08:47:23 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) [ 431.365780][T11114] binder: 11113:11114 got transaction with invalid offset (0, min 0 max 0) or object. [ 431.379150][T11115] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 431.395832][T11115] binder_alloc: allocated: 2680 (num: 108 largest: 32), free: 9608 (num: 1 largest: 9608) 08:47:24 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x48, 0x0, &(0x7f0000000700)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae420e087d59c0c7be7fcad1abb7e1f8f446f373f611ca1ee9c2231708e18a47bc68a2a79a0b48931f6ff6d"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:24 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:24 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x6c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x30000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) [ 431.927810][ T5] binder: release 11093:11095 transaction 684 out, still active [ 431.965074][T11134] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:24 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x80'}, 0x48) 08:47:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:24 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 431.997028][T11134] binder_alloc: allocated: 2672 (num: 107 largest: 32), free: 9616 (num: 2 largest: 9608) [ 432.022497][T11142] binder: 11142 RLIMIT_NICE not set [ 432.045374][T11140] binder: 11138:11140 got transaction with invalid offset (0, min 0 max 0) or object. [ 432.075521][T11146] binder: BINDER_SET_CONTEXT_MGR already set 08:47:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:24 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:24 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x90'}, 0x48) [ 432.117237][T11146] binder: 11141:11146 ioctl 40046207 0 returned -16 [ 432.255269][T11161] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 432.264196][T11161] binder_alloc: allocated: 2704 (num: 108 largest: 32), free: 9584 (num: 2 largest: 9576) [ 432.300331][T11161] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 432.315709][T11161] binder_alloc: allocated: 2704 (num: 108 largest: 32), free: 9584 (num: 2 largest: 9576) 08:47:25 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x48, 0x0, &(0x7f0000000700)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae420e087d59c0c7be7fcad1abb7e1f8f446f373f611ca1ee9c2231708e18a47bc68a2a79a0b48931f6ff6d"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x7400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x15, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:25 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:25 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 432.813471][ T17] binder: release 11141:11142 transaction 691 out, still active [ 432.844239][T11172] binder: 11169:11172 got transaction with invalid offset (0, min 0 max 0) or object. [ 432.858234][T11177] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 432.874029][T11179] binder: 11179 RLIMIT_NICE not set [ 432.886079][T11179] binder: BINDER_SET_CONTEXT_MGR already set [ 432.892568][T11177] binder_alloc: allocated: 2712 (num: 109 largest: 32), free: 9576 (num: 1 largest: 9576) 08:47:25 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:25 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x15, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 432.908714][T11179] binder: 11178:11179 ioctl 40046207 0 returned -16 08:47:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x7a00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x15, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 433.056342][T11192] binder: 11191:11192 got transaction with invalid offset (0, min 0 max 0) or object. [ 433.080704][T11192] binder_transaction: 22 callbacks suppressed [ 433.080736][T11192] binder: 11191:11192 transaction failed 29201/-22, size 0-8 line 3241 [ 433.094808][T11192] binder: 11191:11192 got transaction with invalid offset (0, min 0 max 0) or object. [ 433.105832][ T17] binder_release_work: 22 callbacks suppressed [ 433.105840][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 433.135762][T11192] binder: 11191:11192 transaction failed 29201/-22, size 0-8 line 3241 [ 433.144702][T11194] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 433.160264][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 433.171368][T11194] binder_alloc: allocated: 2736 (num: 109 largest: 32), free: 9552 (num: 2 largest: 9544) [ 433.223188][T11194] binder: 11193:11194 transaction failed 29201/-28, size 0-12288 line 3147 [ 433.249190][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:26 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x48, 0x0, &(0x7f0000000700)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae420e087d59c0c7be7fcad1abb7e1f8f446f373f611ca1ee9c2231708e18a47bc68a2a79a0b48931f6ff6d"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:26 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:26 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x3, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:26 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 433.670838][ T5] binder: release 11178:11179 transaction 698 out, still active [ 433.709730][T11209] binder_alloc: allocated: 2736 (num: 109 largest: 32), free: 9552 (num: 2 largest: 9544) 08:47:26 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:26 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 433.763139][T11215] binder: 11215 RLIMIT_NICE not set [ 433.763315][T11210] binder: 11205:11210 got transaction with invalid offset (0, min 0 max 0) or object. [ 433.783636][T11209] binder: 11208:11209 transaction failed 29201/-28, size 0-12288 line 3147 08:47:26 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x3, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 433.808152][T11210] binder: 11205:11210 transaction failed 29201/-22, size 0-8 line 3241 [ 433.822742][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:26 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 433.891875][ T5] binder: undelivered TRANSACTION_ERROR: 29201 08:47:26 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x3, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 433.980324][T11228] binder: 11227:11228 transaction failed 29201/-28, size 0-12288 line 3147 [ 434.028349][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:27 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:27 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:27 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:27 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 434.557144][ T17] binder: release 11214:11215 transaction 706 out, still active [ 434.607166][T11242] binder: 11241:11242 got transaction with invalid offset (0, min 0 max 0) or object. [ 434.618731][T11247] binder: 11246:11247 transaction failed 29201/-28, size 0-12288 line 3147 08:47:27 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x15, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:27 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:27 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 434.650120][T11242] binder: 11241:11242 transaction failed 29201/-22, size 0-8 line 3241 [ 434.670300][T11247] binder: 11246:11247 transaction failed 29201/-28, size 0-12288 line 3147 [ 434.681740][ T17] binder: release 11249:11250 transaction 712 out, still active [ 434.718485][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 434.724758][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:27 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x15, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:27 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:27 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 434.779448][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:27 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 434.872439][T11271] binder: 11270:11271 got transaction with invalid offset (0, min 0 max 0) or object. [ 434.920015][ T17] binder: release 11267:11269 transaction 717 out, still active [ 434.925091][T11276] binder_alloc_new_buf_locked: 4 callbacks suppressed [ 434.925101][T11276] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 434.952650][T11276] binder: 11274:11276 transaction failed 29201/-28, size 0-12288 line 3147 08:47:27 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x15, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:27 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:27 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x3, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 434.974529][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:27 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:27 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x3, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:27 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 435.127870][ T17] binder: release 11288:11289 transaction 721 out, still active 08:47:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:27 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:27 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:27 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x3, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:27 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 435.263077][T11305] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:27 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 435.347031][T11305] binder_alloc_new_buf_locked: 4 callbacks suppressed [ 435.347049][T11305] binder_alloc: allocated: 2864 (num: 113 largest: 32), free: 9424 (num: 2 largest: 9416) 08:47:27 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:27 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 435.406993][ T17] binder: release 11306:11307 transaction 726 out, still active 08:47:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:28 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x15, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:28 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 435.584083][ T5] binder: release 11330:11331 transaction 730 out, still active 08:47:28 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 435.635143][T11341] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x15, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:28 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x2}, 0x48) [ 435.696278][T11341] binder_alloc: allocated: 2928 (num: 115 largest: 32), free: 9360 (num: 2 largest: 9352) 08:47:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x4800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x3, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x15, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:28 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x3, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) [ 436.019395][T11368] binder_transaction: 3 callbacks suppressed [ 436.019410][T11368] binder: 11364:11368 got transaction with invalid offset (0, min 0 max 0) or object. [ 436.036266][T11370] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x9, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:28 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) unlink(&(0x7f0000000940)='./file0\x00') ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:28 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x3}, 0x48) [ 436.075327][T11370] binder_alloc: allocated: 2936 (num: 116 largest: 32), free: 9352 (num: 1 largest: 9352) [ 436.108057][T11368] binder: 11364:11368 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x3, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x9, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:28 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x7}, 0x48) 08:47:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 436.272321][T11387] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:28 executing program 1: socket$rxrpc(0x21, 0x2, 0xa) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 436.318107][T11387] binder_alloc: allocated: 2928 (num: 115 largest: 32), free: 9360 (num: 2 largest: 9352) 08:47:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:28 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xa}, 0x48) [ 436.404062][T11399] binder: 11395:11399 got transaction with invalid offset (0, min 0 max 0) or object. [ 436.425441][T11387] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 436.445919][T11404] binder: 11403:11404 unknown command 16448 08:47:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x9, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 436.463096][T11387] binder_alloc: allocated: 2936 (num: 116 largest: 32), free: 9352 (num: 1 largest: 9352) [ 436.469608][T11404] binder: 11403:11404 ioctl c0306201 20000040 returned -22 [ 436.477282][ T5] binder: release 11401:11402 transaction 741 out, still active 08:47:29 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x300}, 0x48) 08:47:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x6800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:29 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:29 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x700}, 0x48) [ 436.648999][T11420] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 436.696566][T11420] binder_alloc: allocated: 2960 (num: 116 largest: 32), free: 9328 (num: 2 largest: 9320) 08:47:29 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 436.751694][T11430] binder: 11428:11430 unknown command 16448 [ 436.772114][T11430] binder: 11428:11430 ioctl c0306201 20000040 returned -22 [ 436.786577][T11421] binder: 11418:11421 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:29 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xa00}, 0x48) [ 436.797158][ T5] binder: release 11414:11423 transaction 746 out, still active 08:47:29 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:29 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:29 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x9, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:29 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 436.983974][T11450] binder: 11447:11450 got transaction with invalid offset (0, min 0 max 0) or object. [ 436.986924][T11451] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 436.996322][T11452] binder: 11448:11452 unknown command 16448 08:47:29 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x3f00}, 0x48) [ 437.046543][T11452] binder: 11448:11452 ioctl c0306201 20000040 returned -22 08:47:29 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x9, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:29 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 437.113621][T11451] binder_alloc: allocated: 3000 (num: 118 largest: 32), free: 9288 (num: 1 largest: 9288) 08:47:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x7400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:29 executing program 4: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:29 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x4000}, 0x48) 08:47:29 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x9, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 437.281374][T11473] binder: 11471:11473 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:29 executing program 4: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:29 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xff00}, 0x48) [ 437.357250][T11475] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 437.385978][T11475] binder_alloc: allocated: 2992 (num: 117 largest: 32), free: 9296 (num: 2 largest: 9288) 08:47:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 437.451053][T11491] binder: 11488:11491 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:30 executing program 4: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:30 executing program 1: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:30 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x1000000}, 0x48) 08:47:30 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 437.638767][T11510] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 437.676900][T11510] binder_alloc: allocated: 3024 (num: 118 largest: 32), free: 9264 (num: 2 largest: 9256) 08:47:30 executing program 1: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 437.701883][T11513] binder: 11511:11513 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:30 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x2000000}, 0x48) 08:47:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:30 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:30 executing program 1: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 437.862512][T11530] binder_alloc: allocated: 3024 (num: 118 largest: 32), free: 9264 (num: 2 largest: 9256) 08:47:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:30 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x3000000}, 0x48) [ 437.939831][T11534] binder: 11532:11534 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:30 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 08:47:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 438.073193][T11534] binder: 11532:11534 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:30 executing program 4: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 438.156797][T11534] binder_transaction: 25 callbacks suppressed [ 438.156815][T11534] binder: 11532:11534 transaction failed 29201/-22, size 0-8 line 3241 [ 438.163112][ T17] binder_release_work: 25 callbacks suppressed [ 438.163118][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 438.199378][T11559] binder: 11558:11559 ioctl c0306201 0 returned -14 08:47:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:30 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x7000000}, 0x48) 08:47:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) [ 438.228507][T11561] binder: 11556:11561 transaction failed 29201/-28, size 0-12288 line 3147 08:47:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 438.312340][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 438.334818][T11571] binder: 11570:11571 transaction failed 29201/-22, size 0-8 line 3241 08:47:30 executing program 4: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:30 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xa000000}, 0x48) 08:47:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 438.359408][T11573] binder: 11572:11573 ioctl c0306201 0 returned -14 [ 438.372820][ T5] binder: undelivered TRANSACTION_ERROR: 29201 08:47:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 438.454305][T11581] binder: 11579:11581 transaction failed 29201/-28, size 0-12288 line 3147 08:47:31 executing program 0: socket$rxrpc(0x21, 0x2, 0xa) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:31 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x3f000000}, 0x48) [ 438.540868][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 438.577321][T11591] binder: 11589:11591 transaction failed 29201/-22, size 0-8 line 3241 08:47:31 executing program 4: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 438.586383][T11592] binder: 11590:11592 ioctl c0306201 0 returned -14 [ 438.650200][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 438.673841][T11602] binder: 11601:11602 transaction failed 29201/-28, size 0-12288 line 3147 [ 438.687136][ T17] binder_thread_release: 1 callbacks suppressed 08:47:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) 08:47:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 438.687148][ T17] binder: release 11596:11598 transaction 768 out, still active 08:47:31 executing program 0: socket$rxrpc(0x21, 0x2, 0xa) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 438.754216][ T5] binder: undelivered TRANSACTION_ERROR: 29201 08:47:31 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x40000000}, 0x48) 08:47:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 438.794939][T11611] binder: 11610:11611 transaction failed 29201/-22, size 0-8 line 3241 08:47:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) [ 438.864897][ T17] binder: release 11613:11616 transaction 773 out, still active [ 438.883440][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:31 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x80ffffff}, 0x48) 08:47:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:31 executing program 0: socket$rxrpc(0x21, 0x2, 0xa) r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 438.909655][T11621] binder: 11619:11621 ioctl c0306201 0 returned -14 [ 438.973100][T11625] binder: 11622:11625 transaction failed 29201/-28, size 0-12288 line 3147 08:47:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 439.018816][T11634] binder: 11632:11634 transaction failed 29201/-22, size 0-8 line 3241 08:47:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) [ 439.067843][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 439.083008][ T17] binder: release 11636:11637 transaction 778 out, still active [ 439.089386][T11639] binder: 11638:11639 ioctl c0306201 0 returned -14 08:47:31 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x90ffffff}, 0x48) 08:47:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 08:47:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x600, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 439.129486][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:31 executing program 0: socket$rxrpc(0x21, 0x2, 0xa) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 08:47:31 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xff000000}, 0x48) [ 439.230826][T11655] binder: 11652:11655 transaction failed 29201/-28, size 0-12288 line 3147 [ 439.259677][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 439.271047][T11659] binder: 11657:11659 ioctl c0306201 0 returned -14 08:47:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:31 executing program 0: socket$rxrpc(0x21, 0x2, 0xa) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 08:47:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x2, 0x0, 0x0, 0x0, &(0x7f0000000300)}) 08:47:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:32 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xffffff80}, 0x48) 08:47:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:32 executing program 0: socket$rxrpc(0x21, 0x2, 0xa) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 08:47:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x2, 0x0, 0x0, 0x0, &(0x7f0000000300)}) 08:47:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:32 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xffffff90}, 0x48) 08:47:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x2, 0x0, 0x0, 0x0, &(0x7f0000000300)}) 08:47:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 439.858247][ T5] binder: release 11721:11722 transaction 792 out, still active 08:47:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x2, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) 08:47:32 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x1000000000000}, 0x48) 08:47:32 executing program 0: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 440.000671][T11728] binder_alloc_new_buf_locked: 13 callbacks suppressed [ 440.000681][T11728] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:32 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x100000000000000}, 0x48) 08:47:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:32 executing program 0: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x2, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) 08:47:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 440.166058][T11748] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x2, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) 08:47:32 executing program 0: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:32 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x200000000000000}, 0x48) 08:47:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:32 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:32 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x300000000000000}, 0x48) [ 440.432748][T11774] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 440.472446][T11774] binder_alloc_new_buf_locked: 14 callbacks suppressed 08:47:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x4c00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 440.472463][T11774] binder_alloc: allocated: 3152 (num: 122 largest: 32), free: 9136 (num: 2 largest: 9128) [ 440.520081][T11782] binder: 11781:11782 unknown command 16448 [ 440.569848][T11782] binder: 11781:11782 ioctl c0306201 20000040 returned -22 08:47:33 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x700000000000000}, 0x48) 08:47:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 440.613370][ T17] binder: release 11788:11789 transaction 807 out, still active 08:47:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:33 executing program 0: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:33 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xa00000000000000}, 0x48) 08:47:33 executing program 0: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x6800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 440.796332][T11814] binder: 11807:11814 unknown command 16448 [ 440.824098][T11814] binder: 11807:11814 ioctl c0306201 20000040 returned -22 08:47:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x2, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 08:47:33 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x3f00000000000000}, 0x48) 08:47:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x6c00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:33 executing program 0: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 441.017618][T11928] binder: 11927:11928 unknown command 16448 08:47:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 441.084977][T11935] binder_transaction: 22 callbacks suppressed [ 441.084988][T11935] binder: 11934:11935 got transaction with invalid offset (0, min 0 max 0) or object. [ 441.106462][T11928] binder: 11927:11928 ioctl c0306201 20000040 returned -22 [ 441.117287][T11939] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:33 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x4000000000000000}, 0x48) [ 441.146927][T11939] binder_alloc: allocated: 3192 (num: 124 largest: 32), free: 9096 (num: 1 largest: 9096) [ 441.177598][T11941] binder: 11940:11941 got transaction with invalid offset (0, min 0 max 24) or object. 08:47:33 executing program 4: unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x48, 0x0, &(0x7f0000000700)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae420e087d59c0c7be7fcad1abb7e1f8f446f373f611ca1ee9c2231708e18a47bc68a2a79a0b48931f6ff6d"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done], 0xfffffffffffffeb3, 0x0, &(0x7f00000007c0)}) [ 441.188957][T11935] binder: 11934:11935 got transaction with invalid offset (0, min 0 max 0) or object. [ 441.212666][T11948] binder: 11947:11948 ioctl c0306201 0 returned -14 08:47:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:33 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x80ffffff00000000}, 0x48) 08:47:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x7400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 441.324578][T11952] binder: 11952 RLIMIT_NICE not set [ 441.367681][T11960] binder: 11959:11960 got transaction with invalid offset (0, min 0 max 24) or object. [ 441.383615][T11962] binder: 11957:11962 got transaction with invalid offset (0, min 0 max 0) or object. [ 441.390170][T11966] binder: BINDER_SET_CONTEXT_MGR already set 08:47:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x7a00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x90ffffff00000000}, 0x48) [ 441.435014][T11966] binder: 11951:11966 ioctl 40046207 0 returned -16 [ 441.435241][T11965] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 441.460454][T11969] binder: 11968:11969 ioctl c0306201 0 returned -14 [ 441.470991][T11965] binder_alloc: allocated: 3184 (num: 123 largest: 32), free: 9104 (num: 2 largest: 9096) 08:47:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 08:47:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x600, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 441.534303][T12029] binder: 12016:12029 got transaction with invalid offset (0, min 0 max 24) or object. [ 441.562118][T12043] binder: 12038:12043 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xff00000000000000}, 0x48) 08:47:34 executing program 4: unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x48, 0x0, &(0x7f0000000700)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae420e087d59c0c7be7fcad1abb7e1f8f446f373f611ca1ee9c2231708e18a47bc68a2a79a0b48931f6ff6d"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done], 0xfffffffffffffeb3, 0x0, &(0x7f00000007c0)}) 08:47:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 441.638914][T12088] binder: 12087:12088 ioctl c0306201 0 returned -14 [ 441.669163][T12091] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xffffffff00000000}, 0x48) [ 441.747536][T12091] binder_alloc: allocated: 3184 (num: 123 largest: 32), free: 9104 (num: 2 largest: 9096) [ 441.773037][T12096] binder: 12096 RLIMIT_NICE not set 08:47:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) [ 441.791164][ T17] binder: release 12097:12098 transaction 824 out, still active [ 441.822271][T12104] binder: BINDER_SET_CONTEXT_MGR already set [ 441.825510][ T17] binder: undelivered TRANSACTION_COMPLETE 08:47:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 441.866535][T12107] binder: 12103:12107 got transaction with invalid offset (0, min 0 max 0) or object. [ 441.879476][T12104] binder: 12095:12104 ioctl 40046207 0 returned -16 08:47:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x2}, 0x48) [ 441.919262][ T17] binder: release 12156:12159 transaction 826 out, still active [ 441.937216][ T17] binder: undelivered TRANSACTION_COMPLETE 08:47:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) 08:47:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 441.977044][T12174] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 442.000571][T12174] binder_alloc: allocated: 3232 (num: 125 largest: 32), free: 9056 (num: 2 largest: 9048) 08:47:34 executing program 4: unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x48, 0x0, &(0x7f0000000700)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae420e087d59c0c7be7fcad1abb7e1f8f446f373f611ca1ee9c2231708e18a47bc68a2a79a0b48931f6ff6d"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done], 0xfffffffffffffeb3, 0x0, &(0x7f00000007c0)}) 08:47:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x3}, 0x48) [ 442.065511][T12107] binder: 12103:12107 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 442.138150][ T5] binder: release 12224:12226 transaction 829 out, still active [ 442.146106][ T5] binder: undelivered TRANSACTION_COMPLETE 08:47:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) [ 442.179334][T12231] binder: 12231 RLIMIT_NICE not set 08:47:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 442.206905][T12235] binder: 12233:12235 got transaction with invalid offset (0, min 0 max 0) or object. [ 442.227528][T12238] binder: BINDER_SET_CONTEXT_MGR already set 08:47:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x7}, 0x48) [ 442.270007][T12238] binder: 12229:12238 ioctl 40046207 0 returned -16 [ 442.305179][ T5] binder: release 12243:12245 transaction 831 out, still active 08:47:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 08:47:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 442.313931][T12248] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 442.316303][ T5] binder: undelivered TRANSACTION_COMPLETE [ 442.343018][T12248] binder_alloc: allocated: 3280 (num: 127 largest: 32), free: 9008 (num: 2 largest: 9000) 08:47:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xa}, 0x48) 08:47:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:35 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x2}, 0x48) [ 442.467568][ T5] binder: release 12355:12356 transaction 834 out, still active [ 442.475283][ T5] binder: undelivered TRANSACTION_COMPLETE 08:47:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) [ 442.595714][ T5] binder: undelivered TRANSACTION_COMPLETE [ 442.601027][T12373] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:35 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x300}, 0x48) 08:47:35 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x2}, 0x48) 08:47:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) [ 442.636097][T12373] binder_alloc: allocated: 3328 (num: 129 largest: 32), free: 8960 (num: 2 largest: 8952) 08:47:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 08:47:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 442.750572][ T5] binder: unexpected work type, 4, not freed [ 442.758021][ T5] binder: undelivered TRANSACTION_COMPLETE 08:47:35 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x2}, 0x48) 08:47:35 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x700}, 0x48) 08:47:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:35 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 442.965594][T12406] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:35 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xa00}, 0x48) 08:47:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 443.006255][T12406] binder_alloc: allocated: 3360 (num: 130 largest: 32), free: 8928 (num: 2 largest: 8920) 08:47:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:35 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 443.206090][T12428] binder_transaction: 52 callbacks suppressed [ 443.206108][T12428] binder: 12427:12428 transaction failed 29201/-22, size 0-8 line 3241 08:47:35 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x3f00}, 0x48) 08:47:35 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 443.265854][T12434] binder_alloc: allocated: 3360 (num: 130 largest: 32), free: 8928 (num: 2 largest: 8920) [ 443.295002][ T5] binder_release_work: 47 callbacks suppressed [ 443.295009][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 443.298212][T12434] binder: 12433:12434 transaction failed 29201/-28, size 0-12288 line 3147 08:47:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 443.315910][T12438] binder: 12437:12438 transaction failed 29201/-22, size 24-8 line 3241 [ 443.328851][T12436] binder: 12435:12436 transaction failed 29201/-22, size 0-8 line 3241 08:47:35 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x4000}, 0x48) 08:47:35 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x2}, 0x48) [ 443.375282][T12436] binder: 12435:12436 transaction failed 29201/-22, size 0-8 line 3241 [ 443.378727][T12447] binder: 12446:12447 transaction failed 29201/-22, size 0-8 line 3241 [ 443.408444][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4c00, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 443.457212][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 443.480676][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0xa000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:36 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 443.507235][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xff00}, 0x48) 08:47:36 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x2}, 0x48) [ 443.548016][T12457] binder_alloc: allocated: 3360 (num: 130 largest: 32), free: 8928 (num: 2 largest: 8920) [ 443.580112][T12457] binder: 12456:12457 transaction failed 29201/-28, size 0-12288 line 3147 08:47:36 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) [ 443.637699][T12462] binder: 12460:12462 transaction failed 29201/-22, size 0-8 line 3241 [ 443.653394][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x1000000}, 0x48) 08:47:36 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x2}, 0x48) [ 443.698190][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 443.711636][T12472] binder: 12471:12472 transaction failed 29201/-22, size 0-8 line 3241 08:47:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6800, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 443.786570][ T5] binder: undelivered TRANSACTION_ERROR: 29201 08:47:36 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:36 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 443.854905][T12484] binder: 12483:12484 transaction failed 29201/-22, size 0-8 line 3241 [ 443.884235][ T5] binder: undelivered TRANSACTION_ERROR: 29201 08:47:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x2000000}, 0x48) 08:47:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6c00, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 443.928701][ T5] binder: undelivered TRANSACTION_ERROR: 29201 08:47:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:36 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7400, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000200), &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:36 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x3000000}, 0x48) 08:47:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7a00, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x7000000}, 0x48) 08:47:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:36 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:36 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x300000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:37 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xa000000}, 0x48) 08:47:37 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x4c000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:37 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:37 executing program 1: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:37 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x3f000000}, 0x48) 08:47:37 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:37 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0}, 0x48) 08:47:37 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x40000000}, 0x48) 08:47:37 executing program 1: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x68000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:37 executing program 1: syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 08:47:37 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x80ffffff}, 0x48) [ 445.136478][T12596] binder_alloc_new_buf_locked: 12 callbacks suppressed [ 445.136489][T12596] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x6c000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 445.182953][ T5] binder_thread_release: 2 callbacks suppressed [ 445.182964][ T5] binder: release 12597:12598 transaction 883 out, still active 08:47:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 445.237160][T12605] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 445.248604][ T5] binder: undelivered TRANSACTION_COMPLETE 08:47:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 08:47:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x74000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:37 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x90ffffff}, 0x48) [ 445.391466][T12621] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 445.405114][ T17] binder: release 12615:12616 transaction 886 out, still active [ 445.426841][T12620] binder: 12618:12620 ioctl c0306201 0 returned -14 [ 445.437378][ T17] binder: undelivered TRANSACTION_COMPLETE 08:47:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 08:47:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x5000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:38 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xff000000}, 0x48) [ 445.465811][T12625] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 445.486204][T12625] binder_alloc_new_buf_locked: 13 callbacks suppressed [ 445.486222][T12625] binder_alloc: allocated: 3408 (num: 132 largest: 32), free: 8880 (num: 2 largest: 8872) 08:47:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x7a000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 445.604618][T12639] binder: 12634:12639 ioctl c0306201 0 returned -14 [ 445.625491][T12641] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 445.638322][T12641] binder_alloc: allocated: 3408 (num: 132 largest: 32), free: 8880 (num: 2 largest: 8872) 08:47:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:38 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xffffff80}, 0x48) [ 445.657130][ T17] binder: release 12632:12642 transaction 892 out, still active [ 445.664828][ T17] binder: undelivered TRANSACTION_COMPLETE 08:47:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 08:47:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 445.831488][T12655] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 445.856554][T12655] binder_alloc: allocated: 3432 (num: 133 largest: 32), free: 8856 (num: 2 largest: 8848) [ 445.872434][T12657] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:38 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xffffff90}, 0x48) [ 445.886886][T12657] binder_alloc: allocated: 3432 (num: 133 largest: 32), free: 8856 (num: 2 largest: 8848) [ 445.901868][T12661] binder: 12656:12661 ioctl c0306201 0 returned -14 [ 445.914273][ T5] binder: release 12658:12659 transaction 896 out, still active [ 445.922371][T12655] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, &(0x7f00000003c0)}) [ 445.948702][T12655] binder_alloc: allocated: 3456 (num: 134 largest: 32), free: 8832 (num: 2 largest: 8824) 08:47:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) 08:47:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 446.030328][ T5] binder: release 12671:12672 transaction 899 out, still active 08:47:38 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x1000000000000}, 0x48) 08:47:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:38 executing program 4: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) [ 446.164815][T12683] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:38 executing program 4: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:38 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x100000000000000}, 0x48) [ 446.231202][T12683] binder_alloc: allocated: 3480 (num: 135 largest: 32), free: 8808 (num: 2 largest: 8800) [ 446.261803][T12694] binder_transaction: 36 callbacks suppressed [ 446.261819][T12694] binder: 12689:12694 got transaction with invalid offset (0, min 0 max 0) or object. [ 446.281514][ T17] binder: release 12692:12693 transaction 903 out, still active 08:47:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}) 08:47:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:38 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x200000000000000}, 0x48) [ 446.421303][T12709] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:38 executing program 4: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 08:47:39 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x300000000000000}, 0x48) [ 446.497920][T12709] binder_alloc: allocated: 3504 (num: 136 largest: 32), free: 8784 (num: 2 largest: 8776) [ 446.545371][T12712] binder: 12711:12712 got transaction with invalid offset (0, min 0 max 0) or object. [ 446.557757][ T5] binder: release 12705:12714 transaction 906 out, still active [ 446.584318][ T5] binder: unexpected work type, 4, not freed 08:47:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x4c}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:39 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:39 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 08:47:39 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x700000000000000}, 0x48) 08:47:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x4c}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 446.745756][T12734] binder: 12733:12734 got transaction with invalid offset (0, min 0 max 0) or object. [ 446.775984][T12738] binder_alloc: allocated: 3544 (num: 138 largest: 32), free: 8744 (num: 1 largest: 8744) 08:47:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, &(0x7f00000003c0)}) 08:47:39 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x4c}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 446.873411][T12738] binder_alloc: allocated: 3536 (num: 137 largest: 32), free: 8752 (num: 2 largest: 8744) 08:47:39 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:39 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xa00000000000000}, 0x48) 08:47:39 executing program 4: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x4c}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:39 executing program 4: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:39 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x3f00000000000000}, 0x48) [ 447.043802][T12764] binder: 12758:12764 got transaction with invalid offset (0, min 0 max 0) or object. [ 447.079006][T12767] binder_alloc: allocated: 3544 (num: 138 largest: 32), free: 8744 (num: 1 largest: 8744) 08:47:39 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:39 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x4000000000000000}, 0x48) [ 447.166154][T12770] binder: 12769:12770 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:39 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:39 executing program 4: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:39 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:39 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x80ffffff00000000}, 0x48) [ 447.331051][T12791] binder: 12788:12791 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x68000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:39 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:39 executing program 4: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 447.433041][T12803] binder: 12802:12803 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0xa00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:40 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x90ffffff00000000}, 0x48) 08:47:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f00000003c0)}) 08:47:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 447.593814][T12818] binder: 12815:12818 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 08:47:40 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xff00000000000000}, 0x48) 08:47:40 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x4c}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 447.683825][ T17] binder: release 12822:12826 transaction 920 out, still active [ 447.707286][ T17] binder_release_work: 4 callbacks suppressed [ 447.707292][ T17] binder: undelivered TRANSACTION_COMPLETE 08:47:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 08:47:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 447.762485][T12834] binder: 12829:12834 ioctl c0306201 0 returned -14 08:47:40 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x4c}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x74000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 447.819956][ T5] binder: release 12837:12838 transaction 922 out, still active 08:47:40 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xffffffff00000000}, 0x48) [ 447.865079][ T5] binder: undelivered TRANSACTION_COMPLETE [ 447.875202][T12840] binder: 12839:12840 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 08:47:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 08:47:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:40 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x4c}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:40 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x2}, 0x48) [ 448.004085][T12853] binder: 12852:12853 ioctl c0306201 0 returned -14 [ 448.037660][ T17] binder: release 12854:12856 transaction 925 out, still active 08:47:40 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 448.088288][ T17] binder: undelivered TRANSACTION_COMPLETE 08:47:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 448.129126][T12867] binder: 12865:12867 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x30000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:40 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x3}, 0x48) 08:47:40 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 448.180682][ T17] binder: undelivered TRANSACTION_COMPLETE [ 448.207484][T12873] binder: 12872:12873 ioctl c0306201 0 returned -14 08:47:40 executing program 1: r0 = shmget(0xffffffffffffffff, 0x3000, 0x0, &(0x7f0000ffb000/0x3000)=nil) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f0000001940)=""/227) [ 448.252177][T12867] binder_transaction: 56 callbacks suppressed [ 448.252195][T12867] binder: 12865:12867 transaction failed 29201/-22, size 0-8 line 3241 [ 448.270576][T12877] binder: 12876:12877 transaction failed 29201/-28, size 0-12288 line 3147 08:47:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}) 08:47:40 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000dc9ff0)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='lo\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) 08:47:40 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x7}, 0x48) [ 448.346831][ T5] binder_release_work: 52 callbacks suppressed [ 448.346838][ T5] binder: undelivered TRANSACTION_ERROR: 29201 08:47:40 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 448.407305][ T5] binder: undelivered TRANSACTION_ERROR: 29201 08:47:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}) [ 448.489614][T12901] binder: 12900:12901 transaction failed 29201/-28, size 0-12288 line 3147 08:47:41 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xa}, 0x48) 08:47:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}) 08:47:41 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 448.558433][ T17] binder: undelivered TRANSACTION_ERROR: 29201 [ 448.572754][T12906] binder: 12903:12906 transaction failed 29201/-22, size 0-8 line 3241 08:47:41 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) 08:47:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:41 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x300}, 0x48) 08:47:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) [ 448.697449][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 448.728758][T12919] binder: 12918:12919 transaction failed 29201/-28, size 0-12288 line 3147 08:47:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x4800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:41 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) 08:47:41 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x4c}}, 0x0}, 0x48) [ 448.823751][ T5] binder: undelivered TRANSACTION_ERROR: 29201 [ 448.829791][T12929] binder: 12928:12929 transaction failed 29201/-22, size 0-8 line 3241 08:47:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:41 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x700}, 0x48) 08:47:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) [ 448.925934][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:41 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x4c}}, 0x0}, 0x48) 08:47:41 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) 08:47:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 448.997357][T12942] binder: 12941:12942 transaction failed 29201/-28, size 0-12288 line 3147 08:47:41 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xa00}, 0x48) [ 449.070228][T12950] binder: 12949:12950 transaction failed 29201/-22, size 0-8 line 3241 [ 449.088247][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) [ 449.133804][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:41 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x4c}}, 0x0}, 0x48) 08:47:41 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) 08:47:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 449.218525][T12961] binder: 12960:12961 transaction failed 29201/-28, size 0-12288 line 3147 08:47:41 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x3f00}, 0x48) [ 449.284617][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:41 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x49) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x54}, 0x1c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getpid() bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) fremovexattr(0xffffffffffffffff, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff11, 0x0, @remote, @local, {[], @udp={0x0, 0x4e20, 0x8}}}}}}, 0x0) 08:47:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 449.357578][T12975] binder: 12974:12975 transaction failed 29201/-22, size 0-8 line 3241 08:47:41 executing program 1: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000140)}, 0x10) 08:47:41 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x4000}, 0x48) [ 449.434288][ T5] binder: undelivered TRANSACTION_ERROR: 29201 08:47:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x6800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:42 executing program 1: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000140)}, 0x10) 08:47:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:42 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xff00}, 0x48) 08:47:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:42 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000000000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='ip6tnl0\x00', 0x10) sendto$inet(r0, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 08:47:42 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1000000}, 0x48) 08:47:42 executing program 1: bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000140)}, 0x10) 08:47:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:42 executing program 1: r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) 08:47:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:42 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x2000000}, 0x48) 08:47:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x7400000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:42 executing program 1: r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) [ 450.009756][ T17] binder: undelivered TRANSACTION_COMPLETE 08:47:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:42 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x200000201, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000200)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) r2 = dup2(r0, r1) execve(&(0x7f00000002c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) open$dir(&(0x7f00000000c0)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 08:47:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:42 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x3000000}, 0x48) 08:47:42 executing program 1: r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) [ 450.180080][T13264] binder_alloc_new_buf_locked: 17 callbacks suppressed [ 450.180090][T13264] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:42 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x0, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) 08:47:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 450.286978][ T5] binder_thread_release: 2 callbacks suppressed [ 450.286990][ T5] binder: release 13266:13268 transaction 953 out, still active 08:47:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:42 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x7000000}, 0x48) [ 450.332838][ T5] binder: undelivered TRANSACTION_COMPLETE 08:47:42 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x0, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) 08:47:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 450.460253][ T5] binder: release 13345:13346 transaction 955 out, still active [ 450.462412][T13371] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 450.474314][ T5] binder: undelivered TRANSACTION_COMPLETE 08:47:43 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x1000000000000191, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/ip6_mr_cache\x00') ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) 08:47:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:43 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xa000000}, 0x48) [ 450.541324][T13371] binder_alloc_new_buf_locked: 15 callbacks suppressed [ 450.541339][T13371] binder_alloc: allocated: 3592 (num: 144 largest: 32), free: 8696 (num: 1 largest: 8696) 08:47:43 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x0, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) 08:47:43 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x3f000000}, 0x48) 08:47:43 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x0, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) [ 450.677003][ T17] binder: release 13401:13403 transaction 958 out, still active [ 450.684961][ T17] binder: undelivered TRANSACTION_COMPLETE 08:47:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:43 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x0, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) [ 450.788619][ T5] binder: release 13484:13486 transaction 959 out, still active [ 450.824846][ T5] binder: undelivered TRANSACTION_COMPLETE 08:47:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:43 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40000000}, 0x48) 08:47:43 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r1 = dup(r0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) write$binfmt_elf32(r1, 0x0, 0x0) [ 450.892603][T13520] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0x0, 0x0, &(0x7f0000000300)}) [ 450.976932][T13520] binder_alloc: allocated: 3608 (num: 146 largest: 32), free: 8680 (num: 1 largest: 8680) 08:47:43 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x0, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) 08:47:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 451.027307][ T17] binder: release 13537:13538 transaction 963 out, still active [ 451.035051][ T17] binder: undelivered TRANSACTION_COMPLETE 08:47:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:43 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x80ffffff}, 0x48) 08:47:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:43 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x0, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) 08:47:43 executing program 0: mknod(&(0x7f0000000140)='./file1\x00', 0x88, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000280)='./file1\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) clone(0x1ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) getsockopt$inet_opts(r1, 0x0, 0x0, 0x0, &(0x7f0000000040)) [ 451.180301][T13642] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 451.207833][T13642] binder_alloc: allocated: 3616 (num: 147 largest: 32), free: 8672 (num: 1 largest: 8672) 08:47:43 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x90ffffff}, 0x48) [ 451.271840][T13650] binder_transaction: 18 callbacks suppressed [ 451.271867][T13650] binder: 13644:13650 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:43 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x0, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) [ 451.331531][T13665] binder: 13662:13665 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:43 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xff000000}, 0x48) 08:47:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:44 executing program 0: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x8a00, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 451.484530][T13683] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:44 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x0, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) 08:47:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xffffff80}, 0x48) [ 451.537807][T13683] binder_alloc: allocated: 3616 (num: 147 largest: 32), free: 8672 (num: 1 largest: 8672) 08:47:44 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x1000000000000191, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/ip6_mr_cache\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) [ 451.583429][T13691] binder: 13688:13691 got transaction with invalid offset (0, min 0 max 0) or object. [ 451.593273][T13690] binder: 13689:13690 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xffffff90}, 0x48) [ 451.709536][T13709] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:44 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) 08:47:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 451.752525][T13709] binder_alloc: allocated: 3616 (num: 147 largest: 32), free: 8672 (num: 1 largest: 8672) [ 451.799950][T13708] binder: 13707:13708 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:44 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) 08:47:44 executing program 0: pipe(&(0x7f00000001c0)) creat(0x0, 0x0) r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) creat(0x0, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7fffffff}) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0xfffffffffffffdbd, &(0x7f00000000c0)=0x1) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) write$P9_RSYMLINK(r0, &(0x7f0000000100)={0x14, 0x11, 0x0, {0x11}}, 0x14) ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0) fgetxattr(r1, &(0x7f0000000000)=@known='trusted.overlay.opaque\x00', &(0x7f0000000180)=""/4, 0x4) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000000c0)) 08:47:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1000000000000}, 0x48) [ 451.867285][T13820] binder: 13819:13820 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:44 executing program 4: 08:47:44 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000140)}, 0x10) 08:47:44 executing program 4: [ 452.013753][T13830] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 452.046458][T13830] binder_alloc: allocated: 3616 (num: 147 largest: 32), free: 8672 (num: 1 largest: 8672) 08:47:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100000000000000}, 0x48) 08:47:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:44 executing program 0: 08:47:44 executing program 4: 08:47:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:44 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) 08:47:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x200000000000000}, 0x48) [ 452.226002][T13846] binder: 13845:13846 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x300000000000000}, 0x48) 08:47:44 executing program 4: [ 452.423833][T13860] binder: 13858:13860 got transaction with invalid offset (0, min 0 max 0) or object. [ 452.435374][T13861] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:44 executing program 0: 08:47:45 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) [ 452.508194][T13861] binder_alloc: allocated: 3624 (num: 148 largest: 32), free: 8664 (num: 1 largest: 8664) 08:47:45 executing program 4: 08:47:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:45 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) 08:47:45 executing program 0: 08:47:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:45 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x700000000000000}, 0x48) 08:47:45 executing program 4: [ 452.670692][T13876] binder: 13874:13876 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:45 executing program 4: 08:47:45 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xa00000000000000}, 0x48) 08:47:45 executing program 0: 08:47:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:45 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000140)}, 0x10) [ 452.870732][T13896] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:45 executing program 4: [ 452.915413][T13896] binder_alloc: allocated: 3616 (num: 147 largest: 32), free: 8672 (num: 1 largest: 8672) 08:47:45 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x3f00000000000000}, 0x48) [ 452.957432][T13900] binder: 13899:13900 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:45 executing program 4: 08:47:45 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000140)}, 0x10) 08:47:45 executing program 0: 08:47:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:45 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000140)}, 0x10) 08:47:45 executing program 4: 08:47:45 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x4000000000000000}, 0x48) 08:47:45 executing program 0: 08:47:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:45 executing program 4: 08:47:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:45 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, 0x0}, 0x10) [ 453.307741][T13931] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:45 executing program 0: 08:47:45 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x80ffffff00000000}, 0x48) [ 453.379420][T13931] binder_alloc: allocated: 3616 (num: 147 largest: 32), free: 8672 (num: 1 largest: 8672) 08:47:45 executing program 4: 08:47:46 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, 0x0}, 0x10) [ 453.451391][T13940] binder_transaction: 41 callbacks suppressed [ 453.451409][T13940] binder: 13939:13940 transaction failed 29201/-22, size 0-8 line 3241 [ 453.466955][T13931] binder: 13930:13931 transaction failed 29201/-28, size 0-12288 line 3147 [ 453.487048][ T17] binder_release_work: 41 callbacks suppressed [ 453.487055][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:46 executing program 0: 08:47:46 executing program 4: 08:47:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:46 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x90ffffff00000000}, 0x48) [ 453.569587][ T17] binder: undelivered TRANSACTION_ERROR: 29201 08:47:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:46 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x8, 0x101, 0x1}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, 0x0}, 0x10) 08:47:46 executing program 0: [ 453.689581][T13962] binder: 13961:13962 transaction failed 29201/-28, size 0-12288 line 3147 08:47:46 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xff00000000000000}, 0x48) 08:47:46 executing program 4: [ 453.742701][T13964] binder: 13963:13964 transaction failed 29201/-22, size 0-8 line 3241 08:47:46 executing program 0: 08:47:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:46 executing program 4: [ 453.840983][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 453.858888][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:47:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:46 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xffffffff00000000}, 0x48) 08:47:46 executing program 1: [ 453.934862][T13981] binder_alloc: allocated: 3616 (num: 147 largest: 32), free: 8672 (num: 1 largest: 8672) 08:47:46 executing program 0: 08:47:46 executing program 4: [ 454.010022][T13985] binder: 13984:13985 transaction failed 29201/-22, size 0-8 line 3241 [ 454.031182][T13981] binder: 13979:13981 transaction failed 29201/-28, size 0-12288 line 3147 08:47:46 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:46 executing program 1: [ 454.065886][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 454.093889][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:47:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:46 executing program 0: 08:47:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:46 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000140)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) r2 = dup2(r0, r1) clone(0x3102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) ioctl$sock_inet_SIOCGARP(r2, 0x8954, 0x0) 08:47:46 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3}, 0x48) [ 454.240202][T14004] binder: 14002:14004 transaction failed 29201/-22, size 0-8 line 3241 08:47:46 executing program 1: syz_open_dev$sndtimer(&(0x7f0000000140)='/dev/snd/timer\x00', 0x0, 0x6200) 08:47:46 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 454.322204][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 454.332767][T14014] binder: 14008:14014 transaction failed 29201/-28, size 0-12288 line 3147 08:47:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:46 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x7}, 0x48) [ 454.417127][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:47:46 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0xffffffffffffffc9, &(0x7f0000000040)) 08:47:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 454.457651][T14026] binder: 14025:14026 transaction failed 29201/-22, size 0-8 line 3241 08:47:47 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xa}, 0x48) [ 454.511966][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:47:47 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:47 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000240)=0xfff, 0x4) sendto$inet(r0, 0x0, 0x0, 0x20000806, &(0x7f0000001180)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f00000003c0), 0xed5f0dd4, 0x0, 0x0, 0x184) shutdown(r0, 0x400000000000001) [ 454.580410][T14091] binder: 14083:14091 transaction failed 29201/-28, size 0-12288 line 3147 08:47:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x600, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:47 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 454.666502][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:47:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:47 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x300}, 0x48) 08:47:47 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:47 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:47 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x700}, 0x48) 08:47:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:47 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:47 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xa00}, 0x48) 08:47:47 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:47 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3f00}, 0x48) 08:47:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:47 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:47 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:47 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 455.283608][T14201] binder_alloc_new_buf_locked: 6 callbacks suppressed [ 455.283621][T14201] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:47 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48) 08:47:47 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:47 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:47 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xff00}, 0x48) 08:47:48 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:48 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:48 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:47:48 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x48) [ 455.598653][T14232] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:48 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:48 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 455.669279][T14232] binder_alloc_new_buf_locked: 6 callbacks suppressed [ 455.669296][T14232] binder_alloc: allocated: 3616 (num: 147 largest: 32), free: 8672 (num: 1 largest: 8672) 08:47:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:48 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x48) 08:47:48 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:48 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:48 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:48 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:48 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3000000}, 0x48) 08:47:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4c00, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 455.987379][T14269] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 456.044743][T14269] binder_alloc: allocated: 3616 (num: 147 largest: 32), free: 8672 (num: 1 largest: 8672) 08:47:48 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:48 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:48 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x7000000}, 0x48) 08:47:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:48 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x48) 08:47:48 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 456.304803][T14298] binder_transaction: 14 callbacks suppressed [ 456.304818][T14298] binder: 14296:14298 got transaction with invalid offset (0, min 0 max 0) or object. [ 456.331890][T14303] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:48 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 456.396941][T14303] binder_alloc: allocated: 3624 (num: 148 largest: 32), free: 8664 (num: 1 largest: 8664) 08:47:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6800, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:49 executing program 1: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:49 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3f000000}, 0x48) 08:47:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 456.542060][T14320] binder: 14319:14320 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:49 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 456.582566][T14325] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, 0x0}, 0x48) 08:47:49 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x48) 08:47:49 executing program 1: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 456.649809][T14325] binder_alloc: allocated: 3624 (num: 148 largest: 32), free: 8664 (num: 1 largest: 8664) 08:47:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6c00, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:49 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, 0x0}, 0x48) 08:47:49 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x80ffffff}, 0x48) 08:47:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 456.822148][T14346] binder: 14345:14346 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:49 executing program 1: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:49 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, 0x0}, 0x48) [ 456.925820][T14346] binder: 14345:14346 got transaction with invalid offset (0, min 0 max 0) or object. [ 456.931302][T14360] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:49 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x90ffffff}, 0x48) [ 456.989308][T14360] binder_alloc: allocated: 3624 (num: 148 largest: 32), free: 8664 (num: 1 largest: 8664) 08:47:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 08:47:49 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7400, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x700000000000000}, 0x48) 08:47:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:49 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xff000000}, 0x48) [ 457.145319][T14376] binder: 14375:14376 ioctl c0306201 0 returned -14 08:47:49 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 457.223795][T14384] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:49 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 08:47:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 457.271259][T14384] binder_alloc: allocated: 3616 (num: 147 largest: 32), free: 8672 (num: 1 largest: 8672) 08:47:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:49 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xffffff80}, 0x48) 08:47:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7a00, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 457.370143][T14495] binder: 14494:14495 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:49 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 457.435011][T14500] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 457.454696][T14500] binder_alloc: allocated: 3624 (num: 148 largest: 32), free: 8664 (num: 1 largest: 8664) [ 457.474493][T14503] binder: 14498:14503 ioctl c0306201 0 returned -14 08:47:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xffffff90}, 0x48) [ 457.518465][T14509] binder: 14507:14509 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:50 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 08:47:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 457.651650][T14518] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 457.669196][T14522] binder: 14520:14522 ioctl c0306201 0 returned -14 08:47:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1000000000000}, 0x48) 08:47:50 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x3000000}, 0x48) [ 457.697105][T14518] binder_alloc: allocated: 3616 (num: 147 largest: 32), free: 8672 (num: 1 largest: 8672) 08:47:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}) [ 457.750912][T14521] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 457.782623][T14521] binder_alloc: allocated: 3616 (num: 147 largest: 32), free: 8672 (num: 1 largest: 8672) 08:47:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x100000000000000}, 0x48) [ 457.817914][T14529] binder: 14528:14529 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:50 executing program 0: unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x48, 0x0, &(0x7f0000000700)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae420e087d59c0c7be7fcad1abb7e1f8f446f373f611ca1ee9c2231708e18a47bc68a2a79a0b48931f6ff6d"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done], 0xfffffffffffffeb3, 0x0, &(0x7f00000007c0)}) [ 457.887522][T14540] binder_alloc: allocated: 3624 (num: 148 largest: 32), free: 8664 (num: 1 largest: 8664) 08:47:50 executing program 4 (fault-call:0 fault-nth:0): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x200000000000000}, 0x48) 08:47:50 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}) 08:47:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 458.056872][T14552] FAULT_INJECTION: forcing a failure. [ 458.056872][T14552] name failslab, interval 1, probability 0, space 0, times 0 [ 458.070841][T14548] binder: 14548 RLIMIT_NICE not set [ 458.086884][T14555] binder: 14554:14555 got transaction with invalid offset (0, min 0 max 0) or object. [ 458.096219][T14552] CPU: 1 PID: 14552 Comm: syz-executor.4 Not tainted 5.1.0-rc2+ #37 08:47:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4c00, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 458.104482][T14552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 458.114562][T14552] Call Trace: [ 458.117888][T14552] dump_stack+0x172/0x1f0 [ 458.122266][T14552] should_fail.cold+0xa/0x15 [ 458.126884][T14552] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 458.132801][T14552] ? ___might_sleep+0x163/0x280 [ 458.137685][T14552] __should_failslab+0x121/0x190 [ 458.142641][T14552] should_failslab+0x9/0x14 [ 458.147168][T14552] kmem_cache_alloc_node_trace+0x270/0x720 08:47:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 458.153000][T14552] ? find_held_lock+0x35/0x130 [ 458.157802][T14552] __get_vm_area_node+0x12b/0x3a0 [ 458.162853][T14552] __vmalloc_node_range+0xd4/0x790 [ 458.167983][T14552] ? bpf_prog_alloc_no_stats+0x6b/0x2b0 [ 458.173555][T14552] __vmalloc+0x44/0x50 [ 458.177651][T14552] ? bpf_prog_alloc_no_stats+0x6b/0x2b0 [ 458.183205][T14552] bpf_prog_alloc_no_stats+0x6b/0x2b0 [ 458.188629][T14552] bpf_prog_alloc+0x31/0x230 [ 458.188644][T14552] ? strncpy_from_user+0x2a8/0x380 [ 458.188662][T14552] bpf_prog_load+0x4fc/0x14a0 08:47:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x300000000000000}, 0x48) [ 458.188678][T14552] ? bpf_prog_new_fd+0x60/0x60 [ 458.188710][T14552] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 458.188723][T14552] ? security_bpf+0x91/0xc0 [ 458.188746][T14552] __do_sys_bpf+0x117a/0x3e50 [ 458.188766][T14552] ? bpf_prog_load+0x14a0/0x14a0 [ 458.199954][T14552] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 458.199975][T14552] ? wait_for_completion+0x440/0x440 [ 458.199997][T14552] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 458.200009][T14552] ? fput_many+0x12c/0x1a0 08:47:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 458.200031][T14552] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 458.200047][T14552] ? do_fast_syscall_32+0xd1/0xc98 [ 458.200059][T14552] ? entry_SYSENTER_compat+0x70/0x7f [ 458.200072][T14552] ? do_fast_syscall_32+0xd1/0xc98 [ 458.200089][T14552] __ia32_sys_bpf+0x72/0xb0 [ 458.200107][T14552] do_fast_syscall_32+0x281/0xc98 [ 458.200129][T14552] entry_SYSENTER_compat+0x70/0x7f [ 458.232390][T14552] RIP: 0023:0xf7f05869 [ 458.269802][T14552] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 458.269811][T14552] RSP: 002b:00000000f5d010cc EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 458.269825][T14552] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000180 [ 458.269833][T14552] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 458.269842][T14552] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 458.269850][T14552] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 458.269867][T14552] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 08:47:50 executing program 0: unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x48, 0x0, &(0x7f0000000700)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae420e087d59c0c7be7fcad1abb7e1f8f446f373f611ca1ee9c2231708e18a47bc68a2a79a0b48931f6ff6d"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done], 0xfffffffffffffeb3, 0x0, &(0x7f00000007c0)}) 08:47:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 458.379773][T14667] binder: 14666:14667 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x700000000000000}, 0x48) [ 458.433907][T14672] binder: 14672 RLIMIT_NICE not set [ 458.464228][T14552] syz-executor.4: vmalloc: allocation failure: 4096 bytes, mode:0x100dc0(GFP_USER|__GFP_ZERO), nodemask=(null),cpuset=syz4 [ 458.464247][T14674] binder_transaction: 38 callbacks suppressed [ 458.464252][T14552] ,mems_allowed=0-1 [ 458.464266][T14674] binder: 14673:14674 transaction failed 29201/-28, size 0-12288 line 3147 [ 458.464281][T14552] CPU: 1 PID: 14552 Comm: syz-executor.4 Not tainted 5.1.0-rc2+ #37 [ 458.464298][T14552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 458.487084][T14552] Call Trace: [ 458.487109][T14552] dump_stack+0x172/0x1f0 [ 458.487131][T14552] warn_alloc.cold+0x87/0x17f [ 458.487147][T14552] ? zone_watermark_ok_safe+0x260/0x260 [ 458.487163][T14552] ? rcu_read_lock_sched_held+0x110/0x130 [ 458.487194][T14552] ? __get_vm_area_node+0x2df/0x3a0 [ 458.487216][T14552] __vmalloc_node_range+0x48a/0x790 [ 458.487241][T14552] __vmalloc+0x44/0x50 [ 458.514001][T14552] ? bpf_prog_alloc_no_stats+0x6b/0x2b0 [ 458.514020][T14552] bpf_prog_alloc_no_stats+0x6b/0x2b0 [ 458.514037][T14552] bpf_prog_alloc+0x31/0x230 [ 458.514061][T14552] ? strncpy_from_user+0x2a8/0x380 [ 458.531886][T14552] bpf_prog_load+0x4fc/0x14a0 [ 458.531906][T14552] ? bpf_prog_new_fd+0x60/0x60 [ 458.531943][T14552] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 458.531964][T14552] ? security_bpf+0x91/0xc0 [ 458.548099][T14552] __do_sys_bpf+0x117a/0x3e50 [ 458.548118][T14552] ? bpf_prog_load+0x14a0/0x14a0 [ 458.548134][T14552] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 458.548154][T14552] ? wait_for_completion+0x440/0x440 [ 458.548172][T14552] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 458.548185][T14552] ? fput_many+0x12c/0x1a0 [ 458.548209][T14552] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 458.548223][T14552] ? do_fast_syscall_32+0xd1/0xc98 [ 458.548236][T14552] ? entry_SYSENTER_compat+0x70/0x7f [ 458.548257][T14552] ? do_fast_syscall_32+0xd1/0xc98 [ 458.557888][T14552] __ia32_sys_bpf+0x72/0xb0 [ 458.557910][T14552] do_fast_syscall_32+0x281/0xc98 [ 458.557931][T14552] entry_SYSENTER_compat+0x70/0x7f [ 458.557943][T14552] RIP: 0023:0xf7f05869 [ 458.557957][T14552] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 458.557965][T14552] RSP: 002b:00000000f5d010cc EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 458.557978][T14552] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000180 [ 458.557986][T14552] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 458.557993][T14552] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 458.558001][T14552] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 458.558016][T14552] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 458.584038][T14552] Mem-Info: [ 458.590744][T14674] binder: 14673:14674 transaction failed 29201/-28, size 0-12288 line 3147 [ 458.594114][T14552] active_anon:184420 inactive_anon:37054 isolated_anon:0 [ 458.594114][T14552] active_file:7545 inactive_file:38470 isolated_file:0 [ 458.594114][T14552] unevictable:0 dirty:132 writeback:0 unstable:0 [ 458.594114][T14552] slab_reclaimable:12655 slab_unreclaimable:110077 [ 458.594114][T14552] mapped:58396 shmem:68670 pagetables:4788 bounce:0 [ 458.594114][T14552] free:1133090 free_pcp:530 free_cma:0 [ 458.608739][ T7777] binder_release_work: 38 callbacks suppressed [ 458.608753][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 458.609468][T14552] Node 0 active_anon:737680kB inactive_anon:148216kB active_file:30040kB inactive_file:153880kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:233584kB dirty:528kB writeback:0kB shmem:274680kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 557056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 458.616540][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 458.626459][T14552] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 458.731716][T14552] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 458.746318][T14552] lowmem_reserve[]: 0 2553 2555 2555 [ 458.797763][T14552] Node 0 DMA32 free:735484kB min:36232kB low:45288kB high:54344kB active_anon:733424kB inactive_anon:148220kB active_file:30040kB inactive_file:153936kB unevictable:0kB writepending:580kB present:3129332kB managed:2617996kB mlocked:0kB kernel_stack:12352kB pagetables:18840kB bounce:0kB free_pcp:2560kB local_pcp:1448kB free_cma:0kB [ 458.833535][T14552] lowmem_reserve[]: 0 0 2 2 [ 458.899404][T14552] Node 0 Normal free:8kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 458.968327][T14552] lowmem_reserve[]: 0 0 0 0 [ 458.973033][T14552] Node 1 Normal free:3785400kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 459.030783][T14552] lowmem_reserve[]: 0 0 0 0 [ 459.035488][T14552] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 459.056571][T14552] Node 0 DMA32: 3067*4kB (UME) 874*8kB (UME) 636*16kB (UME) 556*32kB (UME) 438*64kB (UME) 17*128kB (UM) 7*256kB (UM) 7*512kB (UME) 5*1024kB (ME) 2*2048kB (M) 157*4096kB (UM) = 735100kB [ 459.076691][T14552] Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 459.089405][T14552] Node 1 Normal: 72*4kB (UE) 259*8kB (UE) 238*16kB (UE) 65*32kB (UM) 16*64kB (UME) 7*128kB (UE) 7*256kB (UME) 6*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 919*4096kB (M) = 3785400kB [ 459.107566][T14552] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 459.117263][T14552] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 459.126732][T14552] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 459.143636][T14552] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 459.152999][T14552] 114697 total pagecache pages [ 459.157873][T14552] 0 pages in swap cache [ 459.162057][T14552] Swap cache stats: add 0, delete 0, find 0/0 [ 459.168363][T14552] Free swap = 0kB [ 459.172174][T14552] Total swap = 0kB [ 459.175916][T14552] 1965979 pages RAM [ 459.179788][T14552] 0 pages HighMem/MovableOnly 08:47:51 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}) 08:47:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:51 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xa00000000000000}, 0x48) 08:47:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:51 executing program 0: unlink(&(0x7f0000000940)='./file0\x00') r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000640)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x48, 0x0, &(0x7f0000000700)="2ba063fb309ec7fdbfb08e6e91baee7d7d4599fe14129a4d426834556ae420e087d59c0c7be7fcad1abb7e1f8f446f373f611ca1ee9c2231708e18a47bc68a2a79a0b48931f6ff6d"}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) shutdown(0xffffffffffffffff, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done], 0xfffffffffffffeb3, 0x0, &(0x7f00000007c0)}) [ 459.184482][T14552] 339406 pages reserved [ 459.188694][T14552] 0 pages cma reserved [ 459.229697][T14787] binder: 14786:14787 got transaction with invalid offset (0, min 0 max 0) or object. [ 459.244006][T14791] binder: 14790:14791 transaction failed 29201/-28, size 0-12288 line 3147 [ 459.266830][T14787] binder: 14786:14787 transaction failed 29201/-22, size 0-8 line 3241 08:47:51 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) [ 459.277300][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 459.292189][T14794] binder: 14794 RLIMIT_NICE not set 08:47:51 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000}, 0x48) 08:47:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:51 executing program 4: bpf$PROG_LOAD(0x2, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 459.323019][T14787] binder: 14786:14787 transaction failed 29201/-22, size 0-8 line 3241 [ 459.334684][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 459.389764][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:47:51 executing program 4: bpf$PROG_LOAD(0x3, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:51 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4000000000000000}, 0x48) 08:47:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x5000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 459.450056][T14885] binder: 14884:14885 transaction failed 29201/-28, size 0-12288 line 3147 08:47:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) [ 459.511070][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:47:52 executing program 0 (fault-call:0 fault-nth:0): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x300000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 459.567328][T14920] binder: 14919:14920 transaction failed 29201/-22, size 0-8 line 3241 08:47:52 executing program 4: bpf$PROG_LOAD(0x4, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:52 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000}, 0x48) [ 459.620035][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:47:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) 08:47:52 executing program 4: bpf$PROG_LOAD(0x6, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 459.738147][T14959] FAULT_INJECTION: forcing a failure. [ 459.738147][T14959] name failslab, interval 1, probability 0, space 0, times 0 [ 459.798787][T14998] binder: 14994:14998 transaction failed 29201/-22, size 0-8 line 3241 [ 459.809573][T14959] CPU: 0 PID: 14959 Comm: syz-executor.0 Not tainted 5.1.0-rc2+ #37 [ 459.818711][T14959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 459.818719][T14959] Call Trace: [ 459.818751][T14959] dump_stack+0x172/0x1f0 [ 459.818775][T14959] should_fail.cold+0xa/0x15 08:47:52 executing program 4: bpf$PROG_LOAD(0x7, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 459.818795][T14959] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 459.818819][T14959] ? ___might_sleep+0x163/0x280 [ 459.818843][T14959] __should_failslab+0x121/0x190 [ 459.859949][T14959] should_failslab+0x9/0x14 [ 459.864661][T14959] kmem_cache_alloc_node_trace+0x270/0x720 [ 459.870852][T14959] ? preempt_count_add+0xbc/0x1b0 [ 459.876056][T14959] ? prep_new_page+0x1fb/0x300 [ 459.881002][T14959] __get_vm_area_node+0x12b/0x3a0 [ 459.886074][T14959] __vmalloc_node_range+0xd4/0x790 [ 459.891347][T14959] ? bpf_prog_alloc_no_stats+0x6b/0x2b0 [ 459.896964][T14959] __vmalloc+0x44/0x50 [ 459.901492][T14959] ? bpf_prog_alloc_no_stats+0x6b/0x2b0 [ 459.907368][T14959] bpf_prog_alloc_no_stats+0x6b/0x2b0 [ 459.913408][T14959] bpf_prog_alloc+0x31/0x230 [ 459.918035][T14959] ? strncpy_from_user+0x2a8/0x380 [ 459.923313][T14959] bpf_prog_load+0x4fc/0x14a0 [ 459.928400][T14959] ? bpf_prog_new_fd+0x60/0x60 [ 459.933401][T14959] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 459.940492][T14959] ? security_bpf+0x91/0xc0 08:47:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 459.945219][T14959] __do_sys_bpf+0x117a/0x3e50 [ 459.950121][T14959] ? bpf_prog_load+0x14a0/0x14a0 [ 459.955095][T14959] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 459.961137][T14959] ? wait_for_completion+0x440/0x440 [ 459.966789][T14959] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 459.973679][T14959] ? fput_many+0x12c/0x1a0 [ 459.978951][T14959] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 459.984991][T14959] ? do_fast_syscall_32+0xd1/0xc98 [ 459.990142][T14959] ? entry_SYSENTER_compat+0x70/0x7f 08:47:52 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 459.992101][T15048] binder: 15047:15048 transaction failed 29201/-28, size 0-12288 line 3147 [ 459.996016][T14959] ? do_fast_syscall_32+0xd1/0xc98 [ 459.996038][T14959] __ia32_sys_bpf+0x72/0xb0 [ 459.996056][T14959] do_fast_syscall_32+0x281/0xc98 [ 459.996087][T14959] entry_SYSENTER_compat+0x70/0x7f [ 460.008825][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 460.010376][T14959] RIP: 0023:0xf7fd3869 [ 460.010393][T14959] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 460.010402][T14959] RSP: 002b:00000000f5dcf0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 460.010416][T14959] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000180 [ 460.010424][T14959] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 460.010440][T14959] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 460.049906][T15050] binder: 15049:15050 transaction failed 29201/-28, size 0-12288 line 3147 08:47:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:52 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x90ffffff00000000}, 0x48) [ 460.056550][T14959] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 460.056559][T14959] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 460.071393][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 460.129503][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 460.177490][T14959] syz-executor.0: vmalloc: allocation failure: 4096 bytes, mode:0x100dc0(GFP_USER|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 460.193987][T14959] CPU: 0 PID: 14959 Comm: syz-executor.0 Not tainted 5.1.0-rc2+ #37 [ 460.202644][T14959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 460.202651][T14959] Call Trace: [ 460.202676][T14959] dump_stack+0x172/0x1f0 [ 460.202696][T14959] warn_alloc.cold+0x87/0x17f [ 460.202712][T14959] ? zone_watermark_ok_safe+0x260/0x260 [ 460.202728][T14959] ? rcu_read_lock_sched_held+0x110/0x130 [ 460.202755][T14959] ? __get_vm_area_node+0x2df/0x3a0 [ 460.202775][T14959] __vmalloc_node_range+0x48a/0x790 [ 460.202799][T14959] __vmalloc+0x44/0x50 [ 460.202816][T14959] ? bpf_prog_alloc_no_stats+0x6b/0x2b0 [ 460.202832][T14959] bpf_prog_alloc_no_stats+0x6b/0x2b0 [ 460.202850][T14959] bpf_prog_alloc+0x31/0x230 [ 460.202903][T14959] ? strncpy_from_user+0x2a8/0x380 [ 460.202920][T14959] bpf_prog_load+0x4fc/0x14a0 [ 460.202935][T14959] ? bpf_prog_new_fd+0x60/0x60 [ 460.202967][T14959] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 460.244365][T14959] ? security_bpf+0x91/0xc0 [ 460.244383][T14959] __do_sys_bpf+0x117a/0x3e50 [ 460.244401][T14959] ? bpf_prog_load+0x14a0/0x14a0 [ 460.244418][T14959] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 460.244434][T14959] ? wait_for_completion+0x440/0x440 [ 460.244463][T14959] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 460.259817][T14959] ? fput_many+0x12c/0x1a0 [ 460.272745][T14959] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 460.272761][T14959] ? do_fast_syscall_32+0xd1/0xc98 [ 460.272775][T14959] ? entry_SYSENTER_compat+0x70/0x7f [ 460.272786][T14959] ? do_fast_syscall_32+0xd1/0xc98 [ 460.272803][T14959] __ia32_sys_bpf+0x72/0xb0 [ 460.272821][T14959] do_fast_syscall_32+0x281/0xc98 [ 460.272842][T14959] entry_SYSENTER_compat+0x70/0x7f [ 460.284146][T14959] RIP: 0023:0xf7fd3869 [ 460.293937][T14959] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 460.408892][T14959] RSP: 002b:00000000f5dcf0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 460.417710][T14959] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000180 [ 460.426595][T14959] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 460.435542][T14959] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 460.444015][T14959] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 460.454008][T14959] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 460.463279][T14959] Mem-Info: [ 460.466618][T14959] active_anon:183338 inactive_anon:37055 isolated_anon:0 [ 460.466618][T14959] active_file:7545 inactive_file:38491 isolated_file:0 [ 460.466618][T14959] unevictable:0 dirty:152 writeback:0 unstable:0 [ 460.466618][T14959] slab_reclaimable:12650 slab_unreclaimable:110235 [ 460.466618][T14959] mapped:58395 shmem:68669 pagetables:4740 bounce:0 [ 460.466618][T14959] free:1133899 free_pcp:648 free_cma:0 [ 460.510398][T14959] Node 0 active_anon:733352kB inactive_anon:148220kB active_file:30040kB inactive_file:153964kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:233580kB dirty:608kB writeback:0kB shmem:274676kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 548864kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 460.540950][T14959] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 460.569540][T14959] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 460.597995][T14959] lowmem_reserve[]: 0 2553 2555 2555 [ 460.603950][T14959] Node 0 DMA32 free:735080kB min:36232kB low:45288kB high:54344kB active_anon:733340kB inactive_anon:148220kB active_file:30040kB inactive_file:154000kB unevictable:0kB writepending:644kB present:3129332kB managed:2617996kB mlocked:0kB kernel_stack:12256kB pagetables:18892kB bounce:0kB free_pcp:2728kB local_pcp:1296kB free_cma:0kB [ 460.638053][T14959] lowmem_reserve[]: 0 0 2 2 [ 460.642693][T14959] Node 0 Normal free:8kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 460.670656][T14959] lowmem_reserve[]: 0 0 0 0 [ 460.675702][T14959] Node 1 Normal free:3785400kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 460.705652][T14959] lowmem_reserve[]: 0 0 0 0 [ 460.710663][T14959] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 460.726419][T14959] Node 0 DMA32: 3004*4kB (UME) 828*8kB (UME) 646*16kB (UME) 566*32kB (UME) 440*64kB (UME) 17*128kB (UM) 7*256kB (UM) 7*512kB (UME) 5*1024kB (ME) 2*2048kB (M) 157*4096kB (UM) = 735088kB [ 460.748606][T14959] Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 460.761545][T14959] Node 1 Normal: 72*4kB (UE) 259*8kB (UE) 238*16kB (UE) 65*32kB (UM) 16*64kB (UME) 7*128kB (UE) 7*256kB (UME) 6*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 919*4096kB (M) = 3785400kB [ 460.782773][T14959] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 460.792796][T14959] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 460.803266][T14959] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 460.815079][T14959] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 08:47:53 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:53 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:53 executing program 4: bpf$PROG_LOAD(0x8, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:53 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xff00000000000000}, 0x48) 08:47:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 460.825723][T14959] 114713 total pagecache pages [ 460.831165][T14959] 0 pages in swap cache [ 460.837001][T14959] Swap cache stats: add 0, delete 0, find 0/0 [ 460.843907][T14959] Free swap = 0kB [ 460.848007][T14959] Total swap = 0kB [ 460.851762][T14959] 1965979 pages RAM [ 460.856591][T14959] 0 pages HighMem/MovableOnly [ 460.861693][T14959] 339406 pages reserved [ 460.866336][T14959] 0 pages cma reserved [ 460.908810][T15065] binder_alloc_new_buf_locked: 12 callbacks suppressed [ 460.908822][T15065] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:53 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}, 0x48) 08:47:53 executing program 4: bpf$PROG_LOAD(0x9, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 460.952651][T15065] binder_alloc_new_buf_locked: 11 callbacks suppressed [ 460.952669][T15065] binder_alloc: allocated: 3616 (num: 147 largest: 32), free: 8672 (num: 1 largest: 8672) 08:47:53 executing program 0: bpf$PROG_LOAD(0x2, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 461.032602][T15067] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:53 executing program 4: bpf$PROG_LOAD(0xa, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 461.072213][T15067] binder_alloc: allocated: 3616 (num: 147 largest: 32), free: 8672 (num: 1 largest: 8672) 08:47:53 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:47:53 executing program 0: bpf$PROG_LOAD(0x3, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:53 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:53 executing program 4: bpf$PROG_LOAD(0xb, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 461.210735][T15089] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:53 executing program 0: bpf$PROG_LOAD(0x4, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 461.298791][T15089] binder_alloc: allocated: 3616 (num: 147 largest: 32), free: 8672 (num: 1 largest: 8672) 08:47:53 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x3]}, 0x48) 08:47:53 executing program 4: bpf$PROG_LOAD(0xc, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 461.350441][T15103] binder_transaction: 4 callbacks suppressed [ 461.350462][T15103] binder: 15102:15103 got transaction with invalid offset (0, min 0 max 0) or object. [ 461.368109][T15104] binder: 15100:15104 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:53 executing program 0: bpf$PROG_LOAD(0x6, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:53 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:54 executing program 4: bpf$PROG_LOAD(0xd, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0xa000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:54 executing program 0: bpf$PROG_LOAD(0x7, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:54 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x7]}, 0x48) 08:47:54 executing program 4: bpf$PROG_LOAD(0xe, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:54 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0xa]}, 0x48) 08:47:54 executing program 0: bpf$PROG_LOAD(0x8, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 461.548698][T15122] binder: 15121:15122 got transaction with invalid offset (0, min 0 max 0) or object. [ 461.553723][T15119] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 461.651436][T15119] binder_alloc: allocated: 3624 (num: 148 largest: 32), free: 8664 (num: 1 largest: 8664) [ 461.685486][T15127] binder: 15126:15127 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:54 executing program 4: bpf$PROG_LOAD(0xf, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 461.830139][T15144] binder: 15141:15144 got transaction with invalid offset (0, min 0 max 0) or object. [ 461.855706][T15146] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 461.886929][T15146] binder_alloc: allocated: 3624 (num: 148 largest: 32), free: 8664 (num: 1 largest: 8664) 08:47:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:54 executing program 4: bpf$PROG_LOAD(0x10, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:54 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x300]}, 0x48) [ 462.087468][T15160] binder: 15150:15160 got transaction with invalid offset (0, min 0 max 0) or object. [ 462.100417][T15161] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 462.111649][ T7777] binder: undelivered TRANSACTION_COMPLETE [ 462.122044][T15161] binder_alloc: allocated: 3632 (num: 149 largest: 32), free: 8656 (num: 1 largest: 8656) 08:47:54 executing program 0: bpf$PROG_LOAD(0x9, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 462.146149][T15160] binder: 15150:15160 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:54 executing program 4: bpf$PROG_LOAD(0x11, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:54 executing program 0: bpf$PROG_LOAD(0xa, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:54 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x700]}, 0x48) [ 462.317171][ T7775] binder: undelivered TRANSACTION_COMPLETE [ 462.345015][T15180] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:54 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:54 executing program 4: bpf$PROG_LOAD(0x12, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 462.416827][T15180] binder_alloc: allocated: 3632 (num: 149 largest: 32), free: 8656 (num: 1 largest: 8656) 08:47:55 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0xa00]}, 0x48) [ 462.463696][T15187] binder: 15182:15187 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:55 executing program 0: bpf$PROG_LOAD(0xb, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 462.531830][ T7777] binder: undelivered TRANSACTION_COMPLETE 08:47:55 executing program 4: bpf$PROG_LOAD(0x13, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:55 executing program 0: bpf$PROG_LOAD(0xc, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:55 executing program 4: bpf$PROG_LOAD(0x14, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 462.677767][T15203] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:55 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x3f00]}, 0x48) 08:47:55 executing program 0: bpf$PROG_LOAD(0xd, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 462.753900][T15203] binder_alloc: allocated: 3640 (num: 150 largest: 32), free: 8648 (num: 2 largest: 8640) [ 462.778138][T15211] binder: 15210:15211 got transaction with invalid offset (0, min 0 max 0) or object. [ 462.791617][ T7777] binder: undelivered TRANSACTION_COMPLETE 08:47:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:55 executing program 4: bpf$PROG_LOAD(0x15, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:55 executing program 0: bpf$PROG_LOAD(0xe, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 462.891267][T15211] binder: 15210:15211 got transaction with invalid offset (0, min 0 max 0) or object. [ 462.920475][T15225] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:55 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x4000]}, 0x48) 08:47:55 executing program 0: bpf$PROG_LOAD(0xf, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 463.003945][T15225] binder_alloc: allocated: 3656 (num: 152 largest: 32), free: 8632 (num: 1 largest: 8632) 08:47:55 executing program 4: bpf$PROG_LOAD(0x18, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 463.098577][ T7775] binder: undelivered TRANSACTION_COMPLETE 08:47:55 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0xff00]}, 0x48) 08:47:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0)}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:55 executing program 0: bpf$PROG_LOAD(0x10, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:55 executing program 4: bpf$PROG_LOAD(0x1018, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 463.271359][T15255] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 463.271406][ T7777] binder: undelivered TRANSACTION_COMPLETE 08:47:55 executing program 0: bpf$PROG_LOAD(0x11, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:55 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x1000000]}, 0x48) 08:47:55 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:55 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2000000]}, 0x48) [ 463.431423][T15255] binder_alloc: allocated: 3664 (num: 153 largest: 32), free: 8624 (num: 1 largest: 8624) 08:47:56 executing program 4: bpf$PROG_LOAD(0xffffff85, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x3000000]}, 0x48) [ 463.483987][T15270] binder_transaction: 22 callbacks suppressed [ 463.484009][T15270] binder: 15269:15270 transaction failed 29201/-22, size 0-8 line 3241 [ 463.484051][T15255] binder: 15251:15255 transaction failed 29201/-28, size 0-12288 line 3147 [ 463.493997][T15266] binder: 15261:15266 transaction failed 29201/-22, size 0-8 line 3241 [ 463.619272][ T7775] binder_release_work: 23 callbacks suppressed [ 463.619280][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:47:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:56 executing program 0: bpf$PROG_LOAD(0x12, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:56 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x2, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x7000000]}, 0x48) [ 463.687236][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:47:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 463.741642][T15295] binder: 15293:15295 transaction failed 29201/-22, size 0-8 line 3241 [ 463.773992][T15291] binder: 15289:15291 transaction failed 29201/-28, size 0-12288 line 3147 08:47:56 executing program 0: bpf$PROG_LOAD(0x13, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:56 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 463.793365][T15300] binder: 15299:15300 transaction failed 29201/-22, size 0-8 line 3241 [ 463.824624][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:47:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0xa000000]}, 0x48) [ 463.843024][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 463.883375][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:47:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x68000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x68000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:56 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 464.007640][T15318] binder: 15317:15318 transaction failed 29201/-28, size 0-12288 line 3147 [ 464.023182][T15322] binder: 15316:15322 transaction failed 29201/-22, size 0-8 line 3241 [ 464.048967][T15323] binder: 15319:15323 transaction failed 29201/-22, size 0-8 line 3241 [ 464.049181][T15318] binder: 15317:15318 transaction failed 29201/-28, size 0-12288 line 3147 [ 464.082771][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 464.092960][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:47:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x3f000000]}, 0x48) 08:47:56 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x5, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:56 executing program 0: bpf$PROG_LOAD(0x14, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 464.117789][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:47:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 464.158031][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:47:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x40000000]}, 0x48) 08:47:56 executing program 0: bpf$PROG_LOAD(0x15, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 464.268513][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 464.305539][ T7775] binder: undelivered TRANSACTION_COMPLETE 08:47:56 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x7, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x74000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:56 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:56 executing program 0: bpf$PROG_LOAD(0x18, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:57 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:57 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffffff]}, 0x48) 08:47:57 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x9, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 464.576908][ T7775] binder: undelivered TRANSACTION_COMPLETE 08:47:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:57 executing program 0: bpf$PROG_LOAD(0x1018, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:57 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x90ffffff]}, 0x48) 08:47:57 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xa, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x30000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:57 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 464.731906][ T7775] binder: undelivered TRANSACTION_COMPLETE 08:47:57 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:57 executing program 0: bpf$PROG_LOAD(0xffffff85, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:57 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0xff000000]}, 0x48) 08:47:57 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:57 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xb, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:57 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:57 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:57 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0xffffff80]}, 0x48) 08:47:57 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:57 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:57 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:57 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:57 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x9, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:57 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x16, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:57 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0xffffff90]}, 0x48) 08:47:57 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:57 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:57 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xa, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:57 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:58 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x9100, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:58 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x1000000000000]}, 0x48) 08:47:58 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:58 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x18d1cd, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xb, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:58 executing program 1: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:58 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x100000000000000]}, 0x48) 08:47:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:58 executing program 1: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:58 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xffffff1f, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:58 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x200000000000000]}, 0x48) 08:47:58 executing program 1: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) [ 465.918351][T15502] binder_alloc_new_buf_locked: 14 callbacks suppressed [ 465.918362][T15502] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:58 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x2, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 466.001644][T15502] binder_alloc_new_buf_locked: 14 callbacks suppressed [ 466.001664][T15502] binder_alloc: allocated: 3688 (num: 156 largest: 32), free: 8600 (num: 1 largest: 8600) 08:47:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x14, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 08:47:58 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x300000000000000]}, 0x48) 08:47:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0xa00000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:58 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 466.229354][T15529] binder: 15524:15529 ioctl c0306201 0 returned -14 08:47:58 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x700000000000000]}, 0x48) 08:47:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x16, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 466.274309][T15533] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 466.301486][T15533] binder_alloc: allocated: 3688 (num: 156 largest: 32), free: 8600 (num: 1 largest: 8600) 08:47:58 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0xa00000000000000]}, 0x48) [ 466.353365][T15533] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:58 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x9, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 08:47:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x2, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 466.394499][T15533] binder_alloc: allocated: 3688 (num: 156 largest: 32), free: 8600 (num: 1 largest: 8600) 08:47:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x5, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 466.457756][T15545] binder_transaction: 22 callbacks suppressed [ 466.457770][T15545] binder: 15544:15545 got transaction with invalid offset (0, min 0 max 0) or object. [ 466.482174][T15554] binder: 15543:15554 ioctl c0306201 0 returned -14 08:47:59 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x3f00000000000000]}, 0x48) 08:47:59 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0xa, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 08:47:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:59 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x4000000000000000]}, 0x48) 08:47:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x9, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 466.659351][T15568] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 466.703271][T15573] binder: 15572:15573 ioctl c0306201 0 returned -14 [ 466.712807][T15568] binder_alloc: allocated: 3688 (num: 156 largest: 32), free: 8600 (num: 1 largest: 8600) 08:47:59 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0xb, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}) [ 466.747054][T15571] binder: 15570:15571 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:59 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffffff00000000]}, 0x48) 08:47:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0xa, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 466.890691][T15588] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:59 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x14, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0xb, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 466.947184][T15588] binder_alloc: allocated: 3688 (num: 156 largest: 32), free: 8600 (num: 1 largest: 8600) 08:47:59 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x90ffffff00000000]}, 0x48) 08:47:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}) [ 467.003730][T15598] binder: 15597:15598 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:59 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x2, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x14, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:47:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}) [ 467.185760][T15618] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 467.222628][T15618] binder_alloc: allocated: 3688 (num: 156 largest: 32), free: 8600 (num: 1 largest: 8600) 08:47:59 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0xff00000000000000]}, 0x48) 08:47:59 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x3, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:47:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x2, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 467.250471][T15624] binder: 15623:15624 got transaction with invalid offset (0, min 0 max 0) or object. [ 467.284204][T15624] binder: 15623:15624 got transaction with invalid offset (0, min 0 max 0) or object. 08:47:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:47:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) 08:47:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:47:59 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0xffffffff00000000]}, 0x48) [ 467.401316][T15636] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:47:59 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x4, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x3, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 467.459557][T15636] binder_alloc: allocated: 3688 (num: 156 largest: 32), free: 8600 (num: 1 largest: 8600) [ 467.481122][T15640] binder: 15639:15640 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) 08:48:00 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:00 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x2]}, 0x48) 08:48:00 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x6, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x4, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) [ 467.692106][T15661] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:00 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x3]}, 0x48) [ 467.763089][T15661] binder_alloc: allocated: 3688 (num: 156 largest: 32), free: 8600 (num: 1 largest: 8600) [ 467.796993][T15658] binder: 15657:15658 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x6, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:00 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:00 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x7, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:00 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x7]}, 0x48) [ 467.946019][T15683] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x7, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 468.018889][T15683] binder_alloc: allocated: 3688 (num: 156 largest: 32), free: 8600 (num: 1 largest: 8600) 08:48:00 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x8, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:00 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xa]}, 0x48) [ 468.066436][T15691] binder: 15690:15691 got transaction with invalid offset (0, min 0 max 0) or object. [ 468.086743][ T7777] binder: release 15684:15688 transaction 1126 out, still active [ 468.094808][ T7777] binder: undelivered TRANSACTION_COMPLETE 08:48:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) [ 468.118165][T15683] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x8, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 468.160257][T15683] binder_alloc: allocated: 3704 (num: 158 largest: 32), free: 8584 (num: 1 largest: 8584) [ 468.187141][ T7775] binder: release 15702:15704 transaction 1129 out, still active 08:48:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 468.221004][ T7775] binder: undelivered TRANSACTION_COMPLETE 08:48:00 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x300]}, 0x48) 08:48:00 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:00 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x9, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x9, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 468.310019][ T7777] binder: release 15713:15714 transaction 1131 out, still active [ 468.338223][ T7777] binder: undelivered TRANSACTION_COMPLETE 08:48:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) [ 468.376589][T15719] binder: 15718:15719 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:00 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:00 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xa, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:01 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x700]}, 0x48) [ 468.528698][ T7775] binder: undelivered TRANSACTION_COMPLETE [ 468.546546][T15735] binder: 15733:15735 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 08:48:01 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0xa, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:01 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xb, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 468.575345][T15737] binder_transaction: 46 callbacks suppressed [ 468.575366][T15737] binder: 15736:15737 transaction failed 29201/-28, size 0-12288 line 3147 [ 468.591994][T15735] binder: 15733:15735 transaction failed 29201/-22, size 0-8 line 3241 08:48:01 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xa00]}, 0x48) [ 468.667192][ T7777] binder: undelivered TRANSACTION_COMPLETE [ 468.677088][ T7775] binder_release_work: 46 callbacks suppressed [ 468.677096][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:01 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0xb, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:01 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xc, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 468.833866][ T7775] binder: release 15757:15761 transaction 1137 out, still active [ 468.842732][T15763] binder: 15762:15763 transaction failed 29201/-28, size 0-12288 line 3147 [ 468.858116][T15760] binder: 15756:15760 transaction failed 29201/-22, size 0-8 line 3241 [ 468.873312][ T7775] binder: undelivered TRANSACTION_COMPLETE 08:48:01 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x3f00]}, 0x48) 08:48:01 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x9, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 468.890425][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 468.923886][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:01 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0xc, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:01 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xd, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:01 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffffff]}, 0x48) 08:48:01 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xe, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 469.060628][T15780] binder: 15779:15780 transaction failed 29201/-22, size 0-8 line 3241 [ 469.091780][T15785] binder: 15783:15785 transaction failed 29201/-28, size 0-12288 line 3147 08:48:01 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x4000]}, 0x48) 08:48:01 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0xd, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 469.146891][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 469.153151][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:01 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffffff]}, 0x48) 08:48:01 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xf, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 469.269553][T15800] binder: 15797:15800 transaction failed 29201/-22, size 0-8 line 3241 08:48:01 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xff00]}, 0x48) [ 469.336051][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 469.347640][T15806] binder: 15803:15806 transaction failed 29201/-28, size 0-12288 line 3147 08:48:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:01 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0xe, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 469.377570][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:02 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffffff]}, 0x48) 08:48:02 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x10, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:02 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x1000000]}, 0x48) [ 469.491674][T15818] binder: 15817:15818 transaction failed 29201/-22, size 0-8 line 3241 08:48:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0xf, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 469.553278][T15818] binder: 15817:15818 transaction failed 29201/-22, size 0-8 line 3241 [ 469.566282][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:02 executing program 1: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:48:02 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x11, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 469.602076][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 469.637093][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:02 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:02 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x2000000]}, 0x48) 08:48:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x10, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:02 executing program 1: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:48:02 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x12, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:02 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x11, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:02 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x3000000]}, 0x48) 08:48:02 executing program 1: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:48:02 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x13, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:02 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:02 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x14, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:02 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffffff]}, 0x48) 08:48:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x12, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:02 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x7000000]}, 0x48) 08:48:02 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:02 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xa000000]}, 0x48) 08:48:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x13, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:02 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffffff]}, 0x48) 08:48:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:02 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x15, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x14, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:03 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffffff]}, 0x48) 08:48:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:03 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:03 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x3f000000]}, 0x48) 08:48:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x15, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:03 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffffff]}, 0x48) 08:48:03 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x1018, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:03 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x40000000]}, 0x48) 08:48:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:03 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:03 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffffff]}, 0x48) 08:48:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:03 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x2, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:03 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x80ffffff]}, 0x48) [ 471.021214][T15966] binder_alloc_new_buf_locked: 16 callbacks suppressed [ 471.021226][T15966] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x1018, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:03 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffffff]}, 0x48) [ 471.096804][T15966] binder_alloc_new_buf_locked: 16 callbacks suppressed [ 471.096824][T15966] binder_alloc: allocated: 3736 (num: 162 largest: 32), free: 8552 (num: 1 largest: 8552) 08:48:03 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x3, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:03 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffffff]}, 0x48) 08:48:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:03 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x90ffffff]}, 0x48) 08:48:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:03 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x7, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:03 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffffff]}, 0x48) 08:48:03 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xff000000]}, 0x48) [ 471.377256][T16000] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 471.386008][T16000] binder_alloc: allocated: 3736 (num: 162 largest: 32), free: 8552 (num: 1 largest: 8552) 08:48:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x2, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:04 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xa, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 471.581629][T16016] binder_transaction: 14 callbacks suppressed [ 471.581644][T16016] binder: 16015:16016 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:04 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xffffff80]}, 0x48) 08:48:04 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x80ffffff]}, 0x48) 08:48:04 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x3, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:04 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x300, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 471.623710][T16020] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 471.656859][T16020] binder_alloc: allocated: 3744 (num: 163 largest: 32), free: 8544 (num: 1 largest: 8544) 08:48:04 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xffffff90]}, 0x48) 08:48:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:04 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x7, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:04 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x700, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 471.897798][T16044] binder: 16043:16044 got transaction with invalid offset (0, min 0 max 0) or object. [ 471.902275][T16042] binder: 16041:16042 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:04 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x1000000000000]}, 0x48) 08:48:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:04 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xa00, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:04 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xa, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:04 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x100000000000000]}, 0x48) [ 471.939428][T16049] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 471.975896][T16049] binder_alloc: allocated: 3744 (num: 163 largest: 32), free: 8544 (num: 1 largest: 8544) [ 472.037975][T16056] binder: 16055:16056 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:04 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x4000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:04 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x200000000000000]}, 0x48) 08:48:04 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x300, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 472.253247][T16073] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:04 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xff00, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 472.309550][T16073] binder_alloc: allocated: 3736 (num: 162 largest: 32), free: 8552 (num: 1 largest: 8552) [ 472.340744][T16078] binder: 16077:16078 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:04 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x300000000000000]}, 0x48) [ 472.351008][T16081] binder: 16075:16081 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:04 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x700, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:05 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x1000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 472.478242][T16095] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xa00, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:05 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x700000000000000]}, 0x48) [ 472.557404][T16095] binder_alloc: allocated: 3736 (num: 162 largest: 32), free: 8552 (num: 1 largest: 8552) 08:48:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x3f00, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:05 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x2000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 472.629656][T16100] binder: 16097:16100 got transaction with invalid offset (0, min 0 max 0) or object. [ 472.629672][T16103] binder: 16102:16103 got transaction with invalid offset (0, min 0 max 0) or object. [ 472.630155][T16103] binder: 16102:16103 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:05 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:05 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xa00000000000000]}, 0x48) 08:48:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x4000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:05 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x3000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 472.816980][T16125] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 472.855808][T16125] binder_alloc: allocated: 3736 (num: 162 largest: 32), free: 8552 (num: 1 largest: 8552) 08:48:05 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:05 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x3f00000000000000]}, 0x48) 08:48:05 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x7000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xff00, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:05 executing program 1: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 472.977170][T16130] binder: 16129:16130 got transaction with invalid offset (0, min 0 max 0) or object. [ 473.012962][T16125] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:05 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x4000000000000000]}, 0x48) [ 473.078620][T16125] binder_alloc: allocated: 3744 (num: 163 largest: 32), free: 8544 (num: 1 largest: 8544) 08:48:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:05 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xa000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:05 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:05 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x80ffffff00000000]}, 0x48) 08:48:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x1000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 473.249403][T16164] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 473.284431][T16164] binder_alloc: allocated: 3736 (num: 162 largest: 32), free: 8552 (num: 1 largest: 8552) 08:48:05 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x90ffffff00000000]}, 0x48) 08:48:05 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:05 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x40000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x2000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:06 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xff00000000000000]}, 0x48) 08:48:06 executing program 1: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:06 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x80ffffff, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 473.458299][T16182] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 473.487843][T16182] binder_alloc: allocated: 3736 (num: 162 largest: 32), free: 8552 (num: 1 largest: 8552) 08:48:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:06 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x90ffffff, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:06 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff00000000]}, 0x48) 08:48:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x3000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:06 executing program 1: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 473.718574][T16208] binder_transaction: 42 callbacks suppressed [ 473.718595][T16208] binder: 16202:16208 transaction failed 29201/-22, size 0-8 line 3241 08:48:06 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xff000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 473.772738][T16215] binder: 16214:16215 transaction failed 29201/-28, size 0-12288 line 3147 [ 473.801873][ T7775] binder_release_work: 41 callbacks suppressed [ 473.801880][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x7000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:06 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x2]}, 0x48) [ 473.824723][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:06 executing program 1: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1200, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:06 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xffffff80, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 473.961572][T16228] binder: 16227:16228 transaction failed 29201/-28, size 0-12288 line 3147 08:48:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xa000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:06 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x3]}, 0x48) [ 474.041724][T16236] binder: 16235:16236 transaction failed 29201/-22, size 0-8 line 3241 [ 474.044400][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:06 executing program 1: syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:06 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x7]}, 0x48) [ 474.141230][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:06 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xffffff90, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 474.233850][T16251] binder: 16247:16251 transaction failed 29201/-28, size 0-12288 line 3147 08:48:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x3f000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:06 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xa]}, 0x48) 08:48:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 474.312783][T16258] binder: 16257:16258 transaction failed 29201/-22, size 0-8 line 3241 [ 474.313525][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:06 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x1000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 474.388718][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 474.397916][T16266] binder: 16265:16266 ioctl c0306201 0 returned -14 08:48:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x40000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:07 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x300]}, 0x48) [ 474.478569][T16274] binder: 16273:16274 transaction failed 29201/-28, size 0-12288 line 3147 08:48:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 08:48:07 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x100000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 474.538954][T16278] binder: 16277:16278 transaction failed 29201/-22, size 0-8 line 3241 [ 474.573116][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x80ffffff, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 474.626803][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 474.632068][T16288] binder: 16287:16288 ioctl c0306201 0 returned -14 08:48:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:07 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x200000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 474.713875][T16294] binder: 16292:16294 transaction failed 29201/-28, size 0-12288 line 3147 08:48:07 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x700]}, 0x48) [ 474.765956][T16299] binder: 16297:16299 transaction failed 29201/-22, size 0-8 line 3241 08:48:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x90ffffff, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4c00, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 474.816246][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 474.834306][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 474.834818][T16306] binder: 16305:16306 ioctl c0306201 0 returned -14 08:48:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:07 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xa00]}, 0x48) 08:48:07 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x300000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}) 08:48:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xff000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:07 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x700000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:07 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x3f00]}, 0x48) 08:48:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}) 08:48:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x300000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xffffff80, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)}) 08:48:07 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x4000]}, 0x48) 08:48:07 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xa00000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xffffff90, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:07 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x4000000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:08 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xff00]}, 0x48) 08:48:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x1000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) 08:48:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:08 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x1000000]}, 0x48) 08:48:08 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x80ffffff00000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x100000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) 08:48:08 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x90ffffff00000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:08 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x2000000]}, 0x48) 08:48:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x200000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000300)}) 08:48:08 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xff00000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:08 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x3000000]}, 0x48) [ 476.085894][T16425] binder_alloc_new_buf_locked: 12 callbacks suppressed [ 476.085905][T16425] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x300000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:08 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xffffffff00000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 476.176168][T16425] binder_alloc_new_buf_locked: 12 callbacks suppressed [ 476.176213][T16425] binder_alloc: allocated: 3736 (num: 162 largest: 32), free: 8552 (num: 1 largest: 8552) 08:48:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x700000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:08 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x7000000]}, 0x48) 08:48:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:08 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x2, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 476.353954][T16448] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 476.396766][T16448] binder_alloc: allocated: 3736 (num: 162 largest: 32), free: 8552 (num: 1 largest: 8552) 08:48:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xa00000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:09 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x3, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:09 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xa000000]}, 0x48) 08:48:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:09 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x7, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 476.603331][T16468] binder_transaction: 19 callbacks suppressed [ 476.603346][T16468] binder: 16466:16468 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:09 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x3f000000]}, 0x48) [ 476.661158][T16475] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:09 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xa, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 476.720302][T16475] binder_alloc: allocated: 3744 (num: 163 largest: 32), free: 8544 (num: 1 largest: 8544) 08:48:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x4000000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 476.779175][T16479] binder: 16477:16479 got transaction with invalid offset (0, min 0 max 0) or object. [ 476.803873][T16475] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:09 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x300, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:09 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x40000000]}, 0x48) [ 476.844049][T16475] binder_alloc: allocated: 3744 (num: 163 largest: 32), free: 8544 (num: 1 largest: 8544) 08:48:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x80ffffff00000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 476.926411][ T7777] binder: undelivered TRANSACTION_COMPLETE 08:48:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:09 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x80ffffff]}, 0x48) 08:48:09 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x700, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x90ffffff00000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 477.073958][T16512] binder: 16505:16512 got transaction with invalid offset (0, min 0 max 0) or object. [ 477.087575][T16513] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:09 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xa00, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 477.139865][T16513] binder_alloc: allocated: 3752 (num: 164 largest: 32), free: 8536 (num: 1 largest: 8536) 08:48:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, &(0x7f0000000300)}) [ 477.237219][ T7775] binder: undelivered TRANSACTION_COMPLETE 08:48:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:09 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x4000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xff00000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 477.334415][T16530] binder: 16529:16530 got transaction with invalid offset (0, min 0 max 0) or object. [ 477.383911][T16534] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xffffffff00000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:09 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xff00, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:10 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x90ffffff]}, 0x48) [ 477.445613][T16534] binder_alloc: allocated: 3760 (num: 165 largest: 32), free: 8528 (num: 1 largest: 8528) 08:48:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)}}], 0x0, 0x0, &(0x7f0000000300)}) [ 477.507135][ T7777] binder: undelivered TRANSACTION_COMPLETE 08:48:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x2, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 477.630792][ T7777] binder: undelivered TRANSACTION_COMPLETE 08:48:10 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x1000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 477.686059][T16558] binder: 16556:16558 got transaction with invalid offset (0, min 0 max 0) or object. [ 477.699357][T16560] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:10 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xff000000]}, 0x48) 08:48:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)}}], 0x0, 0x0, &(0x7f0000000300)}) [ 477.732598][T16560] binder_alloc: allocated: 3776 (num: 167 largest: 32), free: 8512 (num: 1 largest: 8512) 08:48:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x3, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:10 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x2000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:10 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xffffff80]}, 0x48) [ 477.853818][ T7775] binder: undelivered TRANSACTION_COMPLETE 08:48:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)}}], 0x0, 0x0, &(0x7f0000000300)}) [ 477.929481][T16586] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:10 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x3000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x7, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:10 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xffffff90]}, 0x48) [ 478.010056][T16586] binder_alloc: allocated: 3776 (num: 167 largest: 32), free: 8512 (num: 1 largest: 8512) [ 478.030793][T16584] binder: 16583:16584 got transaction with invalid offset (0, min 0 max 0) or object. [ 478.056906][ T7775] binder: undelivered TRANSACTION_COMPLETE 08:48:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xa000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:10 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x7000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xa, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 478.179114][T16607] binder: 16605:16607 got transaction with invalid offset (0, min 0 max 0) or object. [ 478.218010][T16613] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:10 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x1000000000000]}, 0x48) 08:48:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x300, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:10 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xa000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 478.252596][T16613] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) [ 478.297417][T16609] binder: 16608:16609 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:10 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x100000000000000]}, 0x48) 08:48:10 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x40000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x700, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:10 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:11 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x200000000000000]}, 0x48) 08:48:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xa00, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:11 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x80ffffff, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 478.532894][T16665] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 478.566888][T16665] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:11 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:11 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x90ffffff, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:11 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:11 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x300000000000000]}, 0x48) 08:48:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x3f00, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 478.794084][T16765] binder: 16764:16765 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:11 executing program 1: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:48:11 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xff000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 478.872282][T16776] binder_transaction: 37 callbacks suppressed [ 478.872300][T16776] binder: 16775:16776 transaction failed 29201/-28, size 0-12288 line 3147 [ 478.877768][T16765] binder: 16764:16765 transaction failed 29201/-22, size 0-8 line 3241 [ 478.897358][ T7777] binder_release_work: 37 callbacks suppressed [ 478.897365][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:11 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x700000000000000]}, 0x48) 08:48:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x4000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 478.943623][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:11 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xffffff80, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:11 executing program 1: bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 479.051681][T16791] binder: 16790:16791 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xff00, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 479.092943][T16795] binder: 16794:16795 transaction failed 29201/-28, size 0-12288 line 3147 08:48:11 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xa00000000000000]}, 0x48) 08:48:11 executing program 1: bpf$PROG_LOAD(0x5, 0x0, 0x0) [ 479.143828][T16791] binder: 16790:16791 transaction failed 29201/-22, size 0-8 line 3241 [ 479.165815][T16795] binder: 16794:16795 transaction failed 29201/-28, size 0-12288 line 3147 08:48:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 479.190347][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 479.214276][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:11 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xffffff90, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 479.267368][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x1000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:11 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x3f00000000000000]}, 0x48) 08:48:11 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 479.366432][T16817] binder: 16815:16817 transaction failed 29201/-22, size 0-8 line 3241 [ 479.404530][T16824] binder: 16820:16824 transaction failed 29201/-28, size 0-12288 line 3147 08:48:11 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x1000000000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 479.418425][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 479.447819][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x4000000000000000]}, 0x48) 08:48:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x2000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:12 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x30000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:12 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x100000000000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 479.584521][T16840] binder: 16834:16840 transaction failed 29201/-22, size 0-8 line 3241 08:48:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x3000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x80ffffff00000000]}, 0x48) [ 479.649106][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 479.668267][T16848] binder: 16843:16848 transaction failed 29201/-28, size 0-12288 line 3147 [ 479.691054][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:12 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:12 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x200000000000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 479.803448][T16861] binder: 16860:16861 transaction failed 29201/-22, size 0-8 line 3241 08:48:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x90ffffff00000000]}, 0x48) 08:48:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x7000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:12 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 479.883816][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x68000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:12 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x300000000000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xff00000000000000]}, 0x48) 08:48:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xa000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:12 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:12 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x700000000000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:48:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x3f000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:12 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:12 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xa00000000000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x2]}, 0x48) 08:48:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x40000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x4000000000000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3]}, 0x48) 08:48:13 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x80ffffff, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x7]}, 0x48) 08:48:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x80ffffff00000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:13 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x90ffffff, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xa]}, 0x48) 08:48:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:13 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xff000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x90ffffff00000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:13 executing program 1 (fault-call:0 fault-nth:0): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x300]}, 0x48) [ 481.116102][T16991] FAULT_INJECTION: forcing a failure. [ 481.116102][T16991] name failslab, interval 1, probability 0, space 0, times 0 [ 481.170308][T16999] binder_alloc_new_buf_locked: 13 callbacks suppressed [ 481.170320][T16999] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 481.178021][T16991] CPU: 1 PID: 16991 Comm: syz-executor.1 Not tainted 5.1.0-rc2+ #37 [ 481.194030][T16991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 481.194037][T16991] Call Trace: [ 481.194072][T16991] dump_stack+0x172/0x1f0 [ 481.194091][T16991] should_fail.cold+0xa/0x15 [ 481.194107][T16991] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 481.194124][T16991] ? ___might_sleep+0x163/0x280 [ 481.194142][T16991] __should_failslab+0x121/0x190 [ 481.194169][T16991] should_failslab+0x9/0x14 [ 481.194193][T16991] kmem_cache_alloc_node_trace+0x270/0x720 [ 481.242303][T16991] ? preempt_count_add+0xbc/0x1b0 [ 481.247349][T16991] ? prep_new_page+0x1fb/0x300 [ 481.252138][T16991] __get_vm_area_node+0x12b/0x3a0 [ 481.257194][T16991] __vmalloc_node_range+0xd4/0x790 [ 481.262318][T16991] ? bpf_prog_alloc_no_stats+0x6b/0x2b0 [ 481.267901][T16991] __vmalloc+0x44/0x50 [ 481.271998][T16991] ? bpf_prog_alloc_no_stats+0x6b/0x2b0 [ 481.277570][T16991] bpf_prog_alloc_no_stats+0x6b/0x2b0 [ 481.282961][T16991] bpf_prog_alloc+0x31/0x230 [ 481.287574][T16991] ? strncpy_from_user+0x2a8/0x380 [ 481.292711][T16991] bpf_prog_load+0x4fc/0x14a0 [ 481.297417][T16991] ? bpf_prog_new_fd+0x60/0x60 [ 481.302218][T16991] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 481.308500][T16991] ? security_bpf+0x91/0xc0 [ 481.313023][T16991] __do_sys_bpf+0x117a/0x3e50 [ 481.313044][T16991] ? bpf_prog_load+0x14a0/0x14a0 [ 481.313068][T16991] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 481.328346][T16991] ? wait_for_completion+0x440/0x440 [ 481.333665][T16991] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 481.340009][T16991] ? fput_many+0x12c/0x1a0 [ 481.344451][T16991] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 481.344470][T16991] ? do_fast_syscall_32+0xd1/0xc98 [ 481.344486][T16991] ? entry_SYSENTER_compat+0x70/0x7f [ 481.344507][T16991] ? do_fast_syscall_32+0xd1/0xc98 [ 481.365481][T16991] __ia32_sys_bpf+0x72/0xb0 [ 481.370003][T16991] do_fast_syscall_32+0x281/0xc98 [ 481.375069][T16991] entry_SYSENTER_compat+0x70/0x7f [ 481.380192][T16991] RIP: 0023:0xf7f82869 [ 481.384278][T16991] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 481.403985][T16991] RSP: 002b:00000000f5d7e0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 481.412413][T16991] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000180 08:48:13 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xffffff80, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xff00000000000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:13 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xffffff90, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x700]}, 0x48) [ 481.420409][T16991] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 481.428403][T16991] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 481.436391][T16991] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 481.444376][T16991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 481.452004][T16999] binder_alloc_new_buf_locked: 13 callbacks suppressed [ 481.452021][T16999] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:14 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x2, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 481.478102][T16991] syz-executor.1: vmalloc: allocation failure: 4096 bytes, mode:0x100dc0(GFP_USER|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 08:48:14 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x1000000000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 481.537625][T16991] CPU: 1 PID: 16991 Comm: syz-executor.1 Not tainted 5.1.0-rc2+ #37 [ 481.545667][T16991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 481.545674][T16991] Call Trace: [ 481.545701][T16991] dump_stack+0x172/0x1f0 [ 481.545721][T16991] warn_alloc.cold+0x87/0x17f [ 481.545748][T16991] ? zone_watermark_ok_safe+0x260/0x260 [ 481.573679][T16991] ? rcu_read_lock_sched_held+0x110/0x130 [ 481.579437][T16991] ? __get_vm_area_node+0x2df/0x3a0 [ 481.584765][T16991] __vmalloc_node_range+0x48a/0x790 [ 481.590087][T16991] __vmalloc+0x44/0x50 [ 481.594174][T16991] ? bpf_prog_alloc_no_stats+0x6b/0x2b0 [ 481.599744][T16991] bpf_prog_alloc_no_stats+0x6b/0x2b0 [ 481.605146][T16991] bpf_prog_alloc+0x31/0x230 [ 481.609763][T16991] ? strncpy_from_user+0x2a8/0x380 [ 481.614914][T16991] bpf_prog_load+0x4fc/0x14a0 [ 481.619620][T16991] ? bpf_prog_new_fd+0x60/0x60 [ 481.624444][T16991] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 481.624461][T16991] ? security_bpf+0x91/0xc0 [ 481.624478][T16991] __do_sys_bpf+0x117a/0x3e50 [ 481.624497][T16991] ? bpf_prog_load+0x14a0/0x14a0 [ 481.624521][T16991] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 481.650613][T16991] ? wait_for_completion+0x440/0x440 [ 481.655940][T16991] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 481.662205][T16991] ? fput_many+0x12c/0x1a0 [ 481.666643][T16991] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 481.672128][T16991] ? do_fast_syscall_32+0xd1/0xc98 [ 481.677262][T16991] ? entry_SYSENTER_compat+0x70/0x7f [ 481.677278][T16991] ? do_fast_syscall_32+0xd1/0xc98 [ 481.677299][T16991] __ia32_sys_bpf+0x72/0xb0 [ 481.677317][T16991] do_fast_syscall_32+0x281/0xc98 [ 481.677336][T16991] entry_SYSENTER_compat+0x70/0x7f [ 481.677349][T16991] RIP: 0023:0xf7f82869 [ 481.677363][T16991] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 481.677370][T16991] RSP: 002b:00000000f5d7e0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 481.677383][T16991] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000180 [ 481.677390][T16991] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 481.677398][T16991] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 481.677405][T16991] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 481.677412][T16991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 481.714130][T16991] Mem-Info: [ 481.751899][T16991] active_anon:183852 inactive_anon:37057 isolated_anon:0 [ 481.751899][T16991] active_file:7545 inactive_file:38644 isolated_file:0 [ 481.751899][T16991] unevictable:0 dirty:75 writeback:0 unstable:0 [ 481.751899][T16991] slab_reclaimable:12554 slab_unreclaimable:110565 [ 481.751899][T16991] mapped:58393 shmem:68669 pagetables:4738 bounce:0 [ 481.751899][T16991] free:1132525 free_pcp:626 free_cma:0 [ 481.776866][T16991] Node 0 active_anon:733292kB inactive_anon:148228kB active_file:30040kB inactive_file:154576kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:233572kB dirty:300kB writeback:0kB shmem:274676kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 548864kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 481.826021][T16991] Node 1 active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 481.906802][T16991] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 481.943501][T16991] lowmem_reserve[]: 0 2553 2555 2555 [ 481.949555][T16991] Node 0 DMA32 free:731432kB min:36232kB low:45288kB high:54344kB active_anon:733492kB inactive_anon:148228kB active_file:30040kB inactive_file:154576kB unevictable:0kB writepending:300kB present:3129332kB managed:2617996kB mlocked:0kB kernel_stack:12256kB pagetables:18804kB bounce:0kB free_pcp:1996kB local_pcp:1300kB free_cma:0kB [ 481.981902][T16991] lowmem_reserve[]: 0 0 2 2 [ 481.986548][T16991] Node 0 Normal free:8kB min:28kB low:32kB high:36kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:2204kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 482.014266][T16991] lowmem_reserve[]: 0 0 0 0 [ 482.019191][T16991] Node 1 Normal free:3785400kB min:53624kB low:67028kB high:80432kB active_anon:0kB inactive_anon:0kB active_file:140kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870184kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 482.047813][T16991] lowmem_reserve[]: 0 0 0 0 [ 482.052363][T16991] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 482.066728][T16991] Node 0 DMA32: 2930*4kB (UME) 937*8kB (UME) 674*16kB (UME) 549*32kB (UME) 425*64kB (UME) 16*128kB (UM) 7*256kB (UM) 7*512kB (UME) 5*1024kB (ME) 3*2048kB (UM) 156*4096kB (M) = 732432kB [ 482.085604][T16991] Node 0 Normal: 0*4kB 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 482.097423][T16991] Node 1 Normal: 72*4kB (UE) 259*8kB (UE) 238*16kB (UE) 65*32kB (UM) 16*64kB (UME) 7*128kB (UE) 7*256kB (UME) 6*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 919*4096kB (M) = 3785400kB [ 482.115117][T16991] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 482.124812][T16991] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 482.134165][T16991] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 482.143872][T16991] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 482.153327][T16991] 114859 total pagecache pages 08:48:14 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xa00]}, 0x48) 08:48:14 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x3, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:14 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x100000000000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 482.158165][T16991] 0 pages in swap cache [ 482.162464][T16991] Swap cache stats: add 0, delete 0, find 0/0 [ 482.168625][T16991] Free swap = 0kB [ 482.172368][T16991] Total swap = 0kB [ 482.176125][T16991] 1965979 pages RAM [ 482.180022][T16991] 0 pages HighMem/MovableOnly [ 482.184709][T16991] 339406 pages reserved [ 482.189015][T16991] 0 pages cma reserved 08:48:14 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x7, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 482.235460][T17033] binder_transaction: 12 callbacks suppressed [ 482.235474][T17033] binder: 17025:17033 got transaction with invalid offset (0, min 0 max 0) or object. [ 482.255071][T17035] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:14 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x200000000000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3f00]}, 0x48) [ 482.307786][T17035] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) 08:48:14 executing program 1: bpf$PROG_LOAD(0x2, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:14 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:14 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xa, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:48:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x300000000000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:15 executing program 1: bpf$PROG_LOAD(0x3, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 482.537650][T17060] binder: 17059:17060 got transaction with invalid offset (0, min 0 max 0) or object. [ 482.570438][T17063] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:15 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x300, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:15 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xff00]}, 0x48) [ 482.589868][T17063] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) 08:48:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x700000000000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:15 executing program 1: bpf$PROG_LOAD(0x4, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:15 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x700, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:15 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:48:15 executing program 1: bpf$PROG_LOAD(0x6, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 482.819220][T17088] binder: 17087:17088 got transaction with invalid offset (0, min 0 max 0) or object. [ 482.840503][T17088] binder: 17087:17088 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xa00000000000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:15 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xa00, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:15 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:48:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:15 executing program 1: bpf$PROG_LOAD(0x7, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 483.053974][T17208] binder: 17205:17208 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:15 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x4000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:15 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3000000]}, 0x48) 08:48:15 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x4000000000000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:15 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xff00, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 483.221416][T17223] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:15 executing program 1: bpf$PROG_LOAD(0x8, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 483.286108][T17223] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x80ffffff00000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 483.333045][T17226] binder: 17225:17226 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:15 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x7000000]}, 0x48) [ 483.394380][T17226] binder: 17225:17226 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:15 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x1000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 483.450476][T17241] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:16 executing program 1: bpf$PROG_LOAD(0x9, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:16 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x90ffffff00000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 483.505129][T17241] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) 08:48:16 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x2000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xa000000]}, 0x48) 08:48:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:16 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xff00000000000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 483.656345][T17260] binder: 17259:17260 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:16 executing program 1: bpf$PROG_LOAD(0xa, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:16 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x3000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3f000000]}, 0x48) [ 483.743105][T17268] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 483.808925][T17268] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:16 executing program 1: bpf$PROG_LOAD(0xb, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:16 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x7000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x40000000]}, 0x48) 08:48:16 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 483.889265][T17281] binder: 17280:17281 got transaction with invalid offset (0, min 0 max 0) or object. [ 483.925692][T17281] binder_transaction: 31 callbacks suppressed [ 483.925709][T17281] binder: 17280:17281 transaction failed 29201/-22, size 0-8 line 3241 08:48:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:16 executing program 1: bpf$PROG_LOAD(0xc, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 483.993928][ T7777] binder_release_work: 31 callbacks suppressed [ 483.993937][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 484.023811][T17295] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x80ffffff]}, 0x48) 08:48:16 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x2, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:16 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xa000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 484.135869][T17295] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:16 executing program 1: bpf$PROG_LOAD(0xd, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:16 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x3, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:16 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x40000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 484.201616][T17305] binder: 17304:17305 got transaction with invalid offset (0, min 0 max 0) or object. [ 484.212750][T17295] binder: 17294:17295 transaction failed 29201/-28, size 0-12288 line 3147 [ 484.223890][T17305] binder: 17304:17305 transaction failed 29201/-22, size 0-8 line 3241 [ 484.242899][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x90ffffff]}, 0x48) 08:48:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:16 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 484.303836][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:16 executing program 1: bpf$PROG_LOAD(0xe, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 484.363727][T17322] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:16 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x80ffffff, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 484.434072][T17322] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) [ 484.459875][T17322] binder: 17319:17322 transaction failed 29201/-28, size 0-12288 line 3147 [ 484.459908][T17333] binder: 17326:17333 transaction failed 29201/-22, size 0-8 line 3241 08:48:17 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xff000000]}, 0x48) 08:48:17 executing program 1: bpf$PROG_LOAD(0xf, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:17 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x7, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 484.493243][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:17 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x90ffffff, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 484.596411][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:17 executing program 1: bpf$PROG_LOAD(0x10, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:17 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xa, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:17 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xffffff80]}, 0x48) [ 484.651390][T17348] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:17 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xff000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 484.727430][T17348] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:17 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x300, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 484.785026][T17357] binder: 17356:17357 transaction failed 29201/-22, size 0-8 line 3241 [ 484.795453][T17348] binder: 17347:17348 transaction failed 29201/-28, size 0-12288 line 3147 08:48:17 executing program 1: bpf$PROG_LOAD(0x11, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:17 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xffffff90]}, 0x48) [ 484.834654][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 484.850502][T17348] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 484.853816][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:17 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xffffff80, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 484.936878][T17348] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) [ 484.974406][T17348] binder: 17347:17348 transaction failed 29201/-28, size 0-12288 line 3147 [ 484.983680][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 484.990504][T17381] binder: 17377:17381 transaction failed 29201/-22, size 0-8 line 3241 08:48:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:17 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x700, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:17 executing program 1: bpf$PROG_LOAD(0x12, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:17 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:48:17 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xffffff90, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 485.074049][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:17 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xa00, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:17 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:48:17 executing program 1: bpf$PROG_LOAD(0x13, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 485.173898][T17394] binder: 17392:17394 transaction failed 29201/-28, size 0-12288 line 3147 [ 485.245418][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:17 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:48:17 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x3f00, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:17 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x1000000000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:17 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:18 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x100000000000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:18 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x4000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:18 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x300000000000000]}, 0x48) 08:48:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:18 executing program 1: bpf$PROG_LOAD(0x14, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:18 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xff00, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:18 executing program 1: bpf$PROG_LOAD(0x15, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:18 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x700000000000000]}, 0x48) 08:48:18 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x200000000000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:18 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x2, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:18 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xa00000000000000]}, 0x48) 08:48:18 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x300000000000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:18 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x1000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:18 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x48) 08:48:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:18 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x2000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:18 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:18 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x700000000000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:18 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x3000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:18 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x9, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:18 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xa00000000000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:18 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) [ 486.303019][T17510] binder_alloc_new_buf_locked: 7 callbacks suppressed [ 486.303030][T17510] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:18 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x7000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:18 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:18 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:18 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x4000000000000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:18 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x80ffffff00000000]}, 0x48) 08:48:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:19 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x80ffffff00000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:19 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x16, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 486.605759][T17536] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 486.640613][T17536] binder_alloc_new_buf_locked: 8 callbacks suppressed 08:48:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:19 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xa000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:19 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x90ffffff00000000]}, 0x48) [ 486.640631][T17536] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:19 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x90ffffff00000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:19 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x9100, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:19 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x3f000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:19 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xff00000000000000]}, 0x48) 08:48:19 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xff00000000000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:19 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x18d1cd, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 486.970179][T17597] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:19 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xffffff1f, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:19 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x40000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:19 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) [ 487.023903][T17597] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:19 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:19 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x14, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:19 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x80ffffff, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:19 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) 08:48:19 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x2, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:19 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x90ffffff, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 487.328179][T17708] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:19 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x2, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 487.381585][T17708] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:19 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x3, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:19 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3]}, 0x48) [ 487.448933][T17711] binder_transaction: 16 callbacks suppressed [ 487.448951][T17711] binder: 17710:17711 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xff000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:20 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x3, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:20 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x7, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x7]}, 0x48) 08:48:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 487.613305][T17730] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:20 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xa, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xa]}, 0x48) 08:48:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xffffff80, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:20 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x4, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 487.701814][T17730] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) [ 487.738519][T17740] binder: 17739:17740 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x300]}, 0x48) 08:48:20 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x300, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xffffff90, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:20 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x6, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 487.984906][T17773] binder: 17770:17773 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x700]}, 0x48) 08:48:20 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x700, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x1000000000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:20 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:20 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x7, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x48) 08:48:20 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xa00, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x100000000000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 488.230774][T17892] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:20 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x8, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 488.307745][T17892] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) [ 488.334200][T17894] binder: 17893:17894 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3f00]}, 0x48) 08:48:20 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x4000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:20 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x200000000000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 488.507150][T17916] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:21 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x9, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:21 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) [ 488.597088][T17916] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x300000000000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:21 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xff00, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 488.687753][T17921] binder: 17920:17921 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:21 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xa, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:21 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x1000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x700000000000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:21 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xff00]}, 0x48) [ 488.907822][T17940] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xa00000000000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:21 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xb, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:21 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x2000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 488.975798][T17940] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:21 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:48:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 489.107339][T17940] binder_transaction: 31 callbacks suppressed [ 489.107358][T17940] binder: 17939:17940 transaction failed 29201/-28, size 0-12288 line 3147 [ 489.109904][T17947] binder: 17946:17947 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:21 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x3000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 489.198100][ T7775] binder_release_work: 31 callbacks suppressed [ 489.198107][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 489.198128][T17940] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 489.246810][T17940] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) [ 489.266898][T17940] binder: 17939:17940 transaction failed 29201/-28, size 0-12288 line 3147 [ 489.311933][T17947] binder: 17946:17947 transaction failed 29201/-22, size 0-8 line 3241 [ 489.351043][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:21 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:48:21 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xc, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 489.394489][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:21 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x4000000000000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:22 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x7000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x48) 08:48:22 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xa000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 489.523309][T17983] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 489.562785][T17983] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:22 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xd, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:22 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x80ffffff00000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 489.630676][T17983] binder: 17979:17983 transaction failed 29201/-28, size 0-12288 line 3147 [ 489.630718][T17987] binder: 17986:17987 got transaction with invalid offset (0, min 0 max 0) or object. [ 489.681292][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 489.705157][T17987] binder: 17986:17987 transaction failed 29201/-22, size 0-8 line 3241 08:48:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x48) 08:48:22 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xe, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:22 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x40000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 489.733078][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:22 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x90ffffff00000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x48) [ 489.862333][T18010] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:22 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x80ffffff, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:22 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xff00000000000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:22 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0xf, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 489.976007][T18017] binder: 18016:18017 got transaction with invalid offset (0, min 0 max 0) or object. [ 490.002301][T18010] binder: 18009:18010 transaction failed 29201/-28, size 0-12288 line 3147 08:48:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x48) 08:48:22 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:22 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x90ffffff, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 490.029752][T18017] binder: 18016:18017 transaction failed 29201/-22, size 0-8 line 3241 [ 490.056810][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 490.066024][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:22 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x10, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 490.191873][T18037] binder: 18036:18037 transaction failed 29201/-28, size 0-12288 line 3147 08:48:22 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xff000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) [ 490.241719][T18045] binder: 18044:18045 got transaction with invalid offset (0, min 0 max 0) or object. [ 490.252872][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:22 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x2, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:22 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x11, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 490.339763][T18045] binder: 18044:18045 transaction failed 29201/-22, size 0-8 line 3241 [ 490.386886][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 490.395709][T18061] binder: 18059:18061 transaction failed 29201/-28, size 0-12288 line 3147 08:48:22 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xffffff80, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:22 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:22 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x80ffffff]}, 0x48) [ 490.443494][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x3, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 490.546388][T18073] binder: 18067:18073 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:23 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x12, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:23 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xffffff90, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:23 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x90ffffff]}, 0x48) 08:48:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x7, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:23 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x1000000000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xa, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:23 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xff000000]}, 0x48) 08:48:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:23 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x13, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:23 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x100000000000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:23 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffff80]}, 0x48) 08:48:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x300, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:23 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x14, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:23 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x200000000000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:23 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffff90]}, 0x48) 08:48:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x700, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:23 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x15, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:23 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x300000000000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:23 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) [ 491.316065][T18151] binder_alloc_new_buf_locked: 9 callbacks suppressed [ 491.316076][T18151] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:23 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x2, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:23 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:23 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xa00, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:23 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x700000000000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:24 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:48:24 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x4000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x3f00, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:24 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xa00000000000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 491.593323][T18175] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x4000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 491.646797][T18175] binder_alloc_new_buf_locked: 9 callbacks suppressed [ 491.646815][T18175] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:24 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:48:24 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x1000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:24 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x4000000000000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xff00, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:24 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x2000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:24 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x48) 08:48:24 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x80ffffff00000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x1000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:24 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x40000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:24 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x90ffffff00000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 492.039007][T18219] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:24 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x1000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:24 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x48) [ 492.124226][T18219] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x2000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:24 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:24 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xff00000000000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:24 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x100000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:24 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x48) [ 492.327999][T18245] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:24 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x3000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 492.382534][T18245] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:24 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x200000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:24 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x48) [ 492.450987][T18245] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:25 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0xffffff85, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 492.515839][T18245] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:25 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x4000000000000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x7000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 492.575535][T18271] binder_transaction: 15 callbacks suppressed [ 492.575549][T18271] binder: 18268:18271 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:25 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 08:48:25 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x100000, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:25 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0xffffffff00000000, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:25 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000]}, 0x48) [ 492.746425][T18287] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xa000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:25 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x53}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 492.839537][T18287] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:25 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x2, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 492.898902][T18294] binder: 18293:18294 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x3f000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 493.066707][T18309] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 493.104450][T18309] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:25 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x58}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:25 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x4000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:25 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x90ffffff00000000]}, 0x48) [ 493.135259][T18312] binder: 18311:18312 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x40000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 493.217168][T18312] binder: 18311:18312 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:25 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xff00000000000000]}, 0x48) 08:48:25 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x70}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 493.305103][T18329] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:25 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x1000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:25 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x80ffffff, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 493.345212][T18329] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) 08:48:25 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:25 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0xa3}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 493.443070][T18329] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 493.470039][T18329] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:26 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) [ 493.514992][T18345] binder: 18341:18345 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:26 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x2000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:26 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x90ffffff, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:26 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x200001c8}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:26 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) 08:48:26 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x40000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 493.694048][T18365] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:26 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xff000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 493.765152][T18365] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) [ 493.803827][T18367] binder: 18366:18367 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:26 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x2}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:26 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x48) 08:48:26 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x1000000000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:26 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xffffff80, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:26 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x48) 08:48:26 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x100000000000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 494.001925][T18392] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:26 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x3}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 494.061558][T18398] binder: 18395:18398 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:26 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xffffff90, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 494.120234][T18398] binder_transaction: 39 callbacks suppressed [ 494.120252][T18398] binder: 18395:18398 transaction failed 29201/-22, size 0-8 line 3241 08:48:26 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}, 0x48) 08:48:26 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x7}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:26 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x200000000000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 494.192459][T18412] binder: 18411:18412 transaction failed 29201/-28, size 0-12288 line 3147 08:48:26 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x1000000000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:26 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 494.266304][ T7775] binder_release_work: 40 callbacks suppressed [ 494.266311][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:26 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x48) 08:48:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:26 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x4000000000000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 494.385476][T18426] binder: 18425:18426 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:26 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x100000000000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 494.449595][T18434] binder: 18432:18434 transaction failed 29201/-28, size 0-12288 line 3147 08:48:27 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0xa}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 494.493950][T18434] binder: 18432:18434 transaction failed 29201/-28, size 0-12288 line 3147 [ 494.504519][T18426] binder: 18425:18426 transaction failed 29201/-22, size 0-8 line 3241 [ 494.527408][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:27 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x48) 08:48:27 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x200000000000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 494.541746][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 494.584385][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:27 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 494.694644][T18455] binder: 18454:18455 got transaction with invalid offset (0, min 0 max 0) or object. [ 494.707484][T18452] binder: 18451:18452 transaction failed 29201/-28, size 0-12288 line 3147 08:48:27 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x48) 08:48:27 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x300}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:27 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x300000000000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 494.742755][T18455] binder: 18454:18455 transaction failed 29201/-22, size 0-8 line 3241 [ 494.759215][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:27 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x2, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 494.826931][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:27 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x700}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:27 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}, 0x48) [ 494.905835][T18472] binder: 18468:18472 transaction failed 29201/-28, size 0-12288 line 3147 08:48:27 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x700000000000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:27 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x4000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 494.967617][T18477] binder: 18475:18477 got transaction with invalid offset (0, min 0 max 0) or object. [ 494.990458][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:27 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0xa00}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 495.047184][T18477] binder: 18475:18477 transaction failed 29201/-22, size 0-8 line 3241 08:48:27 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:48:27 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xa00000000000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 495.100093][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:27 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x1000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 495.163143][T18497] binder: 18491:18497 transaction failed 29201/-28, size 0-12288 line 3147 08:48:27 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xff00]}, 0x48) 08:48:27 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x4000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 495.227343][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 495.261148][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:27 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:27 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:27 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x2000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:27 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:48:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0xff00}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:28 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x40000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x4000000000000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:28 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:48:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:28 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x1000000000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x1000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x2000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:28 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x48) 08:48:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x80ffffff00000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:28 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x100000000000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:28 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x48) 08:48:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x90ffffff00000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x3000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:28 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x200000000000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:28 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x48) 08:48:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:28 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x4000000000000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xff00000000000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x7000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 496.322724][T18706] binder_alloc_new_buf_locked: 13 callbacks suppressed [ 496.322735][T18706] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:28 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:28 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0xffffffff00000000, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:28 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x48) 08:48:28 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0xa000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:28 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:29 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0xffffff85, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:29 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) [ 496.538241][T18727] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:29 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x2, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:29 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x40000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:29 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x4000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:29 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff]}, 0x48) 08:48:29 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x100000, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:29 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x80ffffff}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 496.759361][T18751] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:29 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x1000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 496.844287][T18751] binder_alloc_new_buf_locked: 14 callbacks suppressed [ 496.844305][T18751] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:29 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff]}, 0x48) [ 496.917403][T18751] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:29 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x30}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:29 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x90ffffff}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 496.961455][T18751] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:29 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x2000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:29 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000]}, 0x48) 08:48:29 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x43}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:29 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x40000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:29 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0xff000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 497.181129][T18788] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:29 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff80]}, 0x48) [ 497.269063][T18788] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:29 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:29 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0xffffff80}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:29 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x1000000000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:29 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:30 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff90]}, 0x48) [ 497.470349][T18818] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:30 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x100000000000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:30 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0xffffff90}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 497.515953][T18818] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x4b}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:30 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) [ 497.605341][T18827] binder_transaction: 18 callbacks suppressed [ 497.605357][T18827] binder: 18826:18827 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:30 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x1000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:30 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x200000000000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:30 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:48:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x4c}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 497.789724][T18846] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:30 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x100000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 497.836919][T18846] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:30 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x4000000000000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x4f}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:30 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) [ 497.888288][T18854] binder: 18853:18854 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:30 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x200000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 498.029241][T18869] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 498.064479][T18869] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:30 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x48) 08:48:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x50}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:30 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0xffffffff00000000, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 498.100348][T18872] binder: 18871:18872 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:30 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x300000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:30 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:30 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x48) [ 498.263367][T18886] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x53}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:30 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x100000, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 498.316357][T18886] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:30 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x700000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 498.376943][T18893] binder: 18892:18893 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:30 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x5c}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:30 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x70}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:30 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x48) 08:48:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:31 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0xa00000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 498.555199][T18916] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:31 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x48) 08:48:31 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x83}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 498.597831][T18916] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:31 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x200001c8}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:31 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x4000000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:31 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) [ 498.744376][T18918] binder: 18914:18918 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:31 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x2}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:31 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x8c}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:31 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x80ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 498.894914][T18946] binder: 18942:18946 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:31 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000]}, 0x48) 08:48:31 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x4000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 498.957528][T18953] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:31 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x90ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:31 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x8f}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 499.037270][T18953] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:31 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x1000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:31 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff00000000]}, 0x48) [ 499.107284][T18964] binder: 18961:18964 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:31 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x90}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 499.169401][T18964] binder_transaction: 42 callbacks suppressed [ 499.169419][T18964] binder: 18961:18964 transaction failed 29201/-22, size 0-8 line 3241 08:48:31 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0xff00000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:31 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 499.259840][T18978] binder: 18977:18978 transaction failed 29201/-28, size 0-12288 line 3147 08:48:31 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0xffffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:31 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000]}, 0x48) [ 499.319607][ T7775] binder_release_work: 42 callbacks suppressed [ 499.319615][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:31 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x97}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:31 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x2000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 499.377566][T18988] binder: 18987:18988 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:32 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x1018}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 499.456130][T18988] binder: 18987:18988 transaction failed 29201/-22, size 0-8 line 3241 [ 499.490210][T18988] binder: 18987:18988 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:32 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:48:32 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x9f}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 499.507472][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 499.510189][T19001] binder: 18998:19001 transaction failed 29201/-28, size 0-12288 line 3147 [ 499.537848][T18988] binder: 18987:18988 transaction failed 29201/-22, size 0-8 line 3241 08:48:32 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x40000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 499.570196][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 499.600147][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:32 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) 08:48:32 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x2}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:32 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0xa0}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:32 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x1000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 499.743654][T19020] binder: 19016:19020 got transaction with invalid offset (0, min 0 max 0) or object. [ 499.810336][T19028] binder: 19027:19028 transaction failed 29201/-28, size 0-12288 line 3147 [ 499.829269][T19020] binder: 19016:19020 transaction failed 29201/-22, size 0-8 line 3241 08:48:32 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x48) 08:48:32 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x3}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 499.854926][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:32 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0xa3}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:32 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x100000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 499.886180][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:32 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0xa8}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:32 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x200000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:32 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x48) 08:48:32 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x7}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 500.046996][T19047] binder: 19046:19047 transaction failed 29201/-22, size 0-8 line 3241 [ 500.077358][T19049] binder: 19048:19049 transaction failed 29201/-28, size 0-12288 line 3147 [ 500.080469][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 500.157092][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:32 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0xa}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:32 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0xaf}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:32 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0x4000000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:32 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}, 0x48) [ 500.263085][T19066] binder: 19065:19066 transaction failed 29201/-22, size 0-8 line 3241 08:48:32 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 500.342285][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:32 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x300}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:32 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x2}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:33 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x3}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 500.532716][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:33 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x48) 08:48:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:33 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x700}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:33 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48, 0xffffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:33 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x2}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:33 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x7}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:33 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0xa00}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:33 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x48) 08:48:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:33 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x4000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:33 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x48) 08:48:33 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0xa}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:33 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x4000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:33 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x1000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:33 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}, 0x48) 08:48:33 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x300}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:33 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0xff00}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:33 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x2000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:33 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x700}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:33 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:48:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:33 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x1000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:33 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00]}, 0x48) 08:48:33 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x40000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:33 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 501.424947][T19175] binder_alloc_new_buf_locked: 13 callbacks suppressed [ 501.424958][T19175] binder_alloc: 2152: binder_alloc_buf size 12296 failed, no address space 08:48:33 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0xa00}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:48:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:34 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x2000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:34 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x3f00}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:34 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x1000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:34 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x3000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:34 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x4000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 501.712507][T19205] binder_alloc: 2152: binder_alloc_buf size 12296 failed, no address space 08:48:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:48:34 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x100000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:34 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x7000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:34 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0xff00}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x48) 08:48:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:34 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x200000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 501.954136][T19228] binder_alloc: 2152: binder_alloc_buf size 12296 failed, no address space [ 501.972697][T19228] binder_alloc_new_buf_locked: 13 callbacks suppressed [ 501.972716][T19228] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:34 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0xa000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x48) 08:48:34 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x1000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:34 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x4000000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:34 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x40000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 502.185847][T19228] binder_alloc: 2152: binder_alloc_buf size 12296 failed, no address space [ 502.264560][T19228] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:34 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0xffffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:34 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x2000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:34 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x80ffffff}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x48) 08:48:34 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:34 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x2}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:35 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x90ffffff}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 502.487094][T19274] binder_alloc: 2152: binder_alloc_buf size 12312 failed, no address space 08:48:35 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x3000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 502.527397][T19274] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:35 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x48) 08:48:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 502.613936][T19284] binder_transaction: 16 callbacks suppressed [ 502.613949][T19284] binder: 19283:19284 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:35 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x4000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 502.660624][T19284] binder: 19283:19284 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:35 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x7000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:35 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0xff000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 502.736201][T19296] binder_alloc: 2152: binder_alloc_buf size 12336 failed, no address space 08:48:35 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x1000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:35 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) [ 502.808843][T19296] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) 08:48:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:35 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0xffffff80}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:35 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0xa000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:35 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff]}, 0x48) 08:48:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:35 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x2000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 503.017970][T19318] binder: 19314:19318 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:35 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x3f000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:35 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0xffffff90}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:35 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff]}, 0x48) [ 503.066127][T19325] binder_alloc: 2152: binder_alloc_buf size 12360 failed, no address space [ 503.087312][T19325] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) 08:48:35 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x40000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:35 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:35 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x1000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 503.276930][T19341] binder: 19340:19341 got transaction with invalid offset (0, min 0 max 0) or object. [ 503.277198][T19344] binder_alloc: 2152: binder_alloc_buf size 12368 failed, no address space 08:48:35 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x1000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:35 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x40000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:35 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000]}, 0x48) 08:48:35 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x100000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 503.418739][T19344] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) 08:48:35 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x100000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:35 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x200000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x80ffffff}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff80]}, 0x48) [ 503.490457][T19341] binder: 19340:19341 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x90ffffff}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:36 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x300000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff90]}, 0x48) 08:48:36 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x200000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 503.654392][T19375] binder_alloc: 2152: binder_alloc_buf size 12392 failed, no address space [ 503.732482][T19375] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0xff000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:48:36 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x4000000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:36 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x700000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 503.787131][T19384] binder: 19381:19384 got transaction with invalid offset (0, min 0 max 0) or object. [ 503.820880][T19375] binder_alloc: 2152: binder_alloc_buf size 12392 failed, no address space 08:48:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0xffffff80}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 503.875839][T19375] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) 08:48:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:48:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:36 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0xffffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:36 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0xa00000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0xffffff90}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:48:36 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x2}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 504.138977][T19420] binder: 19415:19420 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:36 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x4000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:36 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x4000000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x48) [ 504.205683][T19420] binder_transaction: 37 callbacks suppressed [ 504.205704][T19420] binder: 19415:19420 transaction failed 29201/-22, size 0-8 line 3241 08:48:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x1000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:36 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x48) 08:48:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:36 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:36 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x80ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:36 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x1000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:36 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x100000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:37 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x90ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:37 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x200000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:37 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x48) [ 504.482034][T19555] binder: 19554:19555 got transaction with invalid offset (0, min 0 max 0) or object. [ 504.511167][T19559] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) 08:48:37 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x2000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 504.581122][T19555] binder: 19554:19555 transaction failed 29201/-22, size 0-8 line 3241 [ 504.590333][T19559] binder: 19552:19559 transaction failed 29201/-28, size 116-12288 line 3147 [ 504.625695][ T7775] binder_release_work: 37 callbacks suppressed [ 504.625702][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:37 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0xff00000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:37 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x40000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 504.676861][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:37 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x300000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:37 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x48) 08:48:37 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x1000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:37 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0xffffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 504.834985][T19587] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:37 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x700000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:37 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) [ 504.882606][T19589] binder: 19588:19589 got transaction with invalid offset (0, min 0 max 0) or object. [ 504.903579][T19587] binder: 19586:19587 transaction failed 29201/-28, size 122-12288 line 3147 08:48:37 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x100000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 504.966811][T19589] binder: 19588:19589 transaction failed 29201/-22, size 0-8 line 3241 [ 504.987373][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:37 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0xa00000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 505.026776][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:37 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x2}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:37 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000]}, 0x48) [ 505.122085][T19613] binder: 19611:19613 transaction failed 29201/-28, size 768-12288 line 3147 08:48:37 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x3f00000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:37 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x200000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 505.174848][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:37 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff00000000]}, 0x48) 08:48:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 505.250768][T19623] binder: 19622:19623 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:37 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x3}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:37 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x4000000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:37 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x4000000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 505.336762][T19623] binder: 19622:19623 transaction failed 29201/-22, size 0-8 line 3241 [ 505.347577][T19635] binder: 19629:19635 transaction failed 29201/-28, size 1280-12288 line 3147 [ 505.372781][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:37 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000]}, 0x48) 08:48:37 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x7}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:37 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:38 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x80ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 505.465273][T19635] binder: 19629:19635 transaction failed 29201/-28, size 1280-12288 line 3147 08:48:38 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0xffffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:38 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0xa}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 505.532728][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 505.554786][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 505.555411][T19651] binder: 19648:19651 transaction failed 29201/-22, size 0-8 line 3241 08:48:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:38 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:48:38 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0x90ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:38 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x02', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 505.691904][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 505.717239][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:38 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) 08:48:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:38 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x300}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:38 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0xff00000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:38 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x48) 08:48:38 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:38 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98, 0xffffffff00000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:38 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x700}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:38 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x48) 08:48:38 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:38 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x1018}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:38 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0xa00}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:38 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x2}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:38 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:38 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}, 0x48) 08:48:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:38 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:38 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:38 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x4000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:38 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x48) [ 506.435037][T19735] binder_alloc_new_buf_locked: 11 callbacks suppressed [ 506.435048][T19735] binder_alloc: 2152: binder_alloc_buf size 28416 failed, no address space 08:48:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x3}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:39 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:39 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x48) 08:48:39 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0xff00}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x7}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:39 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:39 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x48) [ 506.725346][T19765] binder_alloc: 2152: binder_alloc_buf size 30720 failed, no address space 08:48:39 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:39 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}, 0x48) 08:48:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0xa}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:39 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x1000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:39 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x300}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:39 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:39 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x2000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:39 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) [ 506.982477][T19788] binder_alloc: 2152: binder_alloc_buf size 31744 failed, no address space 08:48:39 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 507.067032][T19788] binder_alloc_new_buf_locked: 11 callbacks suppressed [ 507.067049][T19788] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:39 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x3000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x700}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:39 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:39 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00]}, 0x48) 08:48:39 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:39 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 507.274653][T19816] binder_alloc: 2152: binder_alloc_buf size 38912 failed, no address space 08:48:39 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x7000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 507.326126][T19816] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:39 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0xa00}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:39 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) [ 507.380799][T19816] binder_alloc: 2152: binder_alloc_buf size 38912 failed, no address space 08:48:39 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 507.462626][T19816] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:40 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:40 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0xa000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:40 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:48:40 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x3f00}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:40 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x4000, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 507.766314][T19854] binder_transaction: 11 callbacks suppressed [ 507.766330][T19854] binder: 19853:19854 got transaction with invalid offset (0, min 0 max 0) or object. [ 507.773833][T19858] binder_alloc: 2152: binder_alloc_buf size 39936 failed, no address space 08:48:40 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x1000000, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:40 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x40000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:40 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x48) 08:48:40 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x4000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 507.844304][T19858] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) 08:48:40 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x48) 08:48:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:40 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x2000000, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:40 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x80ffffff}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:40 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0xff00}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 508.028789][T19878] binder_alloc: 2152: binder_alloc_buf size 41984 failed, no address space [ 508.062136][T19878] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:40 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x48) [ 508.101039][T19882] binder: 19881:19882 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:40 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:40 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x90ffffff}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:40 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x40000000, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:40 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x1000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:40 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x48) [ 508.266055][T19902] binder_alloc: 2152: binder_alloc_buf size 43520 failed, no address space [ 508.317071][T19902] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:40 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x1000000000000, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:40 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 08:48:40 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x2000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 508.396365][T19903] binder: 19899:19903 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:40 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0xff000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:41 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x100000000000000, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:41 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0xffffff80}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 508.582074][T19929] binder: 19928:19929 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:41 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff]}, 0x48) 08:48:41 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x3000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 508.628498][T19933] binder_alloc: 2152: binder_alloc_buf size 3158016 failed, no address space 08:48:41 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0xffffff90}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:41 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x200000000000000, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:41 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x7000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 508.723511][T19933] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) [ 508.758780][T19929] binder: 19928:19929 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:41 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff]}, 0x48) 08:48:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:41 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x1000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:41 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:41 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0xa000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:41 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000]}, 0x48) [ 508.942689][T19962] binder_alloc: 2152: binder_alloc_buf size 16789504 failed, no address space [ 509.032868][T19962] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:41 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff80]}, 0x48) 08:48:41 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xffffffff00000000, 0x0, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:41 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x100000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 509.076079][T19970] binder: 19969:19970 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:41 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x3f000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:41 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x200000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:41 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x2, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 509.239609][T19988] binder: 19987:19988 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:41 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff90]}, 0x48) [ 509.289101][T19993] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) 08:48:41 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x40000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:41 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x300000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:41 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x4000, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 509.358312][T19988] binder_transaction: 32 callbacks suppressed [ 509.358329][T19988] binder: 19987:19988 transaction failed 29201/-22, size 0-8 line 3241 [ 509.374444][T19993] binder: 19992:19993 transaction failed 29201/-28, size 33554432-12288 line 3147 08:48:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:42 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:48:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x80ffffff}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 509.478730][T19988] binder: 19987:19988 got transaction with invalid offset (0, min 0 max 0) or object. [ 509.557121][T20017] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) [ 509.587832][T20017] binder: 20016:20017 transaction failed 29201/-28, size 50331648-12288 line 3147 [ 509.598078][T19988] binder: 19987:19988 transaction failed 29201/-22, size 0-8 line 3241 08:48:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:42 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x700000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:42 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x1000000, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:42 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:48:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x90ffffff}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 509.627459][ T7777] binder_release_work: 33 callbacks suppressed [ 509.627467][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 509.654082][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:42 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:48:42 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x2000000, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 509.775953][T20038] binder: 20037:20038 got transaction with invalid offset (0, min 0 max 0) or object. [ 509.787629][T20039] binder: 20036:20039 transaction failed 29201/-28, size 67108864-12288 line 3147 [ 509.804510][T20038] binder: 20037:20038 transaction failed 29201/-22, size 0-8 line 3241 08:48:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0xff000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:42 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0xa00000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 509.850586][T20038] binder: 20037:20038 got transaction with invalid offset (0, min 0 max 0) or object. [ 509.857333][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:42 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x40000000, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0xffffff80}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 509.893470][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 509.915012][T20038] binder: 20037:20038 transaction failed 29201/-22, size 0-8 line 3241 [ 509.969989][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:42 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x48) 08:48:42 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x4000000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 510.095090][T20064] binder: 20061:20064 transaction failed 29201/-28, size 83886080-12288 line 3147 08:48:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0xffffff90}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:42 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x1000000000000, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 510.135832][T20069] binder: 20068:20069 transaction failed 29201/-22, size 0-8 line 3241 [ 510.143350][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:42 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x48) 08:48:42 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x80ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 510.239051][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x1000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:42 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x100000000000000, 0x0, 0x0, 0x0, [0x2]}, 0x48) [ 510.284742][T20082] binder: 20078:20082 transaction failed 29201/-28, size 100663296-12288 line 3147 08:48:42 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x48) [ 510.361288][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 510.379977][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:42 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x90ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x100000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:42 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:43 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x200000000000000, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:43 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x48) 08:48:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 510.527330][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:43 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0xff00000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:43 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x200000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:43 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 08:48:43 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0xffffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:43 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:43 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x300000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:43 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x2}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:43 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xffffffff00000000, 0x0, 0x0, 0x0, [0x2]}, 0x48) 08:48:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:43 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000]}, 0x48) 08:48:43 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x700000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:43 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x2, 0x0, [0x2]}, 0x48) 08:48:43 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x3}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:43 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff00000000]}, 0x48) 08:48:43 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0xa00000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:43 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x4000, 0x0, [0x2]}, 0x48) 08:48:43 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000]}, 0x48) 08:48:43 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x7}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:43 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1000000, 0x0, [0x2]}, 0x48) 08:48:43 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:43 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:48:43 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x3f00000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:44 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0xa}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:44 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x4000000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) [ 511.551225][T20208] binder_alloc_new_buf_locked: 12 callbacks suppressed [ 511.551247][T20208] binder_alloc: 2152: binder_alloc_buf size 1811951616 failed, no address space 08:48:44 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x2000000, 0x0, [0x2]}, 0x48) 08:48:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:44 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x300}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:44 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x80ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x48) 08:48:44 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40000000, 0x0, [0x2]}, 0x48) 08:48:44 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x700}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 511.816596][T20228] binder_alloc: 2152: binder_alloc_buf size 1946169344 failed, no address space 08:48:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x48) 08:48:44 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x90ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:44 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1000000000000, 0x0, [0x2]}, 0x48) 08:48:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}, 0x48) 08:48:44 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0xa00}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 512.041378][T20256] binder_alloc: 2152: binder_alloc_buf size 2046832640 failed, no address space 08:48:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:44 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0xff00000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:44 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x4000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 512.134898][T20256] binder_alloc: 2152: binder_alloc_buf size 2046832640 failed, no address space 08:48:44 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100000000000000, 0x0, [0x2]}, 0x48) 08:48:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x48) 08:48:44 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0xffffffff00000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 512.235234][T20256] binder_alloc_new_buf_locked: 13 callbacks suppressed [ 512.235253][T20256] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:44 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0xff00}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:44 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x48) 08:48:44 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x200000000000000, 0x0, [0x2]}, 0x48) [ 512.424808][T20293] binder_alloc: 2152: binder_alloc_buf size 13510798882123776 failed, no address space 08:48:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x48) [ 512.466078][T20293] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:45 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x2}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 512.508218][T20293] binder_alloc: 2152: binder_alloc_buf size 13510798882123776 failed, no address space 08:48:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:45 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x1000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 512.548598][T20293] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:45 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}, 0x48) 08:48:45 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, [0x2]}, 0x48) 08:48:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:45 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x3}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:45 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x2000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 512.723177][T20322] binder_alloc: 2152: binder_alloc_buf size 72057594037940224 failed, no address space 08:48:45 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xffffffff00000000, 0x0, [0x2]}, 0x48) 08:48:45 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:48:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 512.782884][T20322] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:45 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, [0x2]}, 0x48) 08:48:45 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x3000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:45 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x7}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 512.884972][T20339] binder_transaction: 18 callbacks suppressed [ 512.884987][T20339] binder: 20338:20339 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:45 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00]}, 0x48) 08:48:45 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x7000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:45 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0xa}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 513.038863][T20354] binder_alloc: 2152: binder_alloc_buf size 144115188075868160 failed, no address space 08:48:45 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4000, [0x2]}, 0x48) 08:48:45 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:48:45 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0xa000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:45 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) [ 513.169100][T20354] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) [ 513.186988][T20361] binder: 20360:20361 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:45 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x300}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:45 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1000000, [0x2]}, 0x48) 08:48:45 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x40000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 513.345713][T20380] binder: 20379:20380 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:45 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x700}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:45 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x48) 08:48:45 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2000000, [0x2]}, 0x48) [ 513.397433][T20387] binder_alloc: 2152: binder_alloc_buf size 216172782113796096 failed, no address space 08:48:45 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 513.480833][T20387] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:46 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0xa00}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:46 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40000000, [0x2]}, 0x48) [ 513.538571][T20387] binder_alloc: 2152: binder_alloc_buf size 216172782113796096 failed, no address space 08:48:46 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x80ffffff}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:46 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x48) [ 513.587051][T20387] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 513.651198][T20403] binder: 20401:20403 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:46 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x3f00}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:46 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x48) 08:48:46 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1000000000000, [0x2]}, 0x48) 08:48:46 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x90ffffff}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:46 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x100000000000000, [0x2]}, 0x48) [ 513.819560][T20426] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:46 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x4000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:46 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0xff000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 513.901913][T20425] binder: 20424:20425 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:46 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x48) 08:48:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:46 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x200000000000000, [0x2]}, 0x48) 08:48:46 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0xffffff80}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:46 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0xff00}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 514.088312][T20449] binder: 20445:20449 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:46 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) [ 514.134935][T20454] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) 08:48:46 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, [0x2]}, 0x48) 08:48:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:46 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x1000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:46 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff]}, 0x48) 08:48:46 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:46 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0xffffff90}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 514.348999][T20472] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:46 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000, [0x2]}, 0x48) 08:48:46 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x2000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 514.396915][T20472] binder_transaction: 42 callbacks suppressed [ 514.396934][T20472] binder: 20468:20472 transaction failed 29201/-28, size 432345564227567616-12288 line 3147 [ 514.403940][T20480] binder: 20475:20480 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:46 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff]}, 0x48) 08:48:47 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x1000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 514.525384][T20480] binder: 20475:20480 transaction failed 29201/-22, size 0-8 line 3241 08:48:47 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x14]}, 0x48) 08:48:47 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x3000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:47 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000]}, 0x48) [ 514.603227][T20496] binder: 20495:20496 transaction failed 29201/-28, size 504403158265495552-12288 line 3147 08:48:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:47 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x100000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 514.704788][ T7775] binder_release_work: 42 callbacks suppressed [ 514.704797][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:47 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff80]}, 0x48) [ 514.764768][T20510] binder: 20508:20510 got transaction with invalid offset (0, min 0 max 0) or object. [ 514.797132][T20510] binder: 20508:20510 transaction failed 29201/-22, size 0-8 line 3241 08:48:47 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x7000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:47 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x5f]}, 0x48) 08:48:47 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x200000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 514.856049][T20515] binder: 20514:20515 transaction failed 29201/-28, size 1297036692682702848-12288 line 3147 [ 514.890927][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:47 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff90]}, 0x48) 08:48:47 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x2]}, 0x48) 08:48:47 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0xa000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 514.998307][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 515.159122][T20536] binder: 20535:20536 transaction failed 29201/-28, size 4539628424389459968-12288 line 3147 [ 515.185460][T20542] binder: 20539:20542 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:47 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x3f000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:47 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:48:47 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x4000]}, 0x48) 08:48:47 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x300000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 515.212914][T20542] binder: 20539:20542 transaction failed 29201/-22, size 0-8 line 3241 [ 515.214096][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 515.288804][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:47 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:47 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) [ 515.349057][T20553] binder: 20552:20553 transaction failed 29201/-28, size 5188146770730811392-12288 line 3147 08:48:47 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x40000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:47 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x700000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 515.403623][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:47 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x1000000]}, 0x48) 08:48:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 515.473113][T20566] binder: 20561:20566 got transaction with invalid offset (0, min 0 max 0) or object. [ 515.531921][T20566] binder: 20561:20566 transaction failed 29201/-22, size 0-8 line 3241 [ 515.570671][T20576] binder: 20575:20576 transaction failed 29201/-28, size 5476377146882523136-12288 line 3147 08:48:48 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:48:48 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x2000000]}, 0x48) 08:48:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x80ffffff}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:48 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0xa00000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 515.582277][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 515.653566][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:48 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x48) [ 515.731804][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:48 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x4000000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:48 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x40000000]}, 0x48) 08:48:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x90ffffff}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 515.861618][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:48:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:48 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x48) 08:48:48 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x80ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0xff000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:48 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x1000000000000]}, 0x48) 08:48:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:48 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0x90ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0xffffff80}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:48 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x100000000000000]}, 0x48) 08:48:48 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x48) 08:48:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:48 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0xff00000000000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:48 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:48 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0xffffff90}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:48 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x200000000000000]}, 0x48) 08:48:48 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}, [], {0x95, 0x0, 0x0, 0xffffffff00000000}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:49 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x48) 08:48:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:49 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x4000000000000000]}, 0x48) [ 516.550490][T20672] binder: 20671:20672 got transaction with invalid offsets size, 10 08:48:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x1000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:49 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x02', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:49 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0xffffffff00000000]}, 0x48) 08:48:49 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 08:48:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:49 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x03', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x100000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 516.787868][T20694] binder: 20690:20694 got transaction with invalid offsets size, 99 08:48:49 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000]}, 0x48) 08:48:49 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x2]}, 0x48) 08:48:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 516.853102][T20694] binder: 20690:20694 got transaction with invalid offsets size, 99 08:48:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b60, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:49 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\a', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:49 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff00000000]}, 0x48) 08:48:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x200000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:49 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x4000]}, 0x48) [ 517.071300][T20718] binder_alloc_new_buf_locked: 13 callbacks suppressed [ 517.071311][T20718] binder_alloc: 2152: binder_alloc_buf size 11104 failed, no address space 08:48:49 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000]}, 0x48) 08:48:49 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\n', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x300000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3002, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:49 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x1000000]}, 0x48) 08:48:49 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) [ 517.300377][T20743] binder_alloc: 2152: binder_alloc_buf size 12296 failed, no address space 08:48:49 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x700000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:49 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:49 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x2000000]}, 0x48) 08:48:49 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 517.387114][T20743] binder_alloc_new_buf_locked: 11 callbacks suppressed [ 517.387134][T20743] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) 08:48:50 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0xa00000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:50 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x40000000]}, 0x48) 08:48:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x48) 08:48:50 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3003, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:50 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x3f00000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:50 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x1000000000000]}, 0x48) 08:48:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x48) [ 517.755466][T20785] binder_alloc: 2152: binder_alloc_buf size 12296 failed, no address space 08:48:50 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:50 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x4000000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 517.802902][T20785] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:50 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x100000000000000]}, 0x48) 08:48:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3004, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}, 0x48) 08:48:50 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 517.983838][T20801] binder_transaction: 14 callbacks suppressed [ 517.983856][T20801] binder: 20800:20801 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:50 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x200000000000000]}, 0x48) 08:48:50 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x80ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 518.030702][T20807] binder_alloc: 2152: binder_alloc_buf size 12296 failed, no address space 08:48:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 518.098997][T20807] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x48) 08:48:50 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x4000000000000000]}, 0x48) [ 518.184915][T20823] binder: 20822:20823 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:50 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:50 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x90ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 518.230501][T20807] binder_alloc: 2152: binder_alloc_buf size 12296 failed, no address space [ 518.240388][T20807] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) 08:48:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3005, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:50 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:50 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x48) 08:48:50 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:50 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0xffffffff00000000]}, 0x48) [ 518.403989][T20842] binder: 20841:20842 got transaction with invalid offset (0, min 0 max 0) or object. [ 518.426085][T20845] binder_alloc: 2152: binder_alloc_buf size 12296 failed, no address space 08:48:50 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0xff00000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:51 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x48) [ 518.464419][T20845] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) 08:48:51 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3006, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:51 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0xffffffff00000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:51 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x2]}, 0x48) [ 518.636515][T20862] binder: 20861:20862 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:51 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}, 0x48) [ 518.691386][T20868] binder_alloc: 2152: binder_alloc_buf size 12296 failed, no address space 08:48:51 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x4000]}, 0x48) 08:48:51 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 518.746536][T20868] binder_alloc: allocated: 3792 (num: 169 largest: 32), free: 8496 (num: 1 largest: 8496) 08:48:51 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x2}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:51 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:48:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3007, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:51 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x1000000]}, 0x48) 08:48:51 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 518.904664][T20886] binder: 20884:20886 got transaction with invalid offset (0, min 0 max 0) or object. 08:48:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:51 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00]}, 0x48) 08:48:51 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x3}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 519.045083][T20900] binder_alloc: 2152: binder_alloc_buf size 12296 failed, no address space [ 519.073154][T20900] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:51 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 519.089099][T20902] binder: 20901:20902 got transaction with invalid data ptr 08:48:51 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x2000000]}, 0x48) 08:48:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3012, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:51 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x7}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:51 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:51 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:48:51 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:51 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x40000000]}, 0x48) [ 519.325459][T20931] binder: 20929:20931 got transaction with invalid data ptr [ 519.346612][T20928] binder_alloc: 2152: binder_alloc_buf size 12312 failed, no address space 08:48:51 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0xa}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:51 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\xff', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 519.387435][T20928] binder_alloc: allocated: 3800 (num: 169 largest: 32), free: 8488 (num: 2 largest: 8480) 08:48:51 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:48:51 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) [ 519.440340][T20928] binder_transaction: 36 callbacks suppressed [ 519.440358][T20928] binder: 20922:20928 transaction failed 29201/-28, size 0-12306 line 3147 [ 519.440519][T20931] binder: 20929:20931 transaction failed 29201/-14, size 3-8 line 3179 08:48:52 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x48) 08:48:52 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\xff', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3048, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:52 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x300}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:52 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x100000000000000]}, 0x48) [ 519.656912][T20954] binder_alloc: 2152: binder_alloc_buf size 12360 failed, no address space [ 519.676880][T20954] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:52 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x48) 08:48:52 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:52 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x700}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 519.736517][T20954] binder: 20953:20954 transaction failed 29201/-28, size 0-12360 line 3147 [ 519.736544][T20963] binder: 20962:20963 got transaction with invalid data ptr [ 519.773872][ T7777] binder_release_work: 36 callbacks suppressed [ 519.773880][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:52 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:48:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x304c, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:52 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x48) [ 519.862465][T20963] binder: 20962:20963 transaction failed 29201/-14, size 4-8 line 3179 08:48:52 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0xa00}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:52 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x80', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:52 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x4000000000000000]}, 0x48) [ 519.925621][T20980] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) [ 519.949533][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 519.963746][T20963] binder: 20962:20963 got transaction with invalid data ptr [ 519.984048][T20980] binder: 20978:20980 transaction failed 29201/-28, size 0-12364 line 3147 [ 520.006030][T20963] binder: 20962:20963 transaction failed 29201/-14, size 4-8 line 3179 [ 520.014776][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:52 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x48) [ 520.034992][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3068, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:52 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x90', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:52 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:48:52 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x3f00}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:52 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:52 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) [ 520.214048][T21002] binder: 20999:21002 transaction failed 29201/-28, size 0-12392 line 3147 [ 520.239158][T21004] binder: 21003:21004 got transaction with invalid data ptr [ 520.246553][T21004] binder: 21003:21004 transaction failed 29201/-14, size 5-8 line 3179 08:48:52 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x2]}, 0x48) [ 520.300938][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:52 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x4000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x306c, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:52 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 520.345396][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:52 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff]}, 0x48) 08:48:52 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 520.469811][T21026] binder: 21022:21026 transaction failed 29201/-28, size 0-12396 line 3147 08:48:53 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:48:53 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff]}, 0x48) 08:48:53 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:53 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0xff00}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 520.540077][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 520.563530][T21032] binder: 21031:21032 got transaction with invalid data ptr 08:48:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3074, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 520.610301][T21032] binder: 21031:21032 transaction failed 29201/-14, size 6-8 line 3179 [ 520.660804][T21032] binder: 21031:21032 got transaction with invalid data ptr 08:48:53 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:48:53 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:53 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 520.703390][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 520.728373][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:53 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000]}, 0x48) 08:48:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x307a, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 520.771580][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:53 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x1000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:53 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) [ 520.849973][T21060] binder: 21057:21060 got transaction with invalid data ptr 08:48:53 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:53 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f5e0ff, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:53 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff80]}, 0x48) 08:48:53 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x2000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:53 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) [ 521.047834][T21078] binder: 21074:21078 got transaction with invalid data ptr 08:48:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:53 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:53 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:53 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff90]}, 0x48) 08:48:53 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x3000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:53 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) [ 521.256180][T21102] binder: 21101:21102 got transaction with invalid data ptr 08:48:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:53 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:48:53 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x7000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:53 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:48:53 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:53 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:54 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:48:54 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:54 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:48:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:54 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0xa000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x5]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:54 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:54 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 08:48:54 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:48:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:54 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x3f000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:54 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:54 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:48:54 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x48) 08:48:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:54 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x40000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:54 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) 08:48:54 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:54 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x48) [ 522.090212][T21185] binder_alloc_new_buf_locked: 14 callbacks suppressed [ 522.090223][T21185] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:54 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:54 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x80ffffff}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x12]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:54 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:48:54 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x48) 08:48:54 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 522.312777][T21206] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:54 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x90ffffff}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 522.381888][T21206] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:54 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:54 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) [ 522.435399][T21206] binder_alloc_new_buf_locked: 15 callbacks suppressed [ 522.435419][T21206] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x30]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:55 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:48:55 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:55 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x48) [ 522.619768][T21226] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 522.646020][T21226] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:55 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0xff000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 522.710613][T21226] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 522.746819][T21226] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:55 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 08:48:55 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 08:48:55 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xa, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:55 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0xffffff80}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x48]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:55 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000]}, 0x48) 08:48:55 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x300, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:55 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) [ 523.047216][T21263] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 523.055901][T21263] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:55 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0xffffff90}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:55 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:48:55 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x700, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:55 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff00000000]}, 0x48) 08:48:55 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:48:55 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000]}, 0x48) [ 523.240272][T21263] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:55 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x1000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 523.293568][T21263] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:55 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xa00, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:55 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:55 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:48:55 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 08:48:55 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x4000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:55 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x100000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x200000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 523.557045][T21312] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 523.565742][T21312] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:56 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xff00, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) 08:48:56 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:48:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x68]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x300000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x48) 08:48:56 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x1000000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:56 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) [ 523.847844][T21339] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x48) [ 523.901090][T21339] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:56 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:48:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x700000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:56 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x2000000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}, 0x48) 08:48:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0xa00000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:56 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:56 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) [ 524.155442][T21466] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:56 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x3000000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x3f00000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 524.232658][T21466] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) [ 524.270721][T21472] binder_transaction: 16 callbacks suppressed 08:48:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x48) [ 524.270732][T21472] binder: 21469:21472 got transaction with invalid data ptr 08:48:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x74]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:56 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:48:56 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x7000000, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 524.374725][T21472] binder: 21469:21472 got transaction with invalid data ptr 08:48:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x48) 08:48:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x4000000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 524.415993][T21489] binder_alloc: allocated: 6352 (num: 169 largest: 2568), free: 5936 (num: 2 largest: 5928) 08:48:57 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 08:48:57 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xa000000, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 524.508319][T21489] binder_transaction: 42 callbacks suppressed [ 524.508341][T21489] binder: 21488:21489 transaction failed 29201/-28, size 0-12288 line 3147 [ 524.508778][T21472] binder: 21469:21472 transaction failed 29201/-14, size 2560-8 line 3179 08:48:57 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:57 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x80ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:57 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x48) 08:48:57 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:48:57 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x40000000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:57 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x80ffffff, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 524.739819][T21517] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:48:57 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:48:57 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0x90ffffff00000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:57 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}, 0x48) [ 524.822401][T21517] binder: 21512:21517 transaction failed 29201/-28, size 0-12288 line 3147 [ 524.864296][T21525] binder: 21522:21525 got transaction with invalid data ptr 08:48:57 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x90ffffff, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:57 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) [ 524.931755][T21525] binder: 21522:21525 transaction failed 29201/-14, size 4608-8 line 3179 [ 524.961177][ T7777] binder_release_work: 42 callbacks suppressed [ 524.961186][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:57 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:57 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0xff00000000000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x300]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:57 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:48:57 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xff000000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:57 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) [ 525.083949][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 525.149617][T21549] binder: 21548:21549 transaction failed 29201/-28, size 0-12288 line 3147 08:48:57 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xffffff80, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:57 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:48:57 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00]}, 0x48) 08:48:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x500]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:57 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}, [], {0x95, 0x0, 0x0, 0xffffffff00000000}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 525.209310][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 525.222978][T21559] binder: 21558:21559 got transaction with invalid data ptr [ 525.244351][T21559] binder: 21558:21559 transaction failed 29201/-14, size 8192-8 line 3179 08:48:57 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xffffff90, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 525.369052][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 525.398004][T21575] binder: 21572:21575 transaction failed 29201/-28, size 0-12288 line 3147 08:48:57 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:48:57 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) 08:48:57 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x02'}, 0x48) [ 525.457798][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 525.543668][T21587] binder: 21586:21587 transaction failed 29201/-28, size 16128-8 line 3147 08:48:58 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x1000000000000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:58 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:48:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x03'}, 0x48) [ 525.589610][T21592] binder: 21591:21592 transaction failed 29201/-28, size 0-12288 line 3147 08:48:58 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:48:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x700]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 525.660836][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 525.691686][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:58 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x48) 08:48:58 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x100000000000000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 525.794368][T21609] binder: 21607:21609 transaction failed 29201/-28, size 0-12288 line 3147 08:48:58 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:48:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\a'}, 0x48) [ 525.842585][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:58 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:48:58 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x200000000000000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x1200]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:58 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x48) [ 525.916541][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 525.925579][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:48:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:58 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x300000000000000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\n'}, 0x48) 08:48:58 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x48) 08:48:58 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 08:48:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:58 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x700000000000000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3f00]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:58 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x48) 08:48:58 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:48:58 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4800]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:58 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xa00000000000000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:59 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 08:48:59 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:48:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c00]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:59 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff]}, 0x48) 08:48:59 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x4000000000000000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:59 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:48:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6800]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:59 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x80ffffff00000000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:59 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 08:48:59 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff]}, 0x48) 08:48:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:59 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:48:59 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x90ffffff00000000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c00]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:59 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000]}, 0x48) 08:48:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 527.107422][T21739] binder_alloc_new_buf_locked: 26 callbacks suppressed [ 527.107472][T21739] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:59 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) 08:48:59 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xff00000000000000, 0x0, 0x0, 0x0, 0x2}, 0x48) 08:48:59 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff80]}, 0x48) [ 527.212306][T21745] binder_alloc: 2152: binder_alloc_buf size 16777224 failed, no address space 08:48:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7400]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:48:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:48:59 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:48:59 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:48:59 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff90]}, 0x48) 08:48:59 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0xffffffff00000000, 0x0, 0x0, 0x0, 0x2}, 0x48) [ 527.374417][T21763] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:48:59 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 527.451628][T21763] binder_alloc_new_buf_locked: 26 callbacks suppressed [ 527.451645][T21763] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:00 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:49:00 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:49:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a00]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:00 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x2, 0x0, 0x0, 0x2}, 0x48) [ 527.526959][T21767] binder_alloc: 2152: binder_alloc_buf size 33554440 failed, no address space [ 527.550171][T21767] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:49:00 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 527.666782][T21791] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 527.675467][T21791] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:00 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:49:00 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x3, 0x0, 0x0, 0x2}, 0x48) 08:49:00 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:49:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 527.764404][T21796] binder_alloc: 2152: binder_alloc_buf size 50331656 failed, no address space [ 527.793261][T21796] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:00 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 08:49:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x300000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:00 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:49:00 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x7, 0x0, 0x0, 0x2}, 0x48) 08:49:00 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 527.997188][T21817] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 528.030519][T21817] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:00 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xa, 0x0, 0x0, 0x2}, 0x48) 08:49:00 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x48) 08:49:00 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) [ 528.047583][T21823] binder_alloc: 2152: binder_alloc_buf size 67108872 failed, no address space [ 528.070946][T21823] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x1000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:49:00 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:00 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x48) 08:49:00 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x300, 0x0, 0x0, 0x2}, 0x48) 08:49:00 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:49:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:49:00 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x700, 0x0, 0x0, 0x2}, 0x48) [ 528.277255][T21845] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 528.313429][T21845] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:00 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x48) [ 528.361704][T21846] binder_alloc: 2152: binder_alloc_buf size 83886088 failed, no address space [ 528.397113][T21846] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x2000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:00 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xa00, 0x0, 0x0, 0x2}, 0x48) 08:49:00 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\xff'}, 0x48) 08:49:01 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:49:01 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x48) [ 528.533972][T21867] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:01 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\xff'}, 0x48) 08:49:01 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x4000, 0x0, 0x0, 0x2}, 0x48) 08:49:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:01 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) [ 528.682544][T21881] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:01 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 08:49:01 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:49:01 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xff00, 0x0, 0x0, 0x2}, 0x48) 08:49:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:01 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000]}, 0x48) 08:49:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:01 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:49:01 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x80'}, 0x48) 08:49:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x5000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:01 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x1000000, 0x0, 0x0, 0x2}, 0x48) 08:49:01 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff00000000]}, 0x48) 08:49:01 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) 08:49:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:01 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x90'}, 0x48) 08:49:01 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x2000000, 0x0, 0x0, 0x2}, 0x48) 08:49:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:01 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000]}, 0x48) 08:49:01 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:49:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:01 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x3000000, 0x0, 0x0, 0x2}, 0x48) 08:49:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:01 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:49:01 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:01 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:49:01 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:49:02 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:49:02 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x7000000, 0x0, 0x0, 0x2}, 0x48) 08:49:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 529.544594][T21965] binder_transaction: 42 callbacks suppressed [ 529.544614][T21965] binder: 21964:21965 transaction failed 29201/-28, size 301989888-8 line 3147 08:49:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x12000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:02 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) [ 529.650354][T21974] binder: 21973:21974 transaction failed 29201/-28, size 0-12288 line 3147 08:49:02 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:02 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 08:49:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:49:02 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xa000000, 0x0, 0x0, 0x2}, 0x48) 08:49:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3f000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:02 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x48) [ 529.834401][T21987] binder: 21986:21987 transaction failed 29201/-28, size 536870912-8 line 3147 08:49:02 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:02 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) [ 530.017136][T21999] binder: 21997:21999 transaction failed 29201/-28, size 0-12288 line 3147 [ 530.043995][T21996] binder: 21994:21996 transaction failed 29201/-28, size 1056964608-8 line 3147 [ 530.055295][ T7775] binder_release_work: 43 callbacks suppressed 08:49:02 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x48) [ 530.055302][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:49:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:49:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x48000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:02 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 530.133547][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:49:02 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x40000000, 0x0, 0x0, 0x2}, 0x48) 08:49:02 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:49:02 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}, 0x48) [ 530.234842][T22017] binder: 22016:22017 transaction failed 29201/-28, size 0-12288 line 3147 08:49:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:49:02 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x80ffffff, 0x0, 0x0, 0x2}, 0x48) [ 530.283478][T22025] binder: 22022:22025 transaction failed 29201/-28, size 1207959552-8 line 3147 [ 530.314114][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:49:02 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:49:02 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x48) 08:49:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c000000]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 530.357012][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 [ 530.363586][T22025] binder: 22022:22025 transaction failed 29201/-28, size 1207959552-8 line 3147 [ 530.390137][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:49:02 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:49:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:03 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x90ffffff, 0x0, 0x0, 0x2}, 0x48) [ 530.508699][T22043] binder: 22042:22043 transaction failed 29201/-28, size 0-12288 line 3147 08:49:03 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x48) 08:49:03 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) [ 530.570489][T22049] binder: 22047:22049 transaction failed 29201/-28, size 1275068416-8 line 3147 [ 530.598895][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 530.609297][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:49:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:49:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x68000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:03 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xff000000, 0x0, 0x0, 0x2}, 0x48) 08:49:03 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x48) [ 530.761080][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:49:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:49:03 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) [ 530.814603][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:49:03 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}, 0x48) 08:49:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:03 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xffffff80, 0x0, 0x0, 0x2}, 0x48) 08:49:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:03 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) 08:49:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) [ 531.005415][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:49:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:03 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:49:03 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xffffff90, 0x0, 0x0, 0x2}, 0x48) 08:49:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x74000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:49:03 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:49:03 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00]}, 0x48) 08:49:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x74000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:03 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x1000000000000, 0x0, 0x0, 0x2}, 0x48) 08:49:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:03 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:49:03 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:49:03 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:49:03 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:03 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x100000000000000, 0x0, 0x0, 0x2}, 0x48) 08:49:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x30000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:04 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:49:04 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00'}, 0x48) 08:49:04 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:49:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:04 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 08:49:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x100000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:04 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x200000000000000, 0x0, 0x0, 0x2}, 0x48) 08:49:04 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x48) 08:49:04 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x2}, 0x48) 08:49:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x200000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:04 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:49:04 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x300000000000000, 0x0, 0x0, 0x2}, 0x48) 08:49:04 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x3}, 0x48) 08:49:04 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x48) 08:49:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:04 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x700000000000000, 0x0, 0x0, 0x2}, 0x48) 08:49:04 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x48) 08:49:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x300000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:04 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:49:04 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x7}, 0x48) 08:49:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:04 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:49:04 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xa00000000000000, 0x0, 0x0, 0x2}, 0x48) 08:49:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x400000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:04 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0xa}, 0x48) 08:49:04 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x48) [ 532.262623][T22213] binder_alloc_new_buf_locked: 43 callbacks suppressed [ 532.262633][T22213] binder_alloc: 2152: binder_alloc_buf size 288230376151711752 failed, no address space 08:49:04 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 08:49:04 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x4000000000000000, 0x0, 0x0, 0x2}, 0x48) 08:49:04 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x300}, 0x48) [ 532.342124][T22218] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:49:04 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 08:49:04 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:05 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:49:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x500000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 532.498728][T22237] binder_alloc: 2152: binder_alloc_buf size 360287970189639688 failed, no address space 08:49:05 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x80ffffff00000000, 0x0, 0x0, 0x2}, 0x48) 08:49:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x700}, 0x48) [ 532.556365][T22237] binder_alloc_new_buf_locked: 43 callbacks suppressed [ 532.556382][T22237] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:05 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) [ 532.627048][T22247] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 532.651026][T22247] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:05 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x90ffffff00000000, 0x0, 0x0, 0x2}, 0x48) 08:49:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x600000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0xa00}, 0x48) 08:49:05 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff]}, 0x48) 08:49:05 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) [ 532.811944][T22266] binder_alloc: 2152: binder_alloc_buf size 432345564227567624 failed, no address space 08:49:05 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xff00000000000000, 0x0, 0x0, 0x2}, 0x48) [ 532.869155][T22266] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) [ 532.901734][T22268] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:49:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x3f00}, 0x48) 08:49:05 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff]}, 0x48) [ 532.917499][T22268] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:05 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:49:05 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xffffffff00000000, 0x0, 0x0, 0x2}, 0x48) 08:49:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x700000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x4000}, 0x48) 08:49:05 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000]}, 0x48) 08:49:05 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:49:05 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x2, 0x2}, 0x48) [ 533.148936][T22294] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 533.184632][T22294] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) [ 533.200221][T22299] binder_alloc: 2152: binder_alloc_buf size 504403158265495560 failed, no address space 08:49:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x1200000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:05 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff80]}, 0x48) 08:49:05 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 08:49:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0xff00}, 0x48) [ 533.255006][T22299] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:05 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x3, 0x2}, 0x48) 08:49:05 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x1000000}, 0x48) [ 533.377948][T22312] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:49:05 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff90]}, 0x48) 08:49:05 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:05 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:49:05 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x7, 0x2}, 0x48) [ 533.436061][T22312] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x2000000}, 0x48) [ 533.517862][T22332] binder_alloc: 2152: binder_alloc_buf size 576460752303423496 failed, no address space 08:49:06 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:49:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x3f00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:06 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) [ 533.602751][T22332] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:06 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xa, 0x2}, 0x48) [ 533.668142][T22340] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:06 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:49:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:06 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:49:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x3000000}, 0x48) 08:49:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4800000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:06 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x300, 0x2}, 0x48) [ 533.827642][T22357] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:06 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:49:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x4c00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1200000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x7000000}, 0x48) 08:49:06 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x700, 0x2}, 0x48) 08:49:06 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 08:49:06 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x48) 08:49:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:06 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xa00, 0x2}, 0x48) 08:49:06 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x48) 08:49:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6800000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0xa000000}, 0x48) 08:49:06 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:49:06 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x4000, 0x2}, 0x48) 08:49:06 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:06 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x48) 08:49:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x3f000000}, 0x48) 08:49:06 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) 08:49:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x6c00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:06 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xff00, 0x2}, 0x48) 08:49:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7400000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) 08:49:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x40000000}, 0x48) 08:49:07 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x48) 08:49:07 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:49:07 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) [ 534.607335][T22435] binder_transaction: 41 callbacks suppressed [ 534.607361][T22435] binder: 22434:22435 transaction failed 29201/-28, size 5188146770730811392-8 line 3147 [ 534.610472][T22438] binder: 22437:22438 transaction failed 29201/-28, size 0-12288 line 3147 [ 534.641419][T22435] binder: 22434:22435 transaction failed 29201/-28, size 5188146770730811392-8 line 3147 08:49:07 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1000000, 0x2}, 0x48) 08:49:07 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:49:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x80ffffff}, 0x48) 08:49:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:07 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x2000000, 0x2}, 0x48) 08:49:07 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:49:07 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000]}, 0x48) 08:49:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x7a00000000000000]}}], 0x0, 0x0, &(0x7f0000000300)}) [ 534.817664][T22457] binder: 22456:22457 transaction failed 29201/-28, size 5476377146882523136-8 line 3147 08:49:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x90ffffff}, 0x48) 08:49:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:07 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x3000000, 0x2}, 0x48) 08:49:07 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff00000000]}, 0x48) [ 534.975496][T22469] binder: 22468:22469 transaction failed 29201/-28, size 0-12288 line 3147 [ 534.998210][T22469] binder: 22468:22469 transaction failed 29201/-28, size 0-12288 line 3147 08:49:07 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 08:49:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0xff000000}, 0x48) 08:49:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x2, 0x0, &(0x7f0000000300)}) [ 535.083093][T22479] binder: 22477:22479 transaction failed 29201/-28, size 6917529027641081856-8 line 3147 08:49:07 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x7000000, 0x2}, 0x48) 08:49:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0xffffff80}, 0x48) [ 535.161925][ T7775] binder_release_work: 44 callbacks suppressed [ 535.161964][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 535.189532][T22493] binder: 22490:22493 transaction failed 29201/-28, size 0-12288 line 3147 08:49:07 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000]}, 0x48) 08:49:07 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:07 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:49:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x3, 0x0, &(0x7f0000000300)}) 08:49:07 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xa000000, 0x2}, 0x48) 08:49:07 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0xffffff90}, 0x48) 08:49:07 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) [ 535.354382][T22510] binder: 22507:22510 transaction failed 29201/-28, size 7493989779944505344-8 line 3147 [ 535.380951][T22512] binder: 22511:22512 transaction failed 29201/-28, size 0-12288 line 3147 08:49:07 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) [ 535.433420][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:49:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4, 0x0, &(0x7f0000000300)}) 08:49:08 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40000000, 0x2}, 0x48) 08:49:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x1000000000000}, 0x48) 08:49:08 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) [ 535.598240][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:49:08 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) [ 535.642585][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:49:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x5, 0x0, &(0x7f0000000300)}) 08:49:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x100000000000000}, 0x48) 08:49:08 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x80ffffff, 0x2}, 0x48) [ 535.771043][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:49:08 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x48) 08:49:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:08 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) [ 535.822201][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:49:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6, 0x0, &(0x7f0000000300)}) 08:49:08 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x90ffffff, 0x2}, 0x48) 08:49:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x200000000000000}, 0x48) 08:49:08 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, 0x48) [ 535.970214][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:49:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 536.019816][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 536.035396][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:49:08 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:49:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7, 0x0, &(0x7f0000000300)}) [ 536.069622][T22576] binder: 22575:22576 got transaction with invalid offsets size, 2 08:49:08 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xff000000, 0x2}, 0x48) [ 536.142772][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:49:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:08 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}, 0x48) 08:49:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x300000000000000}, 0x48) 08:49:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x12, 0x0, &(0x7f0000000300)}) 08:49:08 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) [ 536.266311][T22591] binder: 22590:22591 got transaction with invalid offsets size, 3 08:49:08 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xffffff80, 0x2}, 0x48) 08:49:08 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}, 0x48) 08:49:08 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x700000000000000}, 0x48) 08:49:08 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x30, 0x0, &(0x7f0000000300)}) 08:49:08 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) [ 536.484624][T22611] binder: 22610:22611 got transaction with invalid offsets size, 4 08:49:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0xa00000000000000}, 0x48) 08:49:09 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xffffff90, 0x2}, 0x48) 08:49:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x48, 0x0, &(0x7f0000000300)}) 08:49:09 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700]}, 0x48) 08:49:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:09 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:49:09 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x48) [ 536.732894][T22638] binder: 22637:22638 got transaction with invalid offsets size, 5 08:49:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4c, 0x0, &(0x7f0000000300)}) 08:49:09 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1000000000000, 0x2}, 0x48) 08:49:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x3f00000000000000}, 0x48) 08:49:09 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:49:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:09 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00]}, 0x48) 08:49:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x4000000000000000}, 0x48) [ 536.948115][T22660] binder: 22658:22660 got transaction with invalid offsets size, 6 08:49:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x68, 0x0, &(0x7f0000000300)}) 08:49:09 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 08:49:09 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100000000000000, 0x2}, 0x48) 08:49:09 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:49:09 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x80ffffff00000000}, 0x48) 08:49:09 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:49:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6c, 0x0, &(0x7f0000000300)}) 08:49:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x90ffffff00000000}, 0x48) 08:49:09 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) [ 537.302282][T22686] binder: 22685:22686 got transaction with invalid offsets size, 7 [ 537.312535][T22688] binder_alloc_new_buf_locked: 35 callbacks suppressed [ 537.312546][T22688] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:49:09 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00]}, 0x48) 08:49:09 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x200000000000000, 0x2}, 0x48) 08:49:09 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:49:09 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0xff00000000000000}, 0x48) 08:49:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x74, 0x0, &(0x7f0000000300)}) 08:49:10 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) [ 537.555112][T22711] binder: 22710:22711 got transaction with invalid offsets size, 9 [ 537.569813][T22713] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 537.586540][T22713] binder_alloc_new_buf_locked: 34 callbacks suppressed [ 537.586560][T22713] binder_alloc: allocated: 3800 (num: 169 largest: 32), free: 8488 (num: 2 largest: 8480) 08:49:10 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 08:49:10 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x300000000000000, 0x2}, 0x48) 08:49:10 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) [ 537.611614][T22713] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:49:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0xffffffff00000000}, 0x48) [ 537.667163][T22713] binder_alloc: allocated: 3800 (num: 169 largest: 32), free: 8488 (num: 2 largest: 8480) 08:49:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7a, 0x0, &(0x7f0000000300)}) 08:49:10 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:49:10 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x700000000000000, 0x2}, 0x48) 08:49:10 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000]}, 0x48) 08:49:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x2}, 0x48) 08:49:10 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xa00000000000000, 0x2}, 0x48) [ 537.854668][T22739] binder: 22735:22739 got transaction with invalid offsets size, 10 [ 537.866888][T22740] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 537.891814][T22740] binder_alloc: allocated: 3800 (num: 169 largest: 32), free: 8488 (num: 2 largest: 8480) 08:49:10 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) 08:49:10 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x48) [ 537.984565][T22739] binder: 22735:22739 got transaction with invalid offsets size, 10 08:49:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x300, 0x0, &(0x7f0000000300)}) 08:49:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x3}, 0x48) 08:49:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:10 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x4000000000000000, 0x2}, 0x48) 08:49:10 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:49:10 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x48) [ 538.127653][T22761] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 538.136316][T22761] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) [ 538.187188][T22769] binder: 22768:22769 got transaction with invalid offsets size, 11 08:49:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x500, 0x0, &(0x7f0000000300)}) 08:49:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x7}, 0x48) 08:49:10 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:49:10 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x80ffffff00000000, 0x2}, 0x48) 08:49:10 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000]}, 0x48) 08:49:10 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:10 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x90ffffff00000000, 0x2}, 0x48) [ 538.380897][T22789] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:49:10 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:49:10 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xa}, 0x48) [ 538.446894][T22789] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:11 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 08:49:11 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xff00000000000000, 0x2}, 0x48) 08:49:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x600, 0x0, &(0x7f0000000300)}) 08:49:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x300}, 0x48) [ 538.625552][T22813] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:49:11 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) 08:49:11 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0xffffffff00000000, 0x2}, 0x48) 08:49:11 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff]}, 0x48) 08:49:11 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) [ 538.734508][T22813] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) [ 538.771203][T22813] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:49:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x700}, 0x48) 08:49:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) [ 538.852371][T22813] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:11 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff]}, 0x48) 08:49:11 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:49:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x700, 0x0, &(0x7f0000000300)}) 08:49:11 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3}, 0x48) 08:49:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xa00}, 0x48) 08:49:11 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) 08:49:11 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff000000]}, 0x48) 08:49:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x3f00}, 0x48) [ 539.048274][T22848] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space [ 539.084522][T22848] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:11 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x48) [ 539.140864][T22854] binder: 22852:22854 got transaction with invalid offset (0, min 0 max 0) or object. 08:49:11 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 08:49:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x1200, 0x0, &(0x7f0000000300)}) 08:49:11 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff80]}, 0x48) 08:49:11 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x4000}, 0x48) [ 539.281938][T22873] binder_alloc: 2152: binder_alloc_buf size 12288 failed, no address space 08:49:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xff00}, 0x48) 08:49:11 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x5}, 0x48) 08:49:11 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:49:11 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff90]}, 0x48) [ 539.401907][T22873] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x1000000}, 0x48) 08:49:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x3000, 0x0, &(0x7f0000000300)}) 08:49:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:49:12 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) 08:49:12 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6}, 0x48) 08:49:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x2000000}, 0x48) [ 539.653100][T22908] binder_alloc: allocated: 3784 (num: 168 largest: 32), free: 8504 (num: 2 largest: 8496) 08:49:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:12 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x7}, 0x48) 08:49:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) [ 539.738802][T22908] binder_transaction: 40 callbacks suppressed [ 539.738820][T22908] binder: 22904:22908 transaction failed 29201/-28, size 0-12288 line 3147 08:49:12 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x48) 08:49:12 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x48) [ 539.819324][T22923] binder: 22919:22923 transaction failed 29201/-22, size 0-47 line 3201 08:49:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x3f00, 0x0, &(0x7f0000000300)}) 08:49:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x3000000}, 0x48) 08:49:12 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x48) 08:49:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) [ 539.941808][T22923] binder: 22919:22923 transaction failed 29201/-22, size 0-47 line 3201 [ 539.968965][T22935] binder: 22932:22935 transaction failed 29201/-28, size 0-12288 line 3147 08:49:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:12 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9}, 0x48) 08:49:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x7000000}, 0x48) 08:49:12 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x48) 08:49:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, 0x48) 08:49:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4800, 0x0, &(0x7f0000000300)}) [ 540.117444][T22948] binder: 22947:22948 transaction failed 29201/-22, size 0-107 line 3201 08:49:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xa000000}, 0x48) 08:49:12 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xa}, 0x48) 08:49:12 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b58, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:12 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x48) [ 540.258081][T22962] binder: 22961:22962 transaction failed 29201/-28, size 0-12288 line 3147 08:49:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x48) 08:49:12 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x3f000000}, 0x48) 08:49:12 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xb}, 0x48) [ 540.346527][T22972] binder: 22971:22972 transaction failed 29201/-28, size 0-11096 line 3147 08:49:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x4c00, 0x0, &(0x7f0000000300)}) [ 540.421641][ T7777] binder_release_work: 24 callbacks suppressed [ 540.421650][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:49:12 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000]}, 0x48) 08:49:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b60, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x48) [ 540.480528][T22984] binder: 22982:22984 transaction failed 29201/-28, size 0-12288 line 3147 08:49:13 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x40000000}, 0x48) [ 540.538384][T22991] binder: 22990:22991 transaction failed 29201/-28, size 0-11104 line 3147 08:49:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xd}, 0x48) 08:49:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x48) 08:49:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6800, 0x0, &(0x7f0000000300)}) [ 540.614787][ T7777] binder: undelivered TRANSACTION_ERROR: 29201 08:49:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200001c8, 0x0, &(0x7f00000001c0)=[0x0]}}], 0x0, 0x0, 0x0}) 08:49:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000]}, 0x48) 08:49:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xf}, 0x48) 08:49:13 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x80ffffff}, 0x48) 08:49:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000]}, 0x48) [ 540.763311][T23008] binder: 23007:23008 transaction failed 29201/-28, size 0-12288 line 3147 [ 540.789391][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:49:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x2]}}], 0x0, 0x0, 0x0}) 08:49:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 08:49:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x6c00, 0x0, &(0x7f0000000300)}) 08:49:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x14}, 0x48) 08:49:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x48) 08:49:13 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x90ffffff}, 0x48) [ 540.978342][T23027] binder: 23026:23027 got transaction with invalid offset (2, min 0 max 0) or object. 08:49:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20001}, 0x48) 08:49:13 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xff000000}, 0x48) [ 541.102801][T23027] binder: 23026:23027 got transaction with invalid offset (2, min 0 max 0) or object. 08:49:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) 08:49:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7400, 0x0, &(0x7f0000000300)}) [ 541.145514][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 [ 541.158574][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:49:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff00000000]}, 0x48) 08:49:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, [0x2]}, 0x48) 08:49:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x3]}}], 0x0, 0x0, 0x0}) 08:49:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2], 0x0, 0x2}, 0x48) 08:49:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x7a00, 0x0, &(0x7f0000000300)}) 08:49:13 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x98}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0xffffff80}, 0x48) [ 541.302779][T23059] binder: 23058:23059 got transaction with invalid offset (3, min 0 max 0) or object. [ 541.333276][ T7775] binder: undelivered TRANSACTION_ERROR: 29201 08:49:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90ffffff00000000]}, 0x48) 08:49:13 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, [0x3]}, 0x48) 08:49:13 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, &(0x7f00000001c0)=[0x4]}}], 0x0, 0x0, 0x0}) 08:49:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff00000000000000]}, 0x48) [ 541.517446][T23119] ------------[ cut here ]------------ [ 541.522965][T23119] kernel BUG at drivers/android/binder_alloc.c:1141! [ 541.552445][T23119] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 541.554080][ T3876] kobject: 'loop3' (00000000ebde5159): kobject_uevent_env 08:49:14 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, [0x7]}, 0x48) 08:49:14 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2], 0x0, 0x4000}, 0x48) [ 541.558579][T23119] CPU: 1 PID: 23119 Comm: syz-executor.5 Not tainted 5.1.0-rc2+ #37 [ 541.558588][T23119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 541.558612][T23119] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 541.558629][T23119] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 bf f9 23 fc 4c 89 e6 4c 89 ef e8 d4 fa 23 fc 4d 39 e5 76 07 e8 aa f9 23 fc <0f> 0b e8 a3 f9 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 b1 [ 541.558636][T23119] RSP: 0018:ffff888054f4f6d8 EFLAGS: 00010212 [ 541.558649][T23119] RAX: 0000000000040000 RBX: 0000000020001ec0 RCX: ffffc9001088c000 [ 541.558658][T23119] RDX: 00000000000002ac RSI: ffffffff854c77d6 RDI: 0000000000000006 [ 541.558668][T23119] RBP: ffff888054f4f758 R08: ffff888097be4040 R09: 0000000000000028 [ 541.558677][T23119] R10: ffffed100a9e9f32 R11: ffff888054f4f997 R12: 0000000000000008 [ 541.558686][T23119] R13: 0000000000000028 R14: ffff888098654690 R15: 0000000000000000 [ 541.558699][T23119] FS: 0000000000000000(0000) GS:ffff8880ae900000(0063) knlGS:00000000f5dc3b40 08:49:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000]}, 0x48) [ 541.558707][T23119] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 541.558714][T23119] CR2: 00000000f5dc2c30 CR3: 00000000a53cf000 CR4: 00000000001406e0 [ 541.558730][T23119] Call Trace: [ 541.590314][ T3876] kobject: 'loop3' (00000000ebde5159): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 541.590431][T23119] ? memcpy+0x46/0x50 [ 541.631830][ T3876] kobject: 'loop4' (00000000fc2759cf): kobject_uevent_env [ 541.632444][T23119] binder_alloc_copy_from_buffer+0x37/0x42 08:49:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x48) [ 541.642099][ T3876] kobject: 'loop4' (00000000fc2759cf): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 541.649430][T23119] binder_get_object+0xc3/0x200 [ 541.649449][T23119] binder_transaction+0x2b4a/0x6690 [ 541.649474][T23119] ? binder_thread_read+0x3d50/0x3d50 [ 541.649488][T23119] ? __lock_acquire+0x548/0x3fb0 [ 541.649507][T23119] ? __might_fault+0x12b/0x1e0 [ 541.649522][T23119] ? lock_downgrade+0x880/0x880 [ 541.649541][T23119] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 541.649565][T23119] ? _copy_from_user+0xdd/0x150 08:49:14 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2], 0x0, 0x1000000}, 0x48) 08:49:14 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, [0xa]}, 0x48) [ 541.658743][ T3876] kobject: 'loop1' (00000000a0d1cb8c): kobject_uevent_env [ 541.666961][T23119] binder_thread_write+0x64a/0x2820 [ 541.666984][T23119] ? binder_transaction+0x6690/0x6690 [ 541.666998][T23119] ? __might_fault+0x12b/0x1e0 [ 541.667022][T23119] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 541.667036][T23119] ? _copy_from_user+0xdd/0x150 [ 541.667050][T23119] binder_ioctl+0x1033/0x183b [ 541.667075][T23119] ? binder_thread_write+0x2820/0x2820 [ 541.674376][ T3876] kobject: 'loop1' (00000000a0d1cb8c): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 541.681687][T23119] ? __fget+0x381/0x550 [ 541.681702][T23119] ? ksys_dup3+0x3e0/0x3e0 [ 541.681805][T23119] ? get_old_timespec32+0x200/0x200 [ 541.681833][T23119] ? tomoyo_file_ioctl+0x23/0x30 [ 541.778868][ T3876] kobject: 'loop1' (00000000a0d1cb8c): kobject_uevent_env [ 541.781473][T23119] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 541.781498][T23119] ? security_file_ioctl+0x93/0xc0 [ 541.786297][ T3876] kobject: 'loop1' (00000000a0d1cb8c): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 541.792518][T23119] ? binder_thread_write+0x2820/0x2820 [ 541.792534][T23119] __ia32_compat_sys_ioctl+0x197/0x620 [ 541.792551][T23119] do_fast_syscall_32+0x281/0xc98 [ 541.792568][T23119] entry_SYSENTER_compat+0x70/0x7f [ 541.792579][T23119] RIP: 0023:0xf7fc7869 [ 541.792595][T23119] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 08:49:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, &(0x7f0000000140), &(0x7f00000001c0)=[0x0]}}], 0x300000, 0x0, &(0x7f0000000300)}) 08:49:14 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x2], 0x0, 0x2000000}, 0x48) 08:49:14 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, [0x300]}, 0x48) 08:49:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x10, 0x48}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x48) [ 541.792610][T23119] RSP: 002b:00000000f5dc30cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 541.893528][ T3876] kobject: 'loop3' (00000000ebde5159): kobject_uevent_env [ 541.911743][T23119] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201 [ 541.911751][T23119] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 541.911757][T23119] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 541.911763][T23119] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 541.911769][T23119] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 541.911784][T23119] Modules linked in: [ 541.931948][T23119] ---[ end trace 55e293539bed2a3e ]--- [ 541.971464][ T3876] kobject: 'loop3' (00000000ebde5159): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 541.986413][T23119] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 542.005684][T23119] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 bf f9 23 fc 4c 89 e6 4c 89 ef e8 d4 fa 23 fc 4d 39 e5 76 07 e8 aa f9 23 fc <0f> 0b e8 a3 f9 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 b1 [ 542.025469][ T3876] kobject: 'loop2' (00000000b7db19fc): kobject_uevent_env [ 542.028283][ T3876] kobject: 'loop2' (00000000b7db19fc): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 542.034644][T23119] RSP: 0018:ffff888054f4f6d8 EFLAGS: 00010212 [ 542.049047][ T3876] kobject: 'loop0' (0000000004087977): kobject_uevent_env [ 542.058320][T23119] RAX: 0000000000040000 RBX: 0000000020001ec0 RCX: ffffc9001088c000 [ 542.066564][T23119] RDX: 00000000000002ac RSI: ffffffff854c77d6 RDI: 0000000000000006 [ 542.068952][ T3876] kobject: 'loop0' (0000000004087977): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 542.082818][T23119] RBP: ffff888054f4f758 R08: ffff888097be4040 R09: 0000000000000028 [ 542.088677][ T3876] kobject: 'loop1' (00000000a0d1cb8c): kobject_uevent_env [ 542.093594][T23119] R10: ffffed100a9e9f32 R11: ffff888054f4f997 R12: 0000000000000008 [ 542.101972][ T3876] kobject: 'loop1' (00000000a0d1cb8c): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 542.109018][T23119] R13: 0000000000000028 R14: ffff888098654690 R15: 0000000000000000 [ 542.124095][ T3876] kobject: 'loop4' (00000000fc2759cf): kobject_uevent_env [ 542.128134][T23119] FS: 0000000000000000(0000) GS:ffff8880ae900000(0063) knlGS:00000000f5dc3b40 [ 542.135410][ T3876] kobject: 'loop4' (00000000fc2759cf): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 542.144268][T23119] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 542.164408][T23119] CR2: 00000000081220f0 CR3: 00000000a53cf000 CR4: 00000000001406e0 [ 542.173620][T23119] Kernel panic - not syncing: Fatal exception [ 542.180782][T23119] Kernel Offset: disabled [ 542.185840][T23119] Rebooting in 86400 seconds..