~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:03 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:03 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:03 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:03 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:03 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:03 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  815.691202] binder_alloc: 30679: binder_alloc_buf, no vma
** 4 printk messages dropped ** [  815.758339] binder: 20574:20578 ioctl 40046207 0 returned -16
14:52:03 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:03 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:03 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:03 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:03 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:03 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 5 printk messages dropped ** [  815.834656] binder: 20590:20596 ioctl 40046207 0 returned -16
[  815.835781] binder_alloc: 30679: binder_alloc_buf, no vma
[  815.835802] binder: 20590:20596 transaction failed 29189/-3, size 24-8 line 3136
[  815.835898] binder: undelivered TRANSACTION_ERROR: 29189
14:52:03 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:03 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:03 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:03 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:03 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  815.835981] binder: 20590:20596 IncRefs 0 refcount change on invalid ref 1 ret -22
** 1 printk messages dropped ** [  815.891465] binder: 20607:20610 ioctl 40046207 0 returned -16
14:52:03 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:03 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:03 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:03 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:03 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:03 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:03 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

** 5 printk messages dropped ** [  815.973866] binder: 20622:20627 ioctl 40046207 0 returned -16
[  815.974348] binder_alloc: 30679: binder_alloc_buf, no vma
[  815.974376] binder: 20622:20627 transaction failed 29189/-3, size 24-8 line 3136
14:52:03 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:03 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:03 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:03 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:03 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  815.975864] binder: undelivered TRANSACTION_ERROR: 29189
** 2 printk messages dropped ** [  816.082596] binder: 20644:20650 ioctl 40046207 0 returned -16
14:52:03 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:03 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:03 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:03 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

** 5 printk messages dropped ** [  816.137309] binder: 20653:20663 ioctl 40046207 0 returned -16
14:52:03 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:03 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:03 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:03 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:04 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  816.145245] binder_alloc: 30679: binder_alloc_buf, no vma
** 4 printk messages dropped ** [  816.164812] binder: 20670:20672 ioctl 40046207 0 returned -16
[  816.164935] binder_alloc: 30679: binder_alloc_buf, no vma
[  816.164952] binder: 20670:20672 transaction failed 29189/-3, size 24-8 line 3136
[  816.165036] binder: undelivered TRANSACTION_ERROR: 29189
14:52:04 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:04 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:04 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  816.165187] binder: 20670:20672 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:04 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:04 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:04 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:04 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

** 1 printk messages dropped ** [  816.214957] binder: 20679:20680 ioctl 40046207 0 returned -16
[  816.221888] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:04 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 4 printk messages dropped ** [  816.302687] binder: 20690:20693 ioctl 40046207 0 returned -16
[  816.302796] binder_alloc: 30679: binder_alloc_buf, no vma
[  816.302815] binder: 20690:20693 transaction failed 29189/-3, size 24-8 line 3136
14:52:04 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:04 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:04 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:04 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  816.302913] binder: undelivered TRANSACTION_ERROR: 29189
** 2 printk messages dropped ** [  816.348889] binder: 20700:20708 ioctl 40046207 0 returned -16
14:52:04 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:04 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:04 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 5 printk messages dropped ** [  816.423530] binder: 20720:20723 ioctl 40046207 0 returned -16
14:52:04 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:04 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:04 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:04 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 3 printk messages dropped ** [  816.423784] binder: 20720:20723 IncRefs 0 refcount change on invalid ref 1 ret -22
** 7 printk messages dropped ** [  816.660116] binder: 20750:20757 ioctl 40046207 0 returned -16
14:52:04 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:04 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:04 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:04 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:04 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  816.660227] binder_alloc: 30679: binder_alloc_buf, no vma
[  816.660246] binder: 20750:20757 transaction failed 29189/-3, size 24-8 line 3136
[  816.660331] binder: undelivered TRANSACTION_ERROR: 29189
[  816.660414] binder: 20750:20757 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:04 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:04 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:04 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

** 1 printk messages dropped ** [  816.719811] binder: 20763:20769 ioctl 40046207 0 returned -16
14:52:04 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:04 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

** 5 printk messages dropped ** [  816.795800] binder: 20782:20785 ioctl 40046207 0 returned -16
[  816.800528] binder_alloc: 30679: binder_alloc_buf, no vma
[  816.800547] binder: 20782:20785 transaction failed 29189/-3, size 24-8 line 3136
14:52:04 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:04 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:04 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:04 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:04 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 3 printk messages dropped ** [  816.885917] binder: 20798:20804 ioctl 40046207 0 returned -16
[  816.886017] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:04 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:04 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:04 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:04 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:04 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

** 4 printk messages dropped ** [  816.943175] binder: 20813:20821 ioctl 40046207 0 returned -16
[  816.943269] binder_alloc: 30679: binder_alloc_buf, no vma
[  816.943289] binder: 20813:20821 transaction failed 29189/-3, size 24-8 line 3136
14:52:04 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:04 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

** 3 printk messages dropped ** [  817.017717] binder: 20823:20835 ioctl 40046207 0 returned -16
[  817.017836] binder_alloc: 30679: binder_alloc_buf, no vma
[  817.017856] binder: 20823:20835 transaction failed 29189/-3, size 24-8 line 3136
[  817.017949] binder: undelivered TRANSACTION_ERROR: 29189
14:52:04 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:04 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  817.018035] binder: 20823:20835 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:04 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:04 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:04 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:04 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:04 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

** 1 printk messages dropped ** [  817.087941] binder: 20846:20854 ioctl 40046207 0 returned -16
[  817.088049] binder_alloc: 30679: binder_alloc_buf, no vma
[  817.088069] binder: 20846:20854 transaction failed 29189/-3, size 24-8 line 3136
14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:04 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:04 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  817.088157] binder: undelivered TRANSACTION_ERROR: 29189
[  817.088243] binder: 20846:20854 IncRefs 0 refcount change on invalid ref 1 ret -22
[  817.141654] binder: BINDER_SET_CONTEXT_MGR already set
[  817.141664] binder: 20857:20865 ioctl 40046207 0 returned -16
[  817.142087] binder_alloc: 30679: binder_alloc_buf, no vma
[  817.142107] binder: 20857:20865 transaction failed 29189/-3, size 24-8 line 3136
14:52:04 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:04 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:04 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  817.142185] binder: undelivered TRANSACTION_ERROR: 29189
[  817.142261] binder: 20857:20865 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:04 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:04 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

** 1 printk messages dropped ** [  817.230479] binder: 20880:20887 ioctl 40046207 0 returned -16
[  817.230586] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:04 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:04 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:04 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:04 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:04 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:05 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:05 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 4 printk messages dropped ** [  817.300415] binder: 20894:20904 ioctl 40046207 0 returned -16
[  817.300516] binder_alloc: 30679: binder_alloc_buf, no vma
[  817.300535] binder: 20894:20904 transaction failed 29189/-3, size 24-8 line 3136
[  817.300612] binder: undelivered TRANSACTION_ERROR: 29189
[  817.300686] binder: 20894:20904 IncRefs 0 refcount change on invalid ref 1 ret -22
[  817.474801] binder: BINDER_SET_CONTEXT_MGR already set
14:52:05 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:05 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:05 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:05 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:05 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  817.474810] binder: 20924:20926 ioctl 40046207 0 returned -16
** 5 printk messages dropped ** [  817.517810] binder: 20940:20941 ioctl 40046207 0 returned -16
[  817.517933] binder_alloc: 30679: binder_alloc_buf, no vma
[  817.517953] binder: 20940:20941 transaction failed 29189/-3, size 24-8 line 3136
[  817.518037] binder: undelivered TRANSACTION_ERROR: 29189
[  817.518110] binder: 20940:20941 IncRefs 0 refcount change on invalid ref 1 ret -22
[  817.611043] binder: BINDER_SET_CONTEXT_MGR already set
[  817.611055] binder: 20955:20958 ioctl 40046207 0 returned -16
[  817.617450] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:05 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:05 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:05 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:05 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:05 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:05 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  817.617471] binder: 20955:20958 transaction failed 29189/-3, size 24-8 line 3136
[  817.617562] binder: undelivered TRANSACTION_ERROR: 29189
[  817.617638] binder: 20955:20958 IncRefs 0 refcount change on invalid ref 1 ret -22
[  817.694775] binder: BINDER_SET_CONTEXT_MGR already set
[  817.694784] binder: 20971:20977 ioctl 40046207 0 returned -16
[  817.695563] binder_alloc: 30679: binder_alloc_buf, no vma
[  817.695582] binder: 20971:20977 transaction failed 29189/-3, size 24-8 line 3136
[  817.695869] binder: undelivered TRANSACTION_ERROR: 29189
14:52:05 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:05 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:05 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:05 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  817.696653] binder: 20971:20977 IncRefs 0 refcount change on invalid ref 1 ret -22
[  817.800692] binder: BINDER_SET_CONTEXT_MGR already set
14:52:05 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:05 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  817.800702] binder: 20992:20995 ioctl 40046207 0 returned -16
[  817.801063] binder_alloc: 30679: binder_alloc_buf, no vma
[  817.801081] binder: 20992:20995 transaction failed 29189/-3, size 24-8 line 3136
[  817.803786] binder: undelivered TRANSACTION_ERROR: 29189
[  817.804622] binder: 20992:20995 IncRefs 0 refcount change on invalid ref 1 ret -22
[  817.869514] binder: BINDER_SET_CONTEXT_MGR already set
[  817.869523] binder: 21011:21013 ioctl 40046207 0 returned -16
[  817.869650] binder_alloc: 30679: binder_alloc_buf, no vma
[  817.869668] binder: 21011:21013 transaction failed 29189/-3, size 24-8 line 3136
[  817.880348] binder: undelivered TRANSACTION_ERROR: 29189
14:52:05 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:05 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:05 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:05 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:05 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  817.890969] binder: 21011:21013 IncRefs 0 refcount change on invalid ref 1 ret -22
[  817.936960] binder: BINDER_SET_CONTEXT_MGR already set
[  817.936969] binder: 21025:21027 ioctl 40046207 0 returned -16
[  817.937072] binder_alloc: 30679: binder_alloc_buf, no vma
[  817.937090] binder: 21025:21027 transaction failed 29189/-3, size 24-8 line 3136
[  817.937172] binder: undelivered TRANSACTION_ERROR: 29189
[  817.937249] binder: 21025:21027 IncRefs 0 refcount change on invalid ref 1 ret -22
[  818.010704] binder: BINDER_SET_CONTEXT_MGR already set
[  818.010714] binder: 21033:21039 ioctl 40046207 0 returned -16
[  818.010906] binder_alloc: 30679: binder_alloc_buf, no vma
[  818.010925] binder: 21033:21039 transaction failed 29189/-3, size 24-8 line 3136
[  818.011434] binder: undelivered TRANSACTION_ERROR: 29189
[  818.011525] binder: 21033:21039 IncRefs 0 refcount change on invalid ref 1 ret -22
[  818.081483] binder: BINDER_SET_CONTEXT_MGR already set
[  818.081493] binder: 21050:21054 ioctl 40046207 0 returned -16
[  818.081600] binder_alloc: 30679: binder_alloc_buf, no vma
[  818.081619] binder: 21050:21054 transaction failed 29189/-3, size 24-8 line 3136
[  818.082343] binder: undelivered TRANSACTION_ERROR: 29189
[  818.082432] binder: 21050:21054 IncRefs 0 refcount change on invalid ref 1 ret -22
[  818.217237] binder: BINDER_SET_CONTEXT_MGR already set
[  818.217247] binder: 21057:21075 ioctl 40046207 0 returned -16
[  818.217371] binder_alloc: 30679: binder_alloc_buf, no vma
[  818.217390] binder: 21057:21075 transaction failed 29189/-3, size 24-8 line 3136
14:52:05 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:05 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  818.218146] binder: undelivered TRANSACTION_ERROR: 29189
[  818.219279] binder: 21057:21075 IncRefs 0 refcount change on invalid ref 1 ret -22
[  818.355885] binder: BINDER_SET_CONTEXT_MGR already set
[  818.355894] binder: 21087:21097 ioctl 40046207 0 returned -16
[  818.356162] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:05 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:05 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:05 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:05 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  818.356181] binder: 21087:21097 transaction failed 29189/-3, size 24-8 line 3136
14:52:05 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  818.356663] binder: undelivered TRANSACTION_ERROR: 29189
[  818.360715] binder: 21087:21097 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:05 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:05 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:05 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:05 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:05 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:05 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:05 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:05 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:05 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  818.428407] binder: BINDER_SET_CONTEXT_MGR already set
[  818.428416] binder: 21111:21115 ioctl 40046207 0 returned -16
[  818.432456] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:05 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:05 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:05 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:05 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  818.432475] binder: 21111:21115 transaction failed 29189/-3, size 24-8 line 3136
[  818.432553] binder: undelivered TRANSACTION_ERROR: 29189
[  818.432625] binder: 21111:21115 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:05 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:05 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:05 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:05 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  818.499965] binder: BINDER_SET_CONTEXT_MGR already set
[  818.499974] binder: 21126:21128 ioctl 40046207 0 returned -16
[  818.500070] binder_alloc: 30679: binder_alloc_buf, no vma
[  818.500089] binder: 21126:21128 transaction failed 29189/-3, size 24-8 line 3136
[  818.500308] binder: undelivered TRANSACTION_ERROR: 29189
[  818.500874] binder: 21126:21128 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:05 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  818.594992] binder: BINDER_SET_CONTEXT_MGR already set
[  818.595002] binder: 21137:21150 ioctl 40046207 0 returned -16
[  818.595116] binder_alloc: 30679: binder_alloc_buf, no vma
[  818.595135] binder: 21137:21150 transaction failed 29189/-3, size 24-8 line 3136
14:52:05 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:05 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:05 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:05 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  818.595222] binder: undelivered TRANSACTION_ERROR: 29189
[  818.595556] binder: 21137:21150 IncRefs 0 refcount change on invalid ref 1 ret -22
[  818.645017] binder: BINDER_SET_CONTEXT_MGR already set
[  818.645026] binder: 21154:21157 ioctl 40046207 0 returned -16
14:52:05 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:05 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:05 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:05 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:06 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  818.645124] binder_alloc: 30679: binder_alloc_buf, no vma
[  818.645143] binder: 21154:21157 transaction failed 29189/-3, size 24-8 line 3136
14:52:06 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:06 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:06 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  818.645218] binder: undelivered TRANSACTION_ERROR: 29189
[  818.645288] binder: 21154:21157 IncRefs 0 refcount change on invalid ref 1 ret -22
[  818.768587] binder: BINDER_SET_CONTEXT_MGR already set
14:52:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:06 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:06 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:06 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:06 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:06 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  818.768597] binder: 21167:21179 ioctl 40046207 0 returned -16
[  818.768697] binder_alloc: 30679: binder_alloc_buf, no vma
[  818.768716] binder: 21167:21179 transaction failed 29189/-3, size 24-8 line 3136
[  818.768792] binder: undelivered TRANSACTION_ERROR: 29189
[  818.768877] binder: 21167:21179 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:06 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:06 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:06 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  818.877171] binder: BINDER_SET_CONTEXT_MGR already set
[  818.877181] binder: 21200:21204 ioctl 40046207 0 returned -16
[  818.877273] binder_alloc: 30679: binder_alloc_buf, no vma
[  818.877292] binder: 21200:21204 transaction failed 29189/-3, size 24-8 line 3136
14:52:06 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:06 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:06 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  818.877460] binder: undelivered TRANSACTION_ERROR: 29189
[  818.877532] binder: 21200:21204 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:06 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:06 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:06 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  818.928620] binder: BINDER_SET_CONTEXT_MGR already set
[  818.928629] binder: 21211:21214 ioctl 40046207 0 returned -16
[  818.928728] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:06 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:06 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:06 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  818.928748] binder: 21211:21214 transaction failed 29189/-3, size 24-8 line 3136
14:52:06 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:06 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:06 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:06 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  818.928825] binder: undelivered TRANSACTION_ERROR: 29189
[  818.928910] binder: 21211:21214 IncRefs 0 refcount change on invalid ref 1 ret -22
[  818.996694] binder: BINDER_SET_CONTEXT_MGR already set
[  818.996703] binder: 21230:21232 ioctl 40046207 0 returned -16
14:52:06 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:06 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:06 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  818.996822] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:06 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:06 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:06 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:06 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:06 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

** 4 printk messages dropped ** [  819.060458] binder: 21240:21243 ioctl 40046207 0 returned -16
[  819.060560] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:06 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:06 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  819.060579] binder: 21240:21243 transaction failed 29189/-3, size 24-8 line 3136
14:52:06 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:06 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:06 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 3 printk messages dropped ** [  819.178734] binder: 21255:21259 transaction failed 29189/-3, size 24-8 line 3136
[  819.178813] binder: undelivered TRANSACTION_ERROR: 29189
[  819.226459] binder: BINDER_SET_CONTEXT_MGR already set
[  819.226468] binder: 21272:21274 ioctl 40046207 0 returned -16
14:52:06 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

[  819.226568] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  819.226586] binder: 21272:21274 transaction failed 29189/-3, size 24-8 line 3136
14:52:06 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:06 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:06 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:06 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  819.226658] binder: undelivered TRANSACTION_ERROR: 29189
** 5 printk messages dropped ** [  819.303717] binder: undelivered TRANSACTION_ERROR: 29189
14:52:06 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:06 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:06 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  819.303840] binder: 21286:21295 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:06 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:06 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

** 4 printk messages dropped ** [  819.353539] binder: undelivered TRANSACTION_ERROR: 29189
14:52:06 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:06 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:06 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:06 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:06 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

** 5 printk messages dropped ** [  819.425139] binder: undelivered TRANSACTION_ERROR: 29189
[  819.425221] binder: 21315:21322 IncRefs 0 refcount change on invalid ref 1 ret -22
[  819.532857] binder: BINDER_SET_CONTEXT_MGR already set
14:52:07 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:07 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:07 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:07 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  819.532876] binder: 21330:21331 ioctl 40046207 0 returned -16
** 2 printk messages dropped ** [  819.533070] binder: undelivered TRANSACTION_ERROR: 29189
14:52:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:07 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:07 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

** 5 printk messages dropped ** [  819.571801] binder: undelivered TRANSACTION_ERROR: 29189
[  819.572055] binder: 21345:21348 IncRefs 0 refcount change on invalid ref 1 ret -22
[  819.637139] binder: BINDER_SET_CONTEXT_MGR already set
[  819.637148] binder: 21354:21361 ioctl 40046207 0 returned -16
14:52:07 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:07 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:07 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  819.637255] binder_alloc: 30679: binder_alloc_buf, no vma
** 1 printk messages dropped ** [  819.637359] binder: undelivered TRANSACTION_ERROR: 29189
14:52:07 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  819.637442] binder: 21354:21361 IncRefs 0 refcount change on invalid ref 1 ret -22
** 4 printk messages dropped ** [  819.703457] binder: undelivered TRANSACTION_ERROR: 29189
14:52:07 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:07 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:07 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  819.703541] binder: 21369:21375 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:07 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:07 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  819.745714] binder: BINDER_SET_CONTEXT_MGR already set
14:52:07 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:07 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

** 3 printk messages dropped ** [  819.745953] binder: undelivered TRANSACTION_ERROR: 29189
** 5 printk messages dropped ** [  819.789402] binder: undelivered TRANSACTION_ERROR: 29189
14:52:07 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  819.789486] binder: 21393:21396 IncRefs 0 refcount change on invalid ref 1 ret -22
[  819.922389] binder: BINDER_SET_CONTEXT_MGR already set
14:52:07 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:07 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:07 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

[  819.922398] binder: 21402:21405 ioctl 40046207 0 returned -16
** 2 printk messages dropped ** [  819.922588] binder: undelivered TRANSACTION_ERROR: 29189
[  819.922657] binder: 21402:21405 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:07 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:07 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  820.002939] binder: BINDER_SET_CONTEXT_MGR already set
14:52:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:07 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

** 3 printk messages dropped ** [  820.003150] binder: undelivered TRANSACTION_ERROR: 29189
14:52:07 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:07 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:07 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:07 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:07 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

** 5 printk messages dropped ** [  820.051198] binder: undelivered TRANSACTION_ERROR: 29189
** 5 printk messages dropped ** [  820.096465] binder: undelivered TRANSACTION_ERROR: 29189
14:52:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:07 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:07 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 5 printk messages dropped ** [  820.152044] binder: undelivered TRANSACTION_ERROR: 29189
14:52:07 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:07 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:07 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 5 printk messages dropped ** [  820.212202] binder: undelivered TRANSACTION_ERROR: 29189
** 5 printk messages dropped ** [  820.251431] binder: undelivered TRANSACTION_ERROR: 29189
[  820.252256] binder: 21482:21486 IncRefs 0 refcount change on invalid ref 1 ret -22
[  820.302364] binder: BINDER_SET_CONTEXT_MGR already set
[  820.302374] binder: 21495:21501 ioctl 40046207 0 returned -16
14:52:07 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:07 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:07 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:07 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:07 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  820.302796] binder_alloc: 30679: binder_alloc_buf, no vma
[  820.302817] binder: 21495:21501 transaction failed 29189/-3, size 24-8 line 3136
14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:07 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:07 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  820.303134] binder: undelivered TRANSACTION_ERROR: 29189
[  820.303326] binder: 21495:21501 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:07 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:07 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:07 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:07 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:07 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  820.357544] binder: BINDER_SET_CONTEXT_MGR already set
[  820.357553] binder: 21510:21513 ioctl 40046207 0 returned -16
** 2 printk messages dropped ** [  820.357761] binder: undelivered TRANSACTION_ERROR: 29189
14:52:07 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:07 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  820.357841] binder: 21510:21513 IncRefs 0 refcount change on invalid ref 1 ret -22
[  820.409187] binder: BINDER_SET_CONTEXT_MGR already set
[  820.409196] binder: 21514:21515 ioctl 40046207 0 returned -16
[  820.409290] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:08 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:08 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:08 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:08 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:08 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

** 1 printk messages dropped ** [  820.409385] binder: undelivered TRANSACTION_ERROR: 29189
[  820.409459] binder: 21514:21515 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:08 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:08 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:08 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:08 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 4 printk messages dropped ** [  820.492552] binder: undelivered TRANSACTION_ERROR: 29189
14:52:08 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:08 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:08 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

** 5 printk messages dropped ** [  820.589759] binder: undelivered TRANSACTION_ERROR: 29189
[  820.590014] binder: 21545:21552 IncRefs 0 refcount change on invalid ref 1 ret -22
** 4 printk messages dropped ** [  820.622794] binder: undelivered TRANSACTION_ERROR: 29189
14:52:08 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:08 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:08 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:08 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:08 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:08 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  820.622887] binder: 21562:21564 IncRefs 0 refcount change on invalid ref 1 ret -22
[  820.696488] binder: BINDER_SET_CONTEXT_MGR already set
[  820.696497] binder: 21576:21582 ioctl 40046207 0 returned -16
[  820.696608] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:08 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:08 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:08 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:08 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:08 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:08 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

** 1 printk messages dropped ** [  820.696716] binder: undelivered TRANSACTION_ERROR: 29189
[  820.710243] binder: 21576:21582 IncRefs 0 refcount change on invalid ref 1 ret -22
** 4 printk messages dropped ** [  820.811330] binder: undelivered TRANSACTION_ERROR: 29189
[  820.811416] binder: 21590:21605 IncRefs 0 refcount change on invalid ref 1 ret -22
[  820.834023] binder: BINDER_SET_CONTEXT_MGR already set
[  820.834076] binder: 21610:21611 ioctl 40046207 0 returned -16
[  820.834175] binder_alloc: 30679: binder_alloc_buf, no vma
[  820.834194] binder: 21610:21611 transaction failed 29189/-3, size 24-8 line 3136
[  820.834267] binder: undelivered TRANSACTION_ERROR: 29189
[  820.834335] binder: 21610:21611 IncRefs 0 refcount change on invalid ref 1 ret -22
[  820.900371] binder: BINDER_SET_CONTEXT_MGR already set
[  820.900380] binder: 21616:21622 ioctl 40046207 0 returned -16
[  820.900490] binder_alloc: 30679: binder_alloc_buf, no vma
[  820.900508] binder: 21616:21622 transaction failed 29189/-3, size 24-8 line 3136
[  820.901164] binder: undelivered TRANSACTION_ERROR: 29189
14:52:08 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:08 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:08 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:08 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:08 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:08 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:08 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  820.906051] binder: 21616:21622 IncRefs 0 refcount change on invalid ref 1 ret -22
[  820.953382] binder: BINDER_SET_CONTEXT_MGR already set
14:52:08 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:08 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:08 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:08 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:08 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:08 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  820.953390] binder: 21629:21635 ioctl 40046207 0 returned -16
[  820.954222] binder_alloc: 30679: binder_alloc_buf, no vma
[  820.954242] binder: 21629:21635 transaction failed 29189/-3, size 24-8 line 3136
14:52:08 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:08 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:08 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:08 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  820.971024] binder: undelivered TRANSACTION_ERROR: 29189
14:52:08 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:08 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:08 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  820.971128] binder: 21629:21635 IncRefs 0 refcount change on invalid ref 1 ret -22
[  821.091486] binder: BINDER_SET_CONTEXT_MGR already set
[  821.091496] binder: 21653:21661 ioctl 40046207 0 returned -16
[  821.091608] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:08 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:08 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:08 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:08 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:08 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  821.091627] binder: 21653:21661 transaction failed 29189/-3, size 24-8 line 3136
[  821.091712] binder: undelivered TRANSACTION_ERROR: 29189
[  821.091793] binder: 21653:21661 IncRefs 0 refcount change on invalid ref 1 ret -22
[  821.169886] binder: BINDER_SET_CONTEXT_MGR already set
14:52:08 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:08 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:08 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:08 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:08 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:08 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:08 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  821.169905] binder: 21669:21671 ioctl 40046207 0 returned -16
[  821.170127] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:08 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  821.170145] binder: 21669:21671 transaction failed 29189/-3, size 24-8 line 3136
[  821.170228] binder: undelivered TRANSACTION_ERROR: 29189
[  821.170298] binder: 21669:21671 IncRefs 0 refcount change on invalid ref 1 ret -22
[  821.357517] binder: BINDER_SET_CONTEXT_MGR already set
[  821.357525] binder: 21695:21704 ioctl 40046207 0 returned -16
[  821.357608] binder_alloc: 30679: binder_alloc_buf, no vma
[  821.357626] binder: 21695:21704 transaction failed 29189/-3, size 24-8 line 3136
[  821.357701] binder: undelivered TRANSACTION_ERROR: 29189
[  821.357775] binder: 21695:21704 IncRefs 0 refcount change on invalid ref 1 ret -22
[  821.391638] binder: BINDER_SET_CONTEXT_MGR already set
[  821.391647] binder: 21707:21709 ioctl 40046207 0 returned -16
[  821.393007] binder_alloc: 30679: binder_alloc_buf, no vma
[  821.393026] binder: 21707:21709 transaction failed 29189/-3, size 24-8 line 3136
[  821.393105] binder: undelivered TRANSACTION_ERROR: 29189
14:52:08 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:08 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:08 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:08 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  821.393173] binder: 21707:21709 IncRefs 0 refcount change on invalid ref 1 ret -22
[  821.445495] binder: BINDER_SET_CONTEXT_MGR already set
14:52:08 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:08 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:08 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:08 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:08 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:08 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:08 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:09 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  821.445565] binder: 21723:21726 ioctl 40046207 0 returned -16
[  821.445664] binder_alloc: 30679: binder_alloc_buf, no vma
[  821.445683] binder: 21723:21726 transaction failed 29189/-3, size 24-8 line 3136
14:52:09 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:09 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:09 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  821.445756] binder: undelivered TRANSACTION_ERROR: 29189
[  821.445825] binder: 21723:21726 IncRefs 0 refcount change on invalid ref 1 ret -22
[  821.507053] binder: BINDER_SET_CONTEXT_MGR already set
[  821.507062] binder: 21729:21739 ioctl 40046207 0 returned -16
[  821.508436] binder_alloc: 30679: binder_alloc_buf, no vma
[  821.508456] binder: 21729:21739 transaction failed 29189/-3, size 24-8 line 3136
[  821.508549] binder: undelivered TRANSACTION_ERROR: 29189
[  821.508630] binder: 21729:21739 IncRefs 0 refcount change on invalid ref 1 ret -22
[  821.569042] binder: BINDER_SET_CONTEXT_MGR already set
[  821.569051] binder: 21749:21754 ioctl 40046207 0 returned -16
[  821.569162] binder_alloc: 30679: binder_alloc_buf, no vma
[  821.569180] binder: 21749:21754 transaction failed 29189/-3, size 24-8 line 3136
[  821.569268] binder: undelivered TRANSACTION_ERROR: 29189
[  821.569354] binder: 21749:21754 IncRefs 0 refcount change on invalid ref 1 ret -22
[  821.642397] binder: BINDER_SET_CONTEXT_MGR already set
14:52:09 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:09 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:09 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  821.642406] binder: 21764:21770 ioctl 40046207 0 returned -16
[  821.642514] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:09 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:09 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:09 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:09 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:09 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:09 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:09 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:09 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  821.642533] binder: 21764:21770 transaction failed 29189/-3, size 24-8 line 3136
[  821.642617] binder: undelivered TRANSACTION_ERROR: 29189
[  821.642698] binder: 21764:21770 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:09 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:09 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:09 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:09 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:09 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  821.677447] binder: BINDER_SET_CONTEXT_MGR already set
[  821.677456] binder: 21776:21778 ioctl 40046207 0 returned -16
[  821.677552] binder_alloc: 30679: binder_alloc_buf, no vma
[  821.677571] binder: 21776:21778 transaction failed 29189/-3, size 24-8 line 3136
[  821.677646] binder: undelivered TRANSACTION_ERROR: 29189
[  821.677715] binder: 21776:21778 IncRefs 0 refcount change on invalid ref 1 ret -22
[  821.753428] binder: BINDER_SET_CONTEXT_MGR already set
[  821.753437] binder: 21782:21792 ioctl 40046207 0 returned -16
[  821.753847] binder_alloc: 30679: binder_alloc_buf, no vma
[  821.753866] binder: 21782:21792 transaction failed 29189/-3, size 24-8 line 3136
[  821.754749] binder: undelivered TRANSACTION_ERROR: 29189
[  821.755873] binder: 21782:21792 IncRefs 0 refcount change on invalid ref 1 ret -22
[  821.857075] binder: BINDER_SET_CONTEXT_MGR already set
14:52:09 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:09 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  821.857084] binder: 21801:21813 ioctl 40046207 0 returned -16
[  821.857182] binder_alloc: 30679: binder_alloc_buf, no vma
[  821.857202] binder: 21801:21813 transaction failed 29189/-3, size 24-8 line 3136
[  821.857280] binder: undelivered TRANSACTION_ERROR: 29189
[  821.857353] binder: 21801:21813 IncRefs 0 refcount change on invalid ref 1 ret -22
[  821.913873] binder: BINDER_SET_CONTEXT_MGR already set
14:52:09 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  821.913882] binder: 21824:21829 ioctl 40046207 0 returned -16
[  821.914981] binder_alloc: 30679: binder_alloc_buf, no vma
[  821.915000] binder: 21824:21829 transaction failed 29189/-3, size 24-8 line 3136
[  821.915082] binder: undelivered TRANSACTION_ERROR: 29189
14:52:09 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  821.916109] binder: 21824:21829 IncRefs 0 refcount change on invalid ref 1 ret -22
[  822.017781] binder: BINDER_SET_CONTEXT_MGR already set
[  822.017790] binder: 21842:21854 ioctl 40046207 0 returned -16
[  822.017885] binder_alloc: 30679: binder_alloc_buf, no vma
[  822.017904] binder: 21842:21854 transaction failed 29189/-3, size 24-8 line 3136
[  822.017977] binder: undelivered TRANSACTION_ERROR: 29189
[  822.018451] binder: 21842:21854 IncRefs 0 refcount change on invalid ref 1 ret -22
[  822.063346] binder: BINDER_SET_CONTEXT_MGR already set
14:52:09 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  822.063355] binder: 21861:21862 ioctl 40046207 0 returned -16
[  822.063472] binder_alloc: 30679: binder_alloc_buf, no vma
[  822.063491] binder: 21861:21862 transaction failed 29189/-3, size 24-8 line 3136
[  822.063580] binder: undelivered TRANSACTION_ERROR: 29189
[  822.063665] binder: 21861:21862 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:09 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:09 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:09 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:09 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  822.112719] binder: BINDER_SET_CONTEXT_MGR already set
[  822.112728] binder: 21866:21868 ioctl 40046207 0 returned -16
[  822.112822] binder_alloc: 30679: binder_alloc_buf, no vma
[  822.112841] binder: 21866:21868 transaction failed 29189/-3, size 24-8 line 3136
14:52:09 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:09 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:09 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:09 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:09 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  822.112925] binder: undelivered TRANSACTION_ERROR: 29189
[  822.112994] binder: 21866:21868 IncRefs 0 refcount change on invalid ref 1 ret -22
[  822.169920] binder: BINDER_SET_CONTEXT_MGR already set
[  822.169931] binder: 21883:21885 ioctl 40046207 0 returned -16
14:52:09 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:09 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:09 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:09 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:09 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  822.170042] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:09 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:09 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

[  822.170062] binder: 21883:21885 transaction failed 29189/-3, size 24-8 line 3136
[  822.170149] binder: undelivered TRANSACTION_ERROR: 29189
[  822.170233] binder: 21883:21885 IncRefs 0 refcount change on invalid ref 1 ret -22
[  822.219208] binder: BINDER_SET_CONTEXT_MGR already set
14:52:09 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:09 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:09 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:09 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  822.219217] binder: 21896:21899 ioctl 40046207 0 returned -16
[  822.219326] binder_alloc: 30679: binder_alloc_buf, no vma
[  822.219344] binder: 21896:21899 transaction failed 29189/-3, size 24-8 line 3136
14:52:09 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:09 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  822.219432] binder: undelivered TRANSACTION_ERROR: 29189
[  822.219999] binder: 21896:21899 IncRefs 0 refcount change on invalid ref 1 ret -22
[  822.312668] binder: BINDER_SET_CONTEXT_MGR already set
[  822.312678] binder: 21914:21921 ioctl 40046207 0 returned -16
14:52:09 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:09 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:09 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:09 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:09 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:09 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  822.312787] binder_alloc: 30679: binder_alloc_buf, no vma
[  822.312806] binder: 21914:21921 transaction failed 29189/-3, size 24-8 line 3136
14:52:09 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:09 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:09 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:10 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:10 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  822.312903] binder: undelivered TRANSACTION_ERROR: 29189
[  822.312985] binder: 21914:21921 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:10 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:10 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  822.396043] binder: BINDER_SET_CONTEXT_MGR already set
[  822.396053] binder: 21931:21934 ioctl 40046207 0 returned -16
[  822.396243] binder_alloc: 30679: binder_alloc_buf, no vma
[  822.396261] binder: 21931:21934 transaction failed 29189/-3, size 24-8 line 3136
14:52:10 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:10 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:10 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  822.396559] binder: undelivered TRANSACTION_ERROR: 29189
[  822.397161] binder: 21931:21934 IncRefs 0 refcount change on invalid ref 1 ret -22
[  822.452043] binder: BINDER_SET_CONTEXT_MGR already set
14:52:10 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:10 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:10 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:10 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:10 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  822.452059] binder: 21946:21949 ioctl 40046207 0 returned -16
[  822.452173] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:10 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:10 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  822.452193] binder: 21946:21949 transaction failed 29189/-3, size 24-8 line 3136
14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:10 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:10 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:10 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:10 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  822.452269] binder: undelivered TRANSACTION_ERROR: 29189
** 2 printk messages dropped ** [  822.520246] binder: 21959:21965 ioctl 40046207 0 returned -16
14:52:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:10 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:10 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:10 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  822.520350] binder_alloc: 30679: binder_alloc_buf, no vma
[  822.520369] binder: 21959:21965 transaction failed 29189/-3, size 24-8 line 3136
14:52:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:10 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:10 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:10 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:10 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

** 3 printk messages dropped ** [  822.572747] binder: 21970:21975 ioctl 40046207 0 returned -16
** 5 printk messages dropped ** [  822.643127] binder: 21984:21986 ioctl 40046207 0 returned -16
14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:10 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:10 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:10 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  822.651064] binder_alloc: 30679: binder_alloc_buf, no vma
** 4 printk messages dropped ** [  822.689105] binder: 21998:22002 ioctl 40046207 0 returned -16
[  822.689207] binder_alloc: 30679: binder_alloc_buf, no vma
[  822.689225] binder: 21998:22002 transaction failed 29189/-3, size 24-8 line 3136
14:52:10 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:10 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:10 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  822.689838] binder: undelivered TRANSACTION_ERROR: 29189
** 2 printk messages dropped ** [  822.753713] binder: 22009:22016 ioctl 40046207 0 returned -16
14:52:10 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:10 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  822.753824] binder_alloc: 30679: binder_alloc_buf, no vma
[  822.753843] binder: 22009:22016 transaction failed 29189/-3, size 24-8 line 3136
14:52:10 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:10 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:10 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:10 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

** 3 printk messages dropped ** [  822.802188] binder: 22022:22027 ioctl 40046207 0 returned -16
14:52:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:10 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:10 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:10 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

** 4 printk messages dropped ** [  822.843416] binder: BINDER_SET_CONTEXT_MGR already set
14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:10 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:10 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:10 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:10 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  822.843426] binder: 22037:22039 ioctl 40046207 0 returned -16
** 5 printk messages dropped ** [  822.943491] binder: 22041:22055 ioctl 40046207 0 returned -16
14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  822.944264] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:10 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:10 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  822.944283] binder: 22041:22055 transaction failed 29189/-3, size 24-8 line 3136
14:52:10 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:10 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:10 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:10 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:10 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

** 3 printk messages dropped ** [  823.002399] binder: 22063:22066 ioctl 40046207 0 returned -16
[  823.002495] binder_alloc: 30679: binder_alloc_buf, no vma
[  823.002513] binder: 22063:22066 transaction failed 29189/-3, size 24-8 line 3136
[  823.002587] binder: undelivered TRANSACTION_ERROR: 29189
[  823.002655] binder: 22063:22066 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:10 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:11 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  823.054630] binder: BINDER_SET_CONTEXT_MGR already set
14:52:11 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:11 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:11 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:11 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:11 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  823.054639] binder: 22077:22079 ioctl 40046207 0 returned -16
[  823.054735] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:11 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:11 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:11 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  823.054753] binder: 22077:22079 transaction failed 29189/-3, size 24-8 line 3136
[  823.054826] binder: undelivered TRANSACTION_ERROR: 29189
[  823.054895] binder: 22077:22079 IncRefs 0 refcount change on invalid ref 1 ret -22
[  823.126256] binder: BINDER_SET_CONTEXT_MGR already set
[  823.126267] binder: 22087:22094 ioctl 40046207 0 returned -16
14:52:11 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:11 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:11 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:11 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:11 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:11 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:11 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  823.126584] binder_alloc: 30679: binder_alloc_buf, no vma
[  823.126603] binder: 22087:22094 transaction failed 29189/-3, size 24-8 line 3136
[  823.127037] binder: undelivered TRANSACTION_ERROR: 29189
[  823.127792] binder: 22087:22094 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:11 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:11 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:11 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:11 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:11 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

** 1 printk messages dropped ** [  823.191477] binder: 22100:22104 ioctl 40046207 0 returned -16
14:52:11 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:11 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:11 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:11 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:11 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:11 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  823.191592] binder_alloc: 30679: binder_alloc_buf, no vma
** 4 printk messages dropped ** [  823.266114] binder: 22111:22115 ioctl 40046207 0 returned -16
[  823.266383] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:11 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:11 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  823.266402] binder: 22111:22115 transaction failed 29189/-3, size 24-8 line 3136
14:52:11 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:11 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:11 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:11 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 3 printk messages dropped ** [  823.345760] binder: 22130:22133 ioctl 40046207 0 returned -16
[  823.345931] binder_alloc: 30679: binder_alloc_buf, no vma
[  823.345950] binder: 22130:22133 transaction failed 29189/-3, size 24-8 line 3136
14:52:11 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:11 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:11 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:11 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:11 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:11 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  823.346024] binder: undelivered TRANSACTION_ERROR: 29189
** 2 printk messages dropped ** [  823.415708] binder: 22147:22152 ioctl 40046207 0 returned -16
14:52:11 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:11 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:11 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:11 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:11 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  823.415827] binder_alloc: 30679: binder_alloc_buf, no vma
[  823.415846] binder: 22147:22152 transaction failed 29189/-3, size 24-8 line 3136
14:52:11 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

** 3 printk messages dropped ** [  823.493061] binder: 22162:22168 ioctl 40046207 0 returned -16
14:52:11 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:11 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:11 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:11 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:11 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:11 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

** 5 printk messages dropped ** [  823.557286] binder: 22181:22183 ioctl 40046207 0 returned -16
[  823.557758] binder_alloc: 30679: binder_alloc_buf, no vma
[  823.557777] binder: 22181:22183 transaction failed 29189/-3, size 24-8 line 3136
[  823.557855] binder: undelivered TRANSACTION_ERROR: 29189
[  823.557936] binder: 22181:22183 IncRefs 0 refcount change on invalid ref 1 ret -22
[  823.611017] binder: BINDER_SET_CONTEXT_MGR already set
[  823.611026] binder: 22190:22198 ioctl 40046207 0 returned -16
14:52:11 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:11 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:11 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:11 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  823.611128] binder_alloc: 30679: binder_alloc_buf, no vma
[  823.611148] binder: 22190:22198 transaction failed 29189/-3, size 24-8 line 3136
14:52:11 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:11 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:11 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:11 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  823.611220] binder: undelivered TRANSACTION_ERROR: 29189
[  823.611294] binder: 22190:22198 IncRefs 0 refcount change on invalid ref 1 ret -22
[  823.672821] binder: BINDER_SET_CONTEXT_MGR already set
[  823.672830] binder: 22211:22215 ioctl 40046207 0 returned -16
14:52:11 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:11 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:11 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  823.672956] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:11 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:11 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:11 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:11 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:11 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  823.672980] binder: 22211:22215 transaction failed 29189/-3, size 24-8 line 3136
** 3 printk messages dropped ** [  823.758816] binder: 22228:22234 ioctl 40046207 0 returned -16
14:52:11 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:11 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:11 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:11 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  823.759876] binder_alloc: 30679: binder_alloc_buf, no vma
[  823.759898] binder: 22228:22234 transaction failed 29189/-3, size 24-8 line 3136
[  823.759980] binder: undelivered TRANSACTION_ERROR: 29189
[  823.760052] binder: 22228:22234 IncRefs 0 refcount change on invalid ref 1 ret -22
[  823.822415] binder: BINDER_SET_CONTEXT_MGR already set
14:52:11 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:11 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:12 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:12 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  823.822424] binder: 22239:22241 ioctl 40046207 0 returned -16
[  823.822532] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:12 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:12 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:12 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 4 printk messages dropped ** [  823.889339] binder: 22251:22254 ioctl 40046207 0 returned -16
** 5 printk messages dropped ** [  823.922124] binder: 22265:22269 ioctl 40046207 0 returned -16
[  823.922221] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:12 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:12 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:12 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:12 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:12 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  823.922241] binder: 22265:22269 transaction failed 29189/-3, size 24-8 line 3136
** 3 printk messages dropped ** [  823.957374] binder: 22272:22274 ioctl 40046207 0 returned -16
[  823.957469] binder_alloc: 30679: binder_alloc_buf, no vma
[  823.957487] binder: 22272:22274 transaction failed 29189/-3, size 24-8 line 3136
14:52:12 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  823.957561] binder: undelivered TRANSACTION_ERROR: 29189
14:52:12 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:12 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  823.957632] binder: 22272:22274 IncRefs 0 refcount change on invalid ref 1 ret -22
** 1 printk messages dropped ** [  824.028302] binder: 22284:22285 ioctl 40046207 0 returned -16
14:52:12 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:12 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:12 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:12 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:12 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  824.028398] binder_alloc: 30679: binder_alloc_buf, no vma
[  824.028418] binder: 22284:22285 transaction failed 29189/-3, size 24-8 line 3136
[  824.028493] binder: undelivered TRANSACTION_ERROR: 29189
[  824.028562] binder: 22284:22285 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:12 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 1 printk messages dropped ** [  824.104677] binder: 22301:22304 ioctl 40046207 0 returned -16
[  824.104849] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:12 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:12 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 2 printk messages dropped ** [  824.105545] binder: 22301:22304 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:12 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:12 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:12 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:12 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:12 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:12 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

** 7 printk messages dropped ** [  824.399068] binder: 22331:22340 ioctl 40046207 0 returned -16
14:52:12 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:12 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:12 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:12 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  824.399170] binder_alloc: 30679: binder_alloc_buf, no vma
** 4 printk messages dropped ** [  824.428437] binder: 22342:22346 ioctl 40046207 0 returned -16
14:52:12 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:12 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:12 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:12 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:12 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 5 printk messages dropped ** [  824.513164] binder: 22361:22365 ioctl 40046207 0 returned -16
[  824.513289] binder_alloc: 30679: binder_alloc_buf, no vma
[  824.513309] binder: 22361:22365 transaction failed 29189/-3, size 24-8 line 3136
[  824.515142] binder: undelivered TRANSACTION_ERROR: 29189
14:52:12 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:12 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:12 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:12 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  824.515233] binder: 22361:22365 IncRefs 0 refcount change on invalid ref 1 ret -22
** 1 printk messages dropped ** [  824.596953] binder: 22377:22384 ioctl 40046207 0 returned -16
14:52:12 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:12 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:12 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:12 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:12 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:12 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

** 5 printk messages dropped ** [  824.666459] binder: 22389:22398 ioctl 40046207 0 returned -16
[  824.666559] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:12 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:12 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:12 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:12 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

[  824.666579] binder: 22389:22398 transaction failed 29189/-3, size 24-8 line 3136
** 3 printk messages dropped ** [  824.833343] binder: 22408:22411 ioctl 40046207 0 returned -16
14:52:12 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:12 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:12 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:12 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  824.833458] binder_alloc: 30679: binder_alloc_buf, no vma
[  824.833477] binder: 22408:22411 transaction failed 29189/-3, size 24-8 line 3136
** 3 printk messages dropped ** [  824.925205] binder: 22430:22438 ioctl 40046207 0 returned -16
14:52:12 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:12 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  824.925367] binder_alloc: 30679: binder_alloc_buf, no vma
** 4 printk messages dropped ** [  825.110075] binder: 22453:22459 ioctl 40046207 0 returned -16
14:52:12 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:12 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:12 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:12 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:12 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  825.110170] binder_alloc: 30679: binder_alloc_buf, no vma
** 4 printk messages dropped ** [  825.171960] binder: 22465:22468 ioctl 40046207 0 returned -16
[  825.172059] binder_alloc: 30679: binder_alloc_buf, no vma
[  825.172078] binder: 22465:22468 transaction failed 29189/-3, size 24-8 line 3136
[  825.172152] binder: undelivered TRANSACTION_ERROR: 29189
[  825.172222] binder: 22465:22468 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:13 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:13 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:13 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:13 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:13 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:13 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:13 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:13 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:13 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:13 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 1 printk messages dropped ** [  825.382908] binder: 22484:22501 ioctl 40046207 0 returned -16
** 11 printk messages dropped ** [  825.564639] binder: 22529:22535 ioctl 40046207 0 returned -16
[  825.564738] binder_alloc: 30679: binder_alloc_buf, no vma
[  825.564756] binder: 22529:22535 transaction failed 29189/-3, size 24-8 line 3136
[  825.564830] binder: undelivered TRANSACTION_ERROR: 29189
14:52:13 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:13 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:13 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:13 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:13 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:13 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:13 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:13 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:13 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  825.564913] binder: 22529:22535 IncRefs 0 refcount change on invalid ref 1 ret -22
[  825.580768] binder: BINDER_SET_CONTEXT_MGR already set
[  825.580777] binder: 22540:22541 ioctl 40046207 0 returned -16
14:52:13 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:13 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:13 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 5 printk messages dropped ** [  825.752035] binder: 22554:22555 ioctl 40046207 0 returned -16
** 5 printk messages dropped ** [  825.781666] binder: 22562:22564 ioctl 40046207 0 returned -16
[  825.781773] binder_alloc: 30679: binder_alloc_buf, no vma
[  825.781791] binder: 22562:22564 transaction failed 29189/-3, size 24-8 line 3136
[  825.782209] binder: undelivered TRANSACTION_ERROR: 29189
14:52:13 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:13 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:13 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:13 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:13 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:13 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:13 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:13 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:13 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:13 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  825.782294] binder: 22562:22564 IncRefs 0 refcount change on invalid ref 1 ret -22
[  825.827635] binder: BINDER_SET_CONTEXT_MGR already set
[  825.827644] binder: 22570:22571 ioctl 40046207 0 returned -16
[  825.827753] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:13 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:13 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  825.827772] binder: 22570:22571 transaction failed 29189/-3, size 24-8 line 3136
[  825.827856] binder: undelivered TRANSACTION_ERROR: 29189
[  825.827940] binder: 22570:22571 IncRefs 0 refcount change on invalid ref 1 ret -22
[  825.883399] binder: BINDER_SET_CONTEXT_MGR already set
[  825.883409] binder: 22581:22585 ioctl 40046207 0 returned -16
[  825.883524] binder_alloc: 30679: binder_alloc_buf, no vma
[  825.883544] binder: 22581:22585 transaction failed 29189/-3, size 24-8 line 3136
[  825.884697] binder: undelivered TRANSACTION_ERROR: 29189
[  825.888675] binder: 22581:22585 IncRefs 0 refcount change on invalid ref 1 ret -22
[  825.947257] binder: BINDER_SET_CONTEXT_MGR already set
[  825.947266] binder: 22596:22599 ioctl 40046207 0 returned -16
[  825.947373] binder_alloc: 30679: binder_alloc_buf, no vma
[  825.947392] binder: 22596:22599 transaction failed 29189/-3, size 24-8 line 3136
[  825.947477] binder: undelivered TRANSACTION_ERROR: 29189
[  825.947559] binder: 22596:22599 IncRefs 0 refcount change on invalid ref 1 ret -22
[  826.061009] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:13 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:13 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:13 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:13 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:13 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:13 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:13 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:13 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:13 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  826.061030] binder: 22605:22608 transaction failed 29189/-3, size 24-8 line 3136
[  826.061111] binder: undelivered TRANSACTION_ERROR: 29189
[  826.087222] binder: BINDER_SET_CONTEXT_MGR already set
[  826.087230] binder: 22635:22636 ioctl 40046207 0 returned -16
[  826.087331] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:13 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:13 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:13 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  826.087349] binder: 22635:22636 transaction failed 29189/-3, size 24-8 line 3136
[  826.087425] binder: undelivered TRANSACTION_ERROR: 29189
[  826.087498] binder: 22635:22636 IncRefs 0 refcount change on invalid ref 1 ret -22
[  826.226494] binder: BINDER_SET_CONTEXT_MGR already set
[  826.226502] binder: 22645:22649 ioctl 40046207 0 returned -16
[  826.226610] binder_alloc: 30679: binder_alloc_buf, no vma
[  826.226629] binder: 22645:22649 transaction failed 29189/-3, size 24-8 line 3136
[  826.226715] binder: undelivered TRANSACTION_ERROR: 29189
[  826.226793] binder: 22645:22649 IncRefs 0 refcount change on invalid ref 1 ret -22
[  826.273360] binder: BINDER_SET_CONTEXT_MGR already set
[  826.273368] binder: 22657:22661 ioctl 40046207 0 returned -16
[  826.273473] binder_alloc: 30679: binder_alloc_buf, no vma
[  826.273492] binder: 22657:22661 transaction failed 29189/-3, size 24-8 line 3136
[  826.274805] binder: undelivered TRANSACTION_ERROR: 29189
[  826.274906] binder: 22657:22661 IncRefs 0 refcount change on invalid ref 1 ret -22
[  826.324299] binder: BINDER_SET_CONTEXT_MGR already set
[  826.324308] binder: 22664:22669 ioctl 40046207 0 returned -16
14:52:13 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:13 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:13 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:13 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:13 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:13 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:13 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  826.324402] binder_alloc: 30679: binder_alloc_buf, no vma
[  826.324421] binder: 22664:22669 transaction failed 29189/-3, size 24-8 line 3136
[  826.324493] binder: undelivered TRANSACTION_ERROR: 29189
[  826.324562] binder: 22664:22669 IncRefs 0 refcount change on invalid ref 1 ret -22
[  826.379836] binder: BINDER_SET_CONTEXT_MGR already set
14:52:13 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:13 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:13 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:13 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:13 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  826.379845] binder: 22680:22681 ioctl 40046207 0 returned -16
[  826.379953] binder_alloc: 30679: binder_alloc_buf, no vma
[  826.379970] binder: 22680:22681 transaction failed 29189/-3, size 24-8 line 3136
14:52:13 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:13 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:13 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:13 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:13 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:13 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  826.380054] binder: undelivered TRANSACTION_ERROR: 29189
[  826.386012] binder: 22680:22681 IncRefs 0 refcount change on invalid ref 1 ret -22
[  826.461110] binder: BINDER_SET_CONTEXT_MGR already set
[  826.461120] binder: 22697:22702 ioctl 40046207 0 returned -16
[  826.461215] binder_alloc: 30679: binder_alloc_buf, no vma
[  826.461234] binder: 22697:22702 transaction failed 29189/-3, size 24-8 line 3136
14:52:13 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  826.461658] binder: undelivered TRANSACTION_ERROR: 29189
[  826.461731] binder: 22697:22702 IncRefs 0 refcount change on invalid ref 1 ret -22
[  826.531708] binder: BINDER_SET_CONTEXT_MGR already set
[  826.531723] binder: 22716:22717 ioctl 40046207 0 returned -16
[  826.531913] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:13 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:13 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:14 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:14 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:14 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

[  826.531931] binder: 22716:22717 transaction failed 29189/-3, size 24-8 line 3136
[  826.532021] binder: undelivered TRANSACTION_ERROR: 29189
[  826.532089] binder: 22716:22717 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:14 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:14 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:14 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  826.586816] binder: BINDER_SET_CONTEXT_MGR already set
[  826.586822] binder: 22726:22731 ioctl 40046207 0 returned -16
14:52:14 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:14 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:14 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:14 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  826.586921] binder_alloc: 30679: binder_alloc_buf, no vma
[  826.586940] binder: 22726:22731 transaction failed 29189/-3, size 24-8 line 3136
[  826.587826] binder: undelivered TRANSACTION_ERROR: 29189
14:52:14 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:14 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:14 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:14 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  826.587975] binder: 22726:22731 IncRefs 0 refcount change on invalid ref 1 ret -22
[  826.695589] binder: BINDER_SET_CONTEXT_MGR already set
[  826.695599] binder: 22749:22752 ioctl 40046207 0 returned -16
[  826.695719] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:14 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:14 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:14 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:14 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:14 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  826.695738] binder: 22749:22752 transaction failed 29189/-3, size 24-8 line 3136
[  826.696494] binder: undelivered TRANSACTION_ERROR: 29189
[  826.696646] binder: 22749:22752 IncRefs 0 refcount change on invalid ref 1 ret -22
[  826.843560] binder: BINDER_SET_CONTEXT_MGR already set
[  826.843570] binder: 22760:22762 ioctl 40046207 0 returned -16
[  826.843669] binder_alloc: 30679: binder_alloc_buf, no vma
[  826.843688] binder: 22760:22762 transaction failed 29189/-3, size 24-8 line 3136
14:52:14 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:14 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:14 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:14 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:14 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  826.844197] binder: undelivered TRANSACTION_ERROR: 29189
[  826.844276] binder: 22760:22762 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:14 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:14 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  826.916087] binder: BINDER_SET_CONTEXT_MGR already set
[  826.916096] binder: 22771:22780 ioctl 40046207 0 returned -16
[  826.916190] binder_alloc: 30679: binder_alloc_buf, no vma
[  826.916208] binder: 22771:22780 transaction failed 29189/-3, size 24-8 line 3136
[  826.916280] binder: undelivered TRANSACTION_ERROR: 29189
[  826.916450] binder: 22771:22780 IncRefs 0 refcount change on invalid ref 1 ret -22
[  827.055121] binder: BINDER_SET_CONTEXT_MGR already set
[  827.055135] binder: 22790:22792 ioctl 40046207 0 returned -16
[  827.055218] binder_alloc: 30679: binder_alloc_buf, no vma
[  827.055234] binder: 22790:22792 transaction failed 29189/-3, size 24-8 line 3136
[  827.055304] binder: undelivered TRANSACTION_ERROR: 29189
[  827.055374] binder: 22790:22792 IncRefs 0 refcount change on invalid ref 1 ret -22
[  827.093526] binder: BINDER_SET_CONTEXT_MGR already set
[  827.093536] binder: 22801:22805 ioctl 40046207 0 returned -16
14:52:14 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:14 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:14 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  827.093630] binder_alloc: 30679: binder_alloc_buf, no vma
[  827.093648] binder: 22801:22805 transaction failed 29189/-3, size 24-8 line 3136
14:52:14 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:14 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:14 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:14 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  827.093720] binder: undelivered TRANSACTION_ERROR: 29189
[  827.093788] binder: 22801:22805 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:14 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:14 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:14 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:14 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:14 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  827.161037] binder: BINDER_SET_CONTEXT_MGR already set
[  827.161046] binder: 22818:22822 ioctl 40046207 0 returned -16
[  827.161207] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:14 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:14 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:14 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:14 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  827.161226] binder: 22818:22822 transaction failed 29189/-3, size 24-8 line 3136
[  827.161313] binder: undelivered TRANSACTION_ERROR: 29189
14:52:14 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:14 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:14 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:14 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:14 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:14 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  827.161400] binder: 22818:22822 IncRefs 0 refcount change on invalid ref 1 ret -22
[  827.215401] binder: BINDER_SET_CONTEXT_MGR already set
14:52:14 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:14 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:14 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:14 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:14 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  827.215410] binder: 22829:22832 ioctl 40046207 0 returned -16
[  827.215517] binder_alloc: 30679: binder_alloc_buf, no vma
[  827.215536] binder: 22829:22832 transaction failed 29189/-3, size 24-8 line 3136
14:52:14 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:14 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:14 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:14 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  827.216044] binder: undelivered TRANSACTION_ERROR: 29189
[  827.216131] binder: 22829:22832 IncRefs 0 refcount change on invalid ref 1 ret -22
[  827.295646] binder: BINDER_SET_CONTEXT_MGR already set
[  827.295656] binder: 22846:22849 ioctl 40046207 0 returned -16
14:52:14 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:14 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:14 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  827.296231] binder_alloc: 30679: binder_alloc_buf, no vma
[  827.296493] binder: 22846:22849 transaction failed 29189/-3, size 24-8 line 3136
14:52:14 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:14 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:14 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:14 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:14 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  827.296909] binder: undelivered TRANSACTION_ERROR: 29189
[  827.296999] binder: 22846:22849 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:14 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:14 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  827.365677] binder: BINDER_SET_CONTEXT_MGR already set
14:52:14 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:14 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:14 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:14 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  827.365687] binder: 22856:22857 ioctl 40046207 0 returned -16
[  827.365785] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:15 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:15 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  827.365804] binder: 22856:22857 transaction failed 29189/-3, size 24-8 line 3136
[  827.365893] binder: undelivered TRANSACTION_ERROR: 29189
[  827.365968] binder: 22856:22857 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:15 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:15 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:15 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:15 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:15 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:15 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  827.470781] binder: BINDER_SET_CONTEXT_MGR already set
[  827.470791] binder: 22873:22880 ioctl 40046207 0 returned -16
[  827.470941] binder_alloc: 30679: binder_alloc_buf, no vma
[  827.470960] binder: 22873:22880 transaction failed 29189/-3, size 24-8 line 3136
14:52:15 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:15 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:15 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  827.471148] binder: undelivered TRANSACTION_ERROR: 29189
[  827.471241] binder: 22873:22880 IncRefs 0 refcount change on invalid ref 1 ret -22
[  827.537826] binder: BINDER_SET_CONTEXT_MGR already set
14:52:15 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:15 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:15 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:15 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  827.537835] binder: 22892:22897 ioctl 40046207 0 returned -16
[  827.537943] binder_alloc: 30679: binder_alloc_buf, no vma
[  827.537963] binder: 22892:22897 transaction failed 29189/-3, size 24-8 line 3136
14:52:15 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:15 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:15 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  827.538040] binder: undelivered TRANSACTION_ERROR: 29189
14:52:15 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:15 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:15 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  827.538372] binder: 22892:22897 IncRefs 0 refcount change on invalid ref 1 ret -22
** 4 printk messages dropped ** [  827.624105] binder: undelivered TRANSACTION_ERROR: 29189
[  827.624201] binder: 22910:22918 IncRefs 0 refcount change on invalid ref 1 ret -22
[  827.688092] binder: BINDER_SET_CONTEXT_MGR already set
14:52:15 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:15 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:15 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:15 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  827.688100] binder: 22929:22931 ioctl 40046207 0 returned -16
[  827.688201] binder_alloc: 30679: binder_alloc_buf, no vma
[  827.688221] binder: 22929:22931 transaction failed 29189/-3, size 24-8 line 3136
14:52:15 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:15 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:15 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:15 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  827.688296] binder: undelivered TRANSACTION_ERROR: 29189
[  827.688386] binder: 22929:22931 IncRefs 0 refcount change on invalid ref 1 ret -22
[  827.744943] binder: BINDER_SET_CONTEXT_MGR already set
14:52:15 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:15 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:15 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:15 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:15 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

** 3 printk messages dropped ** [  827.745139] binder: undelivered TRANSACTION_ERROR: 29189
** 5 printk messages dropped ** [  827.794579] binder: undelivered TRANSACTION_ERROR: 29189
14:52:15 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:15 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:15 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  827.796667] binder: 22955:22958 IncRefs 0 refcount change on invalid ref 1 ret -22
[  827.896560] binder: BINDER_SET_CONTEXT_MGR already set
[  827.896570] binder: 22973:22977 ioctl 40046207 0 returned -16
[  827.896677] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:15 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:15 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:15 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:15 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:15 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

** 1 printk messages dropped ** [  827.896781] binder: undelivered TRANSACTION_ERROR: 29189
[  827.896962] binder: 22973:22977 IncRefs 0 refcount change on invalid ref 1 ret -22
[  828.000852] binder: BINDER_SET_CONTEXT_MGR already set
14:52:15 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:15 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:15 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:15 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

** 3 printk messages dropped ** [  828.001085] binder: undelivered TRANSACTION_ERROR: 29189
14:52:15 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:15 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:15 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

** 5 printk messages dropped ** [  828.051232] binder: undelivered TRANSACTION_ERROR: 29189
14:52:15 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:15 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  828.051323] binder: 23008:23010 IncRefs 0 refcount change on invalid ref 1 ret -22
** 4 printk messages dropped ** [  828.125338] binder: undelivered TRANSACTION_ERROR: 29189
14:52:15 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:15 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:15 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:15 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  828.125437] binder: 23014:23020 IncRefs 0 refcount change on invalid ref 1 ret -22
** 4 printk messages dropped ** [  828.177094] binder: undelivered TRANSACTION_ERROR: 29189
[  828.177181] binder: 23034:23035 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:15 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  828.259042] binder: BINDER_SET_CONTEXT_MGR already set
14:52:15 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

** 3 printk messages dropped ** [  828.259247] binder: undelivered TRANSACTION_ERROR: 29189
[  828.259319] binder: 23045:23051 IncRefs 0 refcount change on invalid ref 1 ret -22
[  828.340176] binder: BINDER_SET_CONTEXT_MGR already set
[  828.340186] binder: 23057:23067 ioctl 40046207 0 returned -16
14:52:15 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:15 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:15 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:15 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:15 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:15 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:15 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:16 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:16 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  828.343548] binder_alloc: 30679: binder_alloc_buf, no vma
[  828.343569] binder: 23057:23067 transaction failed 29189/-3, size 24-8 line 3136
[  828.344927] binder: undelivered TRANSACTION_ERROR: 29189
[  828.346118] binder: 23057:23067 IncRefs 0 refcount change on invalid ref 1 ret -22
[  828.482228] binder: BINDER_SET_CONTEXT_MGR already set
[  828.482237] binder: 23093:23098 ioctl 40046207 0 returned -16
14:52:16 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:16 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:16 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  828.482334] binder_alloc: 30679: binder_alloc_buf, no vma
** 1 printk messages dropped ** [  828.482430] binder: undelivered TRANSACTION_ERROR: 29189
[  828.482500] binder: 23093:23098 IncRefs 0 refcount change on invalid ref 1 ret -22
[  828.525171] binder: BINDER_SET_CONTEXT_MGR already set
[  828.525181] binder: 23106:23107 ioctl 40046207 0 returned -16
[  828.525327] binder_alloc: 30679: binder_alloc_buf, no vma
[  828.525345] binder: 23106:23107 transaction failed 29189/-3, size 24-8 line 3136
14:52:16 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:16 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:16 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:16 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:16 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:16 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:16 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:16 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:16 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  828.533492] binder: undelivered TRANSACTION_ERROR: 29189
[  828.533611] binder: 23106:23107 IncRefs 0 refcount change on invalid ref 1 ret -22
[  828.588609] binder: BINDER_SET_CONTEXT_MGR already set
14:52:16 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:16 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:16 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  828.588618] binder: 23116:23117 ioctl 40046207 0 returned -16
14:52:16 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:16 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:16 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:16 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:16 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:16 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

** 2 printk messages dropped ** [  828.588811] binder: undelivered TRANSACTION_ERROR: 29189
[  828.588894] binder: 23116:23117 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:16 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:16 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

** 4 printk messages dropped ** [  828.678696] binder: undelivered TRANSACTION_ERROR: 29189
14:52:16 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:16 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:16 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:16 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:16 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:16 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:16 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

** 5 printk messages dropped ** [  828.787459] binder: undelivered TRANSACTION_ERROR: 29189
[  828.787538] binder: 23149:23154 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:16 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:16 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:16 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:16 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  828.842473] binder: BINDER_SET_CONTEXT_MGR already set
** 3 printk messages dropped ** [  828.842675] binder: undelivered TRANSACTION_ERROR: 29189
14:52:16 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  828.842748] binder: 23159:23163 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:16 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:16 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:16 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:16 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:16 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:16 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

** 4 printk messages dropped ** [  828.887711] binder: undelivered TRANSACTION_ERROR: 29189
[  828.887780] binder: 23174:23175 IncRefs 0 refcount change on invalid ref 1 ret -22
[  828.942484] binder: BINDER_SET_CONTEXT_MGR already set
14:52:16 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:16 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:16 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:16 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:16 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

** 3 printk messages dropped ** [  828.942962] binder: undelivered TRANSACTION_ERROR: 29189
[  828.943044] binder: 23179:23189 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:16 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:16 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:16 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:16 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 4 printk messages dropped ** [  829.002755] binder: undelivered TRANSACTION_ERROR: 29189
** 5 printk messages dropped ** [  829.081160] binder: undelivered TRANSACTION_ERROR: 29189
[  829.081231] binder: 23204:23216 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:16 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:16 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:16 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:16 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  829.140290] binder: BINDER_SET_CONTEXT_MGR already set
[  829.140313] binder: 23223:23228 ioctl 40046207 0 returned -16
[  829.141999] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:16 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:16 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:16 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:16 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:16 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

** 1 printk messages dropped ** [  829.142266] binder: undelivered TRANSACTION_ERROR: 29189
14:52:16 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:16 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:16 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:16 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:16 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 5 printk messages dropped ** [  829.204334] binder: undelivered TRANSACTION_ERROR: 29189
[  829.204412] binder: 23233:23237 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:16 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:16 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:16 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:16 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

** 4 printk messages dropped ** [  829.253832] binder: undelivered TRANSACTION_ERROR: 29189
[  829.253928] binder: 23249:23252 IncRefs 0 refcount change on invalid ref 1 ret -22
[  829.333855] binder: BINDER_SET_CONTEXT_MGR already set
[  829.333864] binder: 23262:23263 ioctl 40046207 0 returned -16
[  829.334071] binder_alloc: 30679: binder_alloc_buf, no vma
[  829.334091] binder: 23262:23263 transaction failed 29189/-3, size 24-8 line 3136
14:52:16 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:16 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:16 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:16 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:17 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  829.334171] binder: undelivered TRANSACTION_ERROR: 29189
[  829.334239] binder: 23262:23263 IncRefs 0 refcount change on invalid ref 1 ret -22
[  829.370323] binder: BINDER_SET_CONTEXT_MGR already set
[  829.370333] binder: 23277:23280 ioctl 40046207 0 returned -16
14:52:17 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:17 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:17 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:17 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:17 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:17 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

** 2 printk messages dropped ** [  829.371057] binder: undelivered TRANSACTION_ERROR: 29189
[  829.371134] binder: 23277:23280 IncRefs 0 refcount change on invalid ref 1 ret -22
[  829.437417] binder: BINDER_SET_CONTEXT_MGR already set
[  829.437426] binder: 23287:23294 ioctl 40046207 0 returned -16
[  829.437520] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:17 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:17 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:17 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:17 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

** 1 printk messages dropped ** [  829.437612] binder: undelivered TRANSACTION_ERROR: 29189
[  829.437681] binder: 23287:23294 IncRefs 0 refcount change on invalid ref 1 ret -22
[  829.508465] binder: BINDER_SET_CONTEXT_MGR already set
14:52:17 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:17 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  829.508474] binder: 23303:23306 ioctl 40046207 0 returned -16
[  829.508692] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:17 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:17 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:17 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:17 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

** 1 printk messages dropped ** [  829.508787] binder: undelivered TRANSACTION_ERROR: 29189
[  829.508859] binder: 23303:23306 IncRefs 0 refcount change on invalid ref 1 ret -22
[  829.641038] binder: BINDER_SET_CONTEXT_MGR already set
[  829.641047] binder: 23322:23340 ioctl 40046207 0 returned -16
14:52:17 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:17 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:17 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:17 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

** 2 printk messages dropped ** [  829.643237] binder: undelivered TRANSACTION_ERROR: 29189
[  829.643320] binder: 23322:23340 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:17 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:17 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:17 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

** 4 printk messages dropped ** [  829.722406] binder: undelivered TRANSACTION_ERROR: 29189
[  829.722488] binder: 23347:23353 IncRefs 0 refcount change on invalid ref 1 ret -22
[  829.781811] binder: BINDER_SET_CONTEXT_MGR already set
[  829.781819] binder: 23362:23371 ioctl 40046207 0 returned -16
[  829.782996] binder_alloc: 30679: binder_alloc_buf, no vma
[  829.783016] binder: 23362:23371 transaction failed 29189/-3, size 24-8 line 3136
[  829.783092] binder: undelivered TRANSACTION_ERROR: 29189
[  829.783165] binder: 23362:23371 IncRefs 0 refcount change on invalid ref 1 ret -22
[  829.851986] binder: BINDER_SET_CONTEXT_MGR already set
[  829.851995] binder: 23380:23390 ioctl 40046207 0 returned -16
[  829.852092] binder_alloc: 30679: binder_alloc_buf, no vma
[  829.852111] binder: 23380:23390 transaction failed 29189/-3, size 24-8 line 3136
[  829.852185] binder: undelivered TRANSACTION_ERROR: 29189
[  829.852254] binder: 23380:23390 IncRefs 0 refcount change on invalid ref 1 ret -22
[  829.889904] binder: BINDER_SET_CONTEXT_MGR already set
14:52:17 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:17 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:17 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:17 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  829.889913] binder: 23393:23395 ioctl 40046207 0 returned -16
[  829.890009] binder_alloc: 30679: binder_alloc_buf, no vma
[  829.890029] binder: 23393:23395 transaction failed 29189/-3, size 24-8 line 3136
[  829.890102] binder: undelivered TRANSACTION_ERROR: 29189
14:52:17 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:17 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:17 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:17 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  829.890172] binder: 23393:23395 IncRefs 0 refcount change on invalid ref 1 ret -22
[  829.950358] binder: BINDER_SET_CONTEXT_MGR already set
[  829.950379] binder: 23411:23415 ioctl 40046207 0 returned -16
[  829.950492] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:17 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:17 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:17 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:17 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  829.950512] binder: 23411:23415 transaction failed 29189/-3, size 24-8 line 3136
[  829.950598] binder: undelivered TRANSACTION_ERROR: 29189
[  829.950678] binder: 23411:23415 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:17 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:17 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:17 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:17 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:17 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:17 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:17 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  830.047030] binder: BINDER_SET_CONTEXT_MGR already set
[  830.047039] binder: 23426:23432 ioctl 40046207 0 returned -16
[  830.047143] binder_alloc: 30679: binder_alloc_buf, no vma
[  830.047163] binder: 23426:23432 transaction failed 29189/-3, size 24-8 line 3136
[  830.047240] binder: undelivered TRANSACTION_ERROR: 29189
14:52:17 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:17 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:17 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:17 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  830.047314] binder: 23426:23432 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:17 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:17 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:17 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:17 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:17 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  830.113115] binder: BINDER_SET_CONTEXT_MGR already set
** 3 printk messages dropped ** [  830.113317] binder: undelivered TRANSACTION_ERROR: 29189
[  830.113386] binder: 23445:23449 IncRefs 0 refcount change on invalid ref 1 ret -22
[  830.198357] binder: BINDER_SET_CONTEXT_MGR already set
14:52:17 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:17 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:17 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:17 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:17 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  830.198381] binder: 23464:23469 ioctl 40046207 0 returned -16
** 2 printk messages dropped ** [  830.198646] binder: undelivered TRANSACTION_ERROR: 29189
[  830.198717] binder: 23464:23469 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:17 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:17 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:17 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:17 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:17 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

** 4 printk messages dropped ** [  830.283618] binder: undelivered TRANSACTION_ERROR: 29189
[  830.283950] binder: 23481:23484 IncRefs 0 refcount change on invalid ref 1 ret -22
[  830.343828] binder: BINDER_SET_CONTEXT_MGR already set
[  830.343838] binder: 23495:23502 ioctl 40046207 0 returned -16
[  830.344923] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:17 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:17 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:17 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  830.344943] binder: 23495:23502 transaction failed 29189/-3, size 24-8 line 3136
[  830.345025] binder: undelivered TRANSACTION_ERROR: 29189
[  830.345419] binder: 23495:23502 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:17 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:17 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:17 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  830.435375] binder: BINDER_SET_CONTEXT_MGR already set
[  830.435385] binder: 23517:23519 ioctl 40046207 0 returned -16
[  830.435495] binder_alloc: 30679: binder_alloc_buf, no vma
[  830.435515] binder: 23517:23519 transaction failed 29189/-3, size 24-8 line 3136
[  830.435602] binder: undelivered TRANSACTION_ERROR: 29189
14:52:18 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:18 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:18 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  830.435685] binder: 23517:23519 IncRefs 0 refcount change on invalid ref 1 ret -22
[  830.485587] binder: BINDER_SET_CONTEXT_MGR already set
[  830.485596] binder: 23527:23529 ioctl 40046207 0 returned -16
[  830.485695] binder_alloc: 30679: binder_alloc_buf, no vma
[  830.485714] binder: 23527:23529 transaction failed 29189/-3, size 24-8 line 3136
14:52:18 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:18 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:18 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:18 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:18 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:18 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  830.485793] binder: undelivered TRANSACTION_ERROR: 29189
[  830.485874] binder: 23527:23529 IncRefs 0 refcount change on invalid ref 1 ret -22
[  830.569736] binder: BINDER_SET_CONTEXT_MGR already set
[  830.569749] binder: 23540:23543 ioctl 40046207 0 returned -16
14:52:18 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:18 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:18 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:18 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:18 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  830.569859] binder_alloc: 30679: binder_alloc_buf, no vma
[  830.569888] binder: 23540:23543 transaction failed 29189/-3, size 24-8 line 3136
[  830.569977] binder: undelivered TRANSACTION_ERROR: 29189
[  830.570047] binder: 23540:23543 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:18 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:18 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:18 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:18 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:18 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

** 4 printk messages dropped ** [  830.638520] binder: undelivered TRANSACTION_ERROR: 29189
[  830.638601] binder: 23559:23562 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:18 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:18 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:18 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:18 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:18 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  830.675807] binder: BINDER_SET_CONTEXT_MGR already set
[  830.675816] binder: 23565:23570 ioctl 40046207 0 returned -16
** 2 printk messages dropped ** [  830.676016] binder: undelivered TRANSACTION_ERROR: 29189
14:52:18 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:18 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:18 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:18 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  830.676085] binder: 23565:23570 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:18 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:18 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:18 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:18 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

** 4 printk messages dropped ** [  830.726330] binder: undelivered TRANSACTION_ERROR: 29189
14:52:18 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:18 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:18 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:18 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  830.726402] binder: 23578:23582 IncRefs 0 refcount change on invalid ref 1 ret -22
[  830.759845] binder: BINDER_SET_CONTEXT_MGR already set
14:52:18 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:18 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:18 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:18 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:18 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  830.759854] binder: 23588:23593 ioctl 40046207 0 returned -16
** 2 printk messages dropped ** [  830.760085] binder: undelivered TRANSACTION_ERROR: 29189
14:52:18 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:18 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:18 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

** 5 printk messages dropped ** [  830.796663] binder: undelivered TRANSACTION_ERROR: 29189
[  830.796746] binder: 23595:23599 IncRefs 0 refcount change on invalid ref 1 ret -22
[  830.825946] binder: BINDER_SET_CONTEXT_MGR already set
[  830.825955] binder: 23605:23606 ioctl 40046207 0 returned -16
14:52:18 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:18 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:18 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:18 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:18 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  830.826053] binder_alloc: 30679: binder_alloc_buf, no vma
** 1 printk messages dropped ** [  830.826146] binder: undelivered TRANSACTION_ERROR: 29189
[  830.826217] binder: 23605:23606 IncRefs 0 refcount change on invalid ref 1 ret -22
[  830.878275] binder: BINDER_SET_CONTEXT_MGR already set
14:52:18 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:18 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:18 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:18 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:18 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  830.878285] binder: 23615:23619 ioctl 40046207 0 returned -16
[  830.878392] binder_alloc: 30679: binder_alloc_buf, no vma
[  830.878410] binder: 23615:23619 transaction failed 29189/-3, size 24-8 line 3136
14:52:18 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:18 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:18 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:18 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  830.890229] binder: undelivered TRANSACTION_ERROR: 29189
[  830.890338] binder: 23615:23619 IncRefs 0 refcount change on invalid ref 1 ret -22
[  830.963840] binder: BINDER_SET_CONTEXT_MGR already set
[  830.963850] binder: 23627:23636 ioctl 40046207 0 returned -16
[  830.963964] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:18 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:18 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:18 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:18 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  830.964092] binder: 23627:23636 transaction failed 29189/-3, size 24-8 line 3136
14:52:18 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:18 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:18 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:18 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  830.964171] binder: undelivered TRANSACTION_ERROR: 29189
** 5 printk messages dropped ** [  831.066896] binder: undelivered TRANSACTION_ERROR: 29189
[  831.066984] binder: 23658:23662 IncRefs 0 refcount change on invalid ref 1 ret -22
** 4 printk messages dropped ** [  831.120335] binder: undelivered TRANSACTION_ERROR: 29189
[  831.120405] binder: 23669:23670 IncRefs 0 refcount change on invalid ref 1 ret -22
[  831.157912] binder: BINDER_SET_CONTEXT_MGR already set
[  831.157920] binder: 23681:23685 ioctl 40046207 0 returned -16
[  831.158015] binder_alloc: 30679: binder_alloc_buf, no vma
[  831.158033] binder: 23681:23685 transaction failed 29189/-3, size 24-8 line 3136
[  831.158107] binder: undelivered TRANSACTION_ERROR: 29189
[  831.158178] binder: 23681:23685 IncRefs 0 refcount change on invalid ref 1 ret -22
[  831.223713] binder: BINDER_SET_CONTEXT_MGR already set
[  831.223724] binder: 23692:23698 ioctl 40046207 0 returned -16
[  831.223823] binder_alloc: 30679: binder_alloc_buf, no vma
[  831.223843] binder: 23692:23698 transaction failed 29189/-3, size 24-8 line 3136
[  831.223932] binder: undelivered TRANSACTION_ERROR: 29189
[  831.224047] binder: 23692:23698 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:19 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:19 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:19 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:19 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:19 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  831.270500] binder: BINDER_SET_CONTEXT_MGR already set
[  831.270509] binder: 23706:23708 ioctl 40046207 0 returned -16
14:52:19 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:19 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:19 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:19 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:19 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:19 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:19 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  831.270604] binder_alloc: 30679: binder_alloc_buf, no vma
[  831.270623] binder: 23706:23708 transaction failed 29189/-3, size 24-8 line 3136
14:52:19 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:19 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:19 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:19 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  831.270695] binder: undelivered TRANSACTION_ERROR: 29189
[  831.270764] binder: 23706:23708 IncRefs 0 refcount change on invalid ref 1 ret -22
[  831.332117] binder: BINDER_SET_CONTEXT_MGR already set
[  831.332127] binder: 23714:23716 ioctl 40046207 0 returned -16
[  831.332297] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:19 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:19 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:19 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  831.332316] binder: 23714:23716 transaction failed 29189/-3, size 24-8 line 3136
14:52:19 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:19 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:19 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:19 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:19 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  831.332395] binder: undelivered TRANSACTION_ERROR: 29189
[  831.332466] binder: 23714:23716 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:19 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:19 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:19 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:19 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:19 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:19 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

** 4 printk messages dropped ** [  831.398526] binder: undelivered TRANSACTION_ERROR: 29189
[  831.398608] binder: 23725:23731 IncRefs 0 refcount change on invalid ref 1 ret -22
[  831.448400] binder: BINDER_SET_CONTEXT_MGR already set
[  831.448411] binder: 23737:23742 ioctl 40046207 0 returned -16
[  831.448513] binder_alloc: 30679: binder_alloc_buf, no vma
[  831.448533] binder: 23737:23742 transaction failed 29189/-3, size 24-8 line 3136
14:52:19 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:19 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:19 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:19 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:19 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:19 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:19 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:19 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  831.448611] binder: undelivered TRANSACTION_ERROR: 29189
[  831.449482] binder: 23737:23742 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:19 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:19 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:19 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

** 4 printk messages dropped ** [  831.512559] binder: undelivered TRANSACTION_ERROR: 29189
[  831.514451] binder: 23752:23754 IncRefs 0 refcount change on invalid ref 1 ret -22
[  831.585405] binder: BINDER_SET_CONTEXT_MGR already set
[  831.585414] binder: 23766:23771 ioctl 40046207 0 returned -16
14:52:19 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:19 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  831.585510] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:19 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:19 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:19 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:19 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:19 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

** 1 printk messages dropped ** [  831.585596] binder: undelivered TRANSACTION_ERROR: 29189
** 5 printk messages dropped ** [  831.653775] binder: undelivered TRANSACTION_ERROR: 29189
14:52:19 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:19 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:19 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  831.653860] binder: 23783:23787 IncRefs 0 refcount change on invalid ref 1 ret -22
[  831.718001] binder: BINDER_SET_CONTEXT_MGR already set
[  831.718011] binder: 23797:23803 ioctl 40046207 0 returned -16
[  831.718108] binder_alloc: 30679: binder_alloc_buf, no vma
[  831.718128] binder: 23797:23803 transaction failed 29189/-3, size 24-8 line 3136
[  831.718200] binder: undelivered TRANSACTION_ERROR: 29189
[  831.718269] binder: 23797:23803 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:19 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  831.796437] binder: BINDER_SET_CONTEXT_MGR already set
[  831.796446] binder: 23812:23818 ioctl 40046207 0 returned -16
[  831.796878] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:19 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:19 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:19 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:19 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:19 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:19 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  831.796899] binder: 23812:23818 transaction failed 29189/-3, size 24-8 line 3136
[  831.801005] binder: undelivered TRANSACTION_ERROR: 29189
14:52:19 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:19 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:19 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:19 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  831.801453] binder: 23812:23818 IncRefs 0 refcount change on invalid ref 1 ret -22
[  831.918620] binder: BINDER_SET_CONTEXT_MGR already set
[  831.918629] binder: 23836:23839 ioctl 40046207 0 returned -16
14:52:19 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:19 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:19 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:19 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:19 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

** 1 printk messages dropped ** [  831.918744] binder: 23836:23839 transaction failed 29189/-3, size 24-8 line 3136
[  831.918907] binder: undelivered TRANSACTION_ERROR: 29189
[  831.918979] binder: 23836:23839 IncRefs 0 refcount change on invalid ref 1 ret -22
[  831.986090] binder: BINDER_SET_CONTEXT_MGR already set
[  831.986099] binder: 23849:23853 ioctl 40046207 0 returned -16
14:52:19 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:19 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:19 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  831.986346] binder_alloc: 30679: binder_alloc_buf, no vma
[  831.986364] binder: 23849:23853 transaction failed 29189/-3, size 24-8 line 3136
14:52:19 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:19 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:19 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  831.994730] binder: undelivered TRANSACTION_ERROR: 29189
[  831.994876] binder: 23849:23853 IncRefs 0 refcount change on invalid ref 1 ret -22
[  832.052697] binder: BINDER_SET_CONTEXT_MGR already set
[  832.052708] binder: 23867:23870 ioctl 40046207 0 returned -16
[  832.052803] binder_alloc: 30679: binder_alloc_buf, no vma
[  832.052821] binder: 23867:23870 transaction failed 29189/-3, size 24-8 line 3136
[  832.052894] binder: undelivered TRANSACTION_ERROR: 29189
[  832.052967] binder: 23867:23870 IncRefs 0 refcount change on invalid ref 1 ret -22
[  832.135806] binder: BINDER_SET_CONTEXT_MGR already set
[  832.135816] binder: 23887:23890 ioctl 40046207 0 returned -16
[  832.135913] binder_alloc: 30679: binder_alloc_buf, no vma
[  832.135931] binder: 23887:23890 transaction failed 29189/-3, size 24-8 line 3136
[  832.136006] binder: undelivered TRANSACTION_ERROR: 29189
[  832.136075] binder: 23887:23890 IncRefs 0 refcount change on invalid ref 1 ret -22
[  832.195696] binder: BINDER_SET_CONTEXT_MGR already set
[  832.195706] binder: 23898:23904 ioctl 40046207 0 returned -16
14:52:20 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:20 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  832.196031] binder_alloc: 30679: binder_alloc_buf, no vma
[  832.196050] binder: 23898:23904 transaction failed 29189/-3, size 24-8 line 3136
[  832.196635] binder: undelivered TRANSACTION_ERROR: 29189
[  832.197863] binder: 23898:23904 IncRefs 0 refcount change on invalid ref 1 ret -22
[  832.333114] binder: BINDER_SET_CONTEXT_MGR already set
[  832.333123] binder: 23911:23912 ioctl 40046207 0 returned -16
[  832.333219] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:20 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:20 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:20 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:20 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  832.333237] binder: 23911:23912 transaction failed 29189/-3, size 24-8 line 3136
[  832.333311] binder: undelivered TRANSACTION_ERROR: 29189
[  832.333455] binder: 23911:23912 IncRefs 0 refcount change on invalid ref 1 ret -22
[  832.404264] binder: BINDER_SET_CONTEXT_MGR already set
14:52:20 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:20 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  832.404272] binder: 23930:23936 ioctl 40046207 0 returned -16
[  832.405358] binder_alloc: 30679: binder_alloc_buf, no vma
[  832.405376] binder: 23930:23936 transaction failed 29189/-3, size 24-8 line 3136
14:52:20 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:20 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:20 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:20 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:20 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

[  832.412883] binder: undelivered TRANSACTION_ERROR: 29189
[  832.415515] binder: 23930:23936 IncRefs 0 refcount change on invalid ref 1 ret -22
[  832.511224] binder: BINDER_SET_CONTEXT_MGR already set
[  832.511241] binder: 23945:23957 ioctl 40046207 0 returned -16
[  832.512467] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:20 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:20 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:20 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:20 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  832.512488] binder: 23945:23957 transaction failed 29189/-3, size 24-8 line 3136
[  832.513468] binder: undelivered TRANSACTION_ERROR: 29189
[  832.514753] binder: 23945:23957 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:20 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:20 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:20 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:20 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  832.593595] binder: BINDER_SET_CONTEXT_MGR already set
[  832.593605] binder: 23970:23972 ioctl 40046207 0 returned -16
14:52:20 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:20 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:20 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:20 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:20 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:20 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  832.593787] binder_alloc: 30679: binder_alloc_buf, no vma
[  832.593805] binder: 23970:23972 transaction failed 29189/-3, size 24-8 line 3136
14:52:20 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:20 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:20 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

[  832.594166] binder: undelivered TRANSACTION_ERROR: 29189
[  832.594245] binder: 23970:23972 IncRefs 0 refcount change on invalid ref 1 ret -22
[  832.636481] binder: BINDER_SET_CONTEXT_MGR already set
[  832.636491] binder: 23987:23990 ioctl 40046207 0 returned -16
[  832.636602] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:20 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:20 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:20 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  832.636621] binder: 23987:23990 transaction failed 29189/-3, size 24-8 line 3136
[  832.639751] binder: undelivered TRANSACTION_ERROR: 29189
[  832.640175] binder: 23987:23990 IncRefs 0 refcount change on invalid ref 1 ret -22
[  832.703212] binder: BINDER_SET_CONTEXT_MGR already set
[  832.703222] binder: 23996:24000 ioctl 40046207 0 returned -16
14:52:20 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:20 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  832.703334] binder_alloc: 30679: binder_alloc_buf, no vma
[  832.703353] binder: 23996:24000 transaction failed 29189/-3, size 24-8 line 3136
14:52:20 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:20 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:20 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:20 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:20 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  832.703434] binder: undelivered TRANSACTION_ERROR: 29189
[  832.703506] binder: 23996:24000 IncRefs 0 refcount change on invalid ref 1 ret -22
[  832.779089] binder: BINDER_SET_CONTEXT_MGR already set
[  832.779099] binder: 24010:24015 ioctl 40046207 0 returned -16
[  832.782080] binder_alloc: 30679: binder_alloc_buf, no vma
[  832.782100] binder: 24010:24015 transaction failed 29189/-3, size 24-8 line 3136
[  832.782374] binder: undelivered TRANSACTION_ERROR: 29189
[  832.782750] binder: 24010:24015 IncRefs 0 refcount change on invalid ref 1 ret -22
[  832.835654] binder: BINDER_SET_CONTEXT_MGR already set
[  832.835664] binder: 24028:24033 ioctl 40046207 0 returned -16
[  832.835775] binder_alloc: 30679: binder_alloc_buf, no vma
[  832.835794] binder: 24028:24033 transaction failed 29189/-3, size 24-8 line 3136
[  832.835892] binder: undelivered TRANSACTION_ERROR: 29189
[  832.836172] binder: 24028:24033 IncRefs 0 refcount change on invalid ref 1 ret -22
[  832.975522] binder: BINDER_SET_CONTEXT_MGR already set
[  832.975532] binder: 24041:24043 ioctl 40046207 0 returned -16
[  832.975630] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:20 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:20 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:20 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:20 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:20 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:20 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:20 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  832.975648] binder: 24041:24043 transaction failed 29189/-3, size 24-8 line 3136
[  832.975720] binder: undelivered TRANSACTION_ERROR: 29189
[  832.975790] binder: 24041:24043 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:20 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:20 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:20 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:20 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:20 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  833.125003] binder: BINDER_SET_CONTEXT_MGR already set
[  833.125012] binder: 24055:24057 ioctl 40046207 0 returned -16
[  833.125109] binder_alloc: 30679: binder_alloc_buf, no vma
[  833.125128] binder: 24055:24057 transaction failed 29189/-3, size 24-8 line 3136
[  833.125204] binder: undelivered TRANSACTION_ERROR: 29189
14:52:20 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:20 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:20 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  833.125272] binder: 24055:24057 IncRefs 0 refcount change on invalid ref 1 ret -22
[  833.210816] binder: BINDER_SET_CONTEXT_MGR already set
[  833.210826] binder: 24071:24076 ioctl 40046207 0 returned -16
[  833.210949] binder_alloc: 30679: binder_alloc_buf, no vma
[  833.210968] binder: 24071:24076 transaction failed 29189/-3, size 24-8 line 3136
[  833.211054] binder: undelivered TRANSACTION_ERROR: 29189
[  833.211133] binder: 24071:24076 IncRefs 0 refcount change on invalid ref 1 ret -22
[  833.251215] binder: BINDER_SET_CONTEXT_MGR already set
[  833.251225] binder: 24085:24088 ioctl 40046207 0 returned -16
[  833.251332] binder_alloc: 30679: binder_alloc_buf, no vma
[  833.251351] binder: 24085:24088 transaction failed 29189/-3, size 24-8 line 3136
[  833.251447] binder: undelivered TRANSACTION_ERROR: 29189
[  833.251528] binder: 24085:24088 IncRefs 0 refcount change on invalid ref 1 ret -22
[  833.337166] binder: BINDER_SET_CONTEXT_MGR already set
14:52:20 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:20 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  833.337176] binder: 24102:24107 ioctl 40046207 0 returned -16
[  833.337276] binder_alloc: 30679: binder_alloc_buf, no vma
[  833.337295] binder: 24102:24107 transaction failed 29189/-3, size 24-8 line 3136
[  833.338322] binder: undelivered TRANSACTION_ERROR: 29189
[  833.338432] binder: 24102:24107 IncRefs 0 refcount change on invalid ref 1 ret -22
[  833.452343] binder: BINDER_SET_CONTEXT_MGR already set
[  833.452352] binder: 24123:24128 ioctl 40046207 0 returned -16
14:52:20 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:20 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:20 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:20 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:20 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:20 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:20 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  833.452450] binder_alloc: 30679: binder_alloc_buf, no vma
[  833.452468] binder: 24123:24128 transaction failed 29189/-3, size 24-8 line 3136
[  833.452545] binder: undelivered TRANSACTION_ERROR: 29189
[  833.452612] binder: 24123:24128 IncRefs 0 refcount change on invalid ref 1 ret -22
[  833.532244] binder: BINDER_SET_CONTEXT_MGR already set
[  833.532253] binder: 24144:24149 ioctl 40046207 0 returned -16
[  833.533510] binder_alloc: 30679: binder_alloc_buf, no vma
[  833.533530] binder: 24144:24149 transaction failed 29189/-3, size 24-8 line 3136
[  833.534600] binder: undelivered TRANSACTION_ERROR: 29189
[  833.534691] binder: 24144:24149 IncRefs 0 refcount change on invalid ref 1 ret -22
[  833.585991] binder: BINDER_SET_CONTEXT_MGR already set
14:52:21 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:21 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  833.586000] binder: 24153:24157 ioctl 40046207 0 returned -16
[  833.586089] binder_alloc: 30679: binder_alloc_buf, no vma
[  833.586107] binder: 24153:24157 transaction failed 29189/-3, size 24-8 line 3136
[  833.586183] binder: undelivered TRANSACTION_ERROR: 29189
[  833.586257] binder: 24153:24157 IncRefs 0 refcount change on invalid ref 1 ret -22
[  833.645014] binder: BINDER_SET_CONTEXT_MGR already set
14:52:21 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:21 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:21 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:21 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:21 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:21 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:21 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:21 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:21 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:21 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  833.645023] binder: 24167:24171 ioctl 40046207 0 returned -16
[  833.645131] binder_alloc: 30679: binder_alloc_buf, no vma
[  833.645150] binder: 24167:24171 transaction failed 29189/-3, size 24-8 line 3136
14:52:21 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:21 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:21 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:21 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:21 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:21 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  833.645238] binder: undelivered TRANSACTION_ERROR: 29189
[  833.645391] binder: 24167:24171 IncRefs 0 refcount change on invalid ref 1 ret -22
[  833.718909] binder: BINDER_SET_CONTEXT_MGR already set
[  833.718919] binder: 24184:24188 ioctl 40046207 0 returned -16
[  833.719028] binder_alloc: 30679: binder_alloc_buf, no vma
[  833.719047] binder: 24184:24188 transaction failed 29189/-3, size 24-8 line 3136
14:52:21 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:21 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:21 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  833.719131] binder: undelivered TRANSACTION_ERROR: 29189
[  833.719218] binder: 24184:24188 IncRefs 0 refcount change on invalid ref 1 ret -22
[  833.786745] binder: BINDER_SET_CONTEXT_MGR already set
[  833.786754] binder: 24201:24207 ioctl 40046207 0 returned -16
[  833.786863] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:21 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:21 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:21 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  833.786883] binder: 24201:24207 transaction failed 29189/-3, size 24-8 line 3136
[  833.787096] binder: undelivered TRANSACTION_ERROR: 29189
[  833.787197] binder: 24201:24207 IncRefs 0 refcount change on invalid ref 1 ret -22
[  833.890181] binder: BINDER_SET_CONTEXT_MGR already set
[  833.890190] binder: 24220:24225 ioctl 40046207 0 returned -16
[  833.890422] binder_alloc: 30679: binder_alloc_buf, no vma
[  833.890441] binder: 24220:24225 transaction failed 29189/-3, size 24-8 line 3136
[  833.891552] binder: undelivered TRANSACTION_ERROR: 29189
[  833.891646] binder: 24220:24225 IncRefs 0 refcount change on invalid ref 1 ret -22
[  833.957114] binder: BINDER_SET_CONTEXT_MGR already set
[  833.957123] binder: 24239:24246 ioctl 40046207 0 returned -16
[  833.957233] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:21 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:21 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:21 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:21 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:21 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:21 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  833.957252] binder: 24239:24246 transaction failed 29189/-3, size 24-8 line 3136
[  833.958156] binder: undelivered TRANSACTION_ERROR: 29189
[  833.958249] binder: 24239:24246 IncRefs 0 refcount change on invalid ref 1 ret -22
[  834.050264] binder: BINDER_SET_CONTEXT_MGR already set
[  834.050275] binder: 24254:24260 ioctl 40046207 0 returned -16
14:52:21 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:21 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:21 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:21 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:21 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  834.050473] binder_alloc: 30679: binder_alloc_buf, no vma
[  834.050492] binder: 24254:24260 transaction failed 29189/-3, size 24-8 line 3136
14:52:21 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:21 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:21 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:21 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:21 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:21 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:21 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:21 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  834.050901] binder: undelivered TRANSACTION_ERROR: 29189
[  834.050982] binder: 24254:24260 IncRefs 0 refcount change on invalid ref 1 ret -22
[  834.248633] binder: BINDER_SET_CONTEXT_MGR already set
[  834.248644] binder: 24279:24284 ioctl 40046207 0 returned -16
[  834.248776] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:21 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:21 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:21 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:21 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:21 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  834.248794] binder: 24279:24284 transaction failed 29189/-3, size 24-8 line 3136
[  834.248875] binder: undelivered TRANSACTION_ERROR: 29189
[  834.248948] binder: 24279:24284 IncRefs 0 refcount change on invalid ref 1 ret -22
[  834.347437] binder: BINDER_SET_CONTEXT_MGR already set
[  834.347447] binder: 24298:24300 ioctl 40046207 0 returned -16
[  834.347549] binder_alloc: 30679: binder_alloc_buf, no vma
[  834.347569] binder: 24298:24300 transaction failed 29189/-3, size 24-8 line 3136
[  834.347645] binder: undelivered TRANSACTION_ERROR: 29189
[  834.347718] binder: 24298:24300 IncRefs 0 refcount change on invalid ref 1 ret -22
[  834.405536] binder: BINDER_SET_CONTEXT_MGR already set
[  834.405546] binder: 24320:24327 ioctl 40046207 0 returned -16
14:52:21 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

[  834.405653] binder_alloc: 30679: binder_alloc_buf, no vma
[  834.405672] binder: 24320:24327 transaction failed 29189/-3, size 24-8 line 3136
[  834.406381] binder: undelivered TRANSACTION_ERROR: 29189
[  834.406471] binder: 24320:24327 IncRefs 0 refcount change on invalid ref 1 ret -22
[  834.480024] binder: BINDER_SET_CONTEXT_MGR already set
[  834.480033] binder: 24329:24341 ioctl 40046207 0 returned -16
14:52:21 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:21 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:21 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:21 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:21 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:21 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:21 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  834.480131] binder_alloc: 30679: binder_alloc_buf, no vma
[  834.480150] binder: 24329:24341 transaction failed 29189/-3, size 24-8 line 3136
[  834.480223] binder: undelivered TRANSACTION_ERROR: 29189
[  834.480594] binder: 24329:24341 IncRefs 0 refcount change on invalid ref 1 ret -22
[  834.533303] binder: BINDER_SET_CONTEXT_MGR already set
14:52:21 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:21 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:21 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:21 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  834.533312] binder: 24349:24350 ioctl 40046207 0 returned -16
[  834.533424] binder_alloc: 30679: binder_alloc_buf, no vma
[  834.533444] binder: 24349:24350 transaction failed 29189/-3, size 24-8 line 3136
14:52:21 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:21 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:21 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:21 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:21 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:21 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:21 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  834.537080] binder: undelivered TRANSACTION_ERROR: 29189
[  834.537162] binder: 24349:24350 IncRefs 0 refcount change on invalid ref 1 ret -22
[  834.637021] binder: BINDER_SET_CONTEXT_MGR already set
[  834.637032] binder: 24363:24377 ioctl 40046207 0 returned -16
[  834.637139] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:21 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:21 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:21 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:21 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:21 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  834.637160] binder: 24363:24377 transaction failed 29189/-3, size 24-8 line 3136
[  834.637243] binder: undelivered TRANSACTION_ERROR: 29189
[  834.637323] binder: 24363:24377 IncRefs 0 refcount change on invalid ref 1 ret -22
[  834.656729] binder: BINDER_SET_CONTEXT_MGR already set
[  834.656738] binder: 24380:24381 ioctl 40046207 0 returned -16
[  834.656850] binder_alloc: 30679: binder_alloc_buf, no vma
[  834.656879] binder: 24380:24381 transaction failed 29189/-3, size 24-8 line 3136
[  834.656971] binder: undelivered TRANSACTION_ERROR: 29189
[  834.657052] binder: 24380:24381 IncRefs 0 refcount change on invalid ref 1 ret -22
[  834.725732] binder: BINDER_SET_CONTEXT_MGR already set
[  834.725741] binder: 24382:24385 ioctl 40046207 0 returned -16
[  834.725837] binder_alloc: 30679: binder_alloc_buf, no vma
[  834.725856] binder: 24382:24385 transaction failed 29189/-3, size 24-8 line 3136
[  834.730792] binder: undelivered TRANSACTION_ERROR: 29189
[  834.730910] binder: 24382:24385 IncRefs 0 refcount change on invalid ref 1 ret -22
[  834.784174] binder: BINDER_SET_CONTEXT_MGR already set
[  834.784183] binder: 24401:24405 ioctl 40046207 0 returned -16
14:52:22 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:22 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:22 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:22 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:22 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:22 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  834.784278] binder_alloc: 30679: binder_alloc_buf, no vma
[  834.784297] binder: 24401:24405 transaction failed 29189/-3, size 24-8 line 3136
[  834.784374] binder: undelivered TRANSACTION_ERROR: 29189
[  834.784448] binder: 24401:24405 IncRefs 0 refcount change on invalid ref 1 ret -22
[  834.873697] binder: BINDER_SET_CONTEXT_MGR already set
[  834.873706] binder: 24413:24418 ioctl 40046207 0 returned -16
[  834.873800] binder_alloc: 30679: binder_alloc_buf, no vma
[  834.873819] binder: 24413:24418 transaction failed 29189/-3, size 24-8 line 3136
14:52:22 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:22 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  834.873902] binder: undelivered TRANSACTION_ERROR: 29189
14:52:22 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:22 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:22 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:22 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  834.874097] binder: 24413:24418 IncRefs 0 refcount change on invalid ref 1 ret -22
[  834.929471] binder: BINDER_SET_CONTEXT_MGR already set
[  834.929481] binder: 24424:24432 ioctl 40046207 0 returned -16
[  834.929602] binder_alloc: 30679: binder_alloc_buf, no vma
[  834.929621] binder: 24424:24432 transaction failed 29189/-3, size 24-8 line 3136
[  834.929714] binder: undelivered TRANSACTION_ERROR: 29189
[  834.929795] binder: 24424:24432 IncRefs 0 refcount change on invalid ref 1 ret -22
[  835.013262] binder: BINDER_SET_CONTEXT_MGR already set
[  835.013272] binder: 24435:24443 ioctl 40046207 0 returned -16
[  835.013376] binder_alloc: 30679: binder_alloc_buf, no vma
[  835.013394] binder: 24435:24443 transaction failed 29189/-3, size 24-8 line 3136
[  835.015004] binder: undelivered TRANSACTION_ERROR: 29189
[  835.015419] binder: 24435:24443 IncRefs 0 refcount change on invalid ref 1 ret -22
[  835.058059] binder: BINDER_SET_CONTEXT_MGR already set
[  835.058069] binder: 24455:24458 ioctl 40046207 0 returned -16
[  835.058180] binder_alloc: 30679: binder_alloc_buf, no vma
[  835.058200] binder: 24455:24458 transaction failed 29189/-3, size 24-8 line 3136
[  835.058288] binder: undelivered TRANSACTION_ERROR: 29189
14:52:22 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:22 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:22 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:22 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  835.058367] binder: 24455:24458 IncRefs 0 refcount change on invalid ref 1 ret -22
[  835.114285] binder: BINDER_SET_CONTEXT_MGR already set
[  835.114294] binder: 24462:24465 ioctl 40046207 0 returned -16
[  835.114407] binder_alloc: 30679: binder_alloc_buf, no vma
[  835.114425] binder: 24462:24465 transaction failed 29189/-3, size 24-8 line 3136
[  835.114512] binder: undelivered TRANSACTION_ERROR: 29189
[  835.114595] binder: 24462:24465 IncRefs 0 refcount change on invalid ref 1 ret -22
[  835.153726] binder: BINDER_SET_CONTEXT_MGR already set
[  835.153733] binder: 24477:24478 ioctl 40046207 0 returned -16
[  835.153822] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:22 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:22 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:22 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:22 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:22 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

[  835.153837] binder: 24477:24478 transaction failed 29189/-3, size 24-8 line 3136
[  835.156138] binder: undelivered TRANSACTION_ERROR: 29189
[  835.156240] binder: 24477:24478 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:22 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:22 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:22 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:22 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  835.200703] binder: BINDER_SET_CONTEXT_MGR already set
[  835.200713] binder: 24486:24490 ioctl 40046207 0 returned -16
[  835.200815] binder_alloc: 30679: binder_alloc_buf, no vma
[  835.200834] binder: 24486:24490 transaction failed 29189/-3, size 24-8 line 3136
14:52:22 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:22 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:22 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:22 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:22 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  835.200922] binder: undelivered TRANSACTION_ERROR: 29189
[  835.200993] binder: 24486:24490 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:22 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:22 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:22 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

[  835.312475] binder: BINDER_SET_CONTEXT_MGR already set
[  835.312484] binder: 24507:24517 ioctl 40046207 0 returned -16
[  835.312835] binder_alloc: 30679: binder_alloc_buf, no vma
[  835.312854] binder: 24507:24517 transaction failed 29189/-3, size 24-8 line 3136
14:52:22 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  835.313014] binder: undelivered TRANSACTION_ERROR: 29189
14:52:22 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:22 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:22 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:22 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:22 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:22 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  835.315899] binder: 24507:24517 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:22 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:22 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:22 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  835.389912] binder: BINDER_SET_CONTEXT_MGR already set
[  835.389921] binder: 24523:24528 ioctl 40046207 0 returned -16
[  835.390033] binder_alloc: 30679: binder_alloc_buf, no vma
[  835.390052] binder: 24523:24528 transaction failed 29189/-3, size 24-8 line 3136
[  835.390141] binder: undelivered TRANSACTION_ERROR: 29189
[  835.390563] binder: 24523:24528 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:22 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:22 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:22 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:22 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:22 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:22 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:22 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  835.448297] binder: BINDER_SET_CONTEXT_MGR already set
[  835.448307] binder: 24537:24541 ioctl 40046207 0 returned -16
14:52:22 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:22 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:22 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

[  835.448405] binder_alloc: 30679: binder_alloc_buf, no vma
[  835.448425] binder: 24537:24541 transaction failed 29189/-3, size 24-8 line 3136
[  835.448499] binder: undelivered TRANSACTION_ERROR: 29189
[  835.448568] binder: 24537:24541 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:22 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:22 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:22 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:22 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  835.611769] binder: BINDER_SET_CONTEXT_MGR already set
14:52:22 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:22 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:22 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:22 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:22 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:22 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  835.611778] binder: 24551:24557 ioctl 40046207 0 returned -16
[  835.611875] binder_alloc: 30679: binder_alloc_buf, no vma
[  835.611894] binder: 24551:24557 transaction failed 29189/-3, size 24-8 line 3136
[  835.611968] binder: undelivered TRANSACTION_ERROR: 29189
14:52:22 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  835.613971] binder: 24551:24557 IncRefs 0 refcount change on invalid ref 1 ret -22
[  835.702349] binder: BINDER_SET_CONTEXT_MGR already set
[  835.702358] binder: 24570:24574 ioctl 40046207 0 returned -16
[  835.702471] binder_alloc: 30679: binder_alloc_buf, no vma
[  835.702492] binder: 24570:24574 transaction failed 29189/-3, size 24-8 line 3136
14:52:23 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:23 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:23 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:23 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  835.702578] binder: undelivered TRANSACTION_ERROR: 29189
[  835.702659] binder: 24570:24574 IncRefs 0 refcount change on invalid ref 1 ret -22
[  835.728096] binder: BINDER_SET_CONTEXT_MGR already set
[  835.728105] binder: 24582:24585 ioctl 40046207 0 returned -16
[  835.728198] binder_alloc: 30679: binder_alloc_buf, no vma
[  835.728216] binder: 24582:24585 transaction failed 29189/-3, size 24-8 line 3136
[  835.737506] binder: undelivered TRANSACTION_ERROR: 29189
[  835.737602] binder: 24582:24585 IncRefs 0 refcount change on invalid ref 1 ret -22
[  835.836287] binder: BINDER_SET_CONTEXT_MGR already set
[  835.836296] binder: 24604:24607 ioctl 40046207 0 returned -16
[  835.836393] binder_alloc: 30679: binder_alloc_buf, no vma
[  835.836412] binder: 24604:24607 transaction failed 29189/-3, size 24-8 line 3136
[  835.836490] binder: undelivered TRANSACTION_ERROR: 29189
14:52:23 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:23 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:23 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  835.836563] binder: 24604:24607 IncRefs 0 refcount change on invalid ref 1 ret -22
[  835.898159] binder: BINDER_SET_CONTEXT_MGR already set
[  835.898169] binder: 24616:24618 ioctl 40046207 0 returned -16
[  835.901561] binder_alloc: 30679: binder_alloc_buf, no vma
[  835.901581] binder: 24616:24618 transaction failed 29189/-3, size 24-8 line 3136
14:52:23 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:23 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:23 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:23 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:23 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  835.902648] binder: undelivered TRANSACTION_ERROR: 29189
[  835.902750] binder: 24616:24618 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:23 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:23 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:23 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:23 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  835.992335] binder: BINDER_SET_CONTEXT_MGR already set
[  835.992343] binder: 24632:24645 ioctl 40046207 0 returned -16
[  835.992455] binder_alloc: 30679: binder_alloc_buf, no vma
[  835.992474] binder: 24632:24645 transaction failed 29189/-3, size 24-8 line 3136
14:52:23 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:23 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:23 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:23 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  835.996773] binder: undelivered TRANSACTION_ERROR: 29189
[  835.997004] binder: 24632:24645 IncRefs 0 refcount change on invalid ref 1 ret -22
[  836.053397] binder: BINDER_SET_CONTEXT_MGR already set
14:52:23 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:23 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:23 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:23 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:23 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:23 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  836.053413] binder: 24651:24659 ioctl 40046207 0 returned -16
[  836.053588] binder_alloc: 30679: binder_alloc_buf, no vma
[  836.053605] binder: 24651:24659 transaction failed 29189/-3, size 24-8 line 3136
14:52:23 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:23 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:23 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:23 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  836.053690] binder: undelivered TRANSACTION_ERROR: 29189
[  836.059192] binder: 24651:24659 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:23 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:23 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:23 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  836.103233] binder: BINDER_SET_CONTEXT_MGR already set
[  836.103242] binder: 24661:24669 ioctl 40046207 0 returned -16
[  836.103350] binder_alloc: 30679: binder_alloc_buf, no vma
[  836.103369] binder: 24661:24669 transaction failed 29189/-3, size 24-8 line 3136
[  836.103458] binder: undelivered TRANSACTION_ERROR: 29189
[  836.103923] binder: 24661:24669 IncRefs 0 refcount change on invalid ref 1 ret -22
14:52:23 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:23 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:23 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:23 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:23 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:23 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

[  836.173553] binder: BINDER_SET_CONTEXT_MGR already set
[  836.173562] binder: 24679:24683 ioctl 40046207 0 returned -16
14:52:23 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:23 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:23 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:23 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:23 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  836.173658] binder_alloc: 30679: binder_alloc_buf, no vma
[  836.173677] binder: 24679:24683 transaction failed 29189/-3, size 24-8 line 3136
[  836.173767] binder: undelivered TRANSACTION_ERROR: 29189
14:52:23 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:23 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:23 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:23 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  836.173839] binder: 24679:24683 IncRefs 0 refcount change on invalid ref 1 ret -22
[  836.327473] binder: BINDER_SET_CONTEXT_MGR already set
[  836.327482] binder: 24701:24710 ioctl 40046207 0 returned -16
[  836.328008] binder_alloc: 30679: binder_alloc_buf, no vma
14:52:23 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

[  836.328037] binder: 24701:24710 transaction failed 29189/-3, size 24-8 line 3136
14:52:23 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:23 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

14:52:23 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:23 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:23 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:23 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:23 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:23 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:23 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

[  836.328393] binder: undelivered TRANSACTION_ERROR: 29189
[  836.328465] binder: 24701:24710 IncRefs 0 refcount change on invalid ref 1 ret -22
[  836.410382] binder: BINDER_SET_CONTEXT_MGR already set
[  836.410391] binder: 24730:24733 ioctl 40046207 0 returned -16
[  836.410486] binder_alloc: 30679: binder_alloc_buf, no vma
[  836.410505] binder: 24730:24733 transaction failed 29189/-3, size 24-8 line 3136
14:52:23 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:23 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:23 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:23 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

[  836.410575] binder: undelivered TRANSACTION_ERROR: 29189
14:52:23 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  836.410646] binder: 24730:24733 IncRefs 0 refcount change on invalid ref 1 ret -22
[  836.452553] binder: BINDER_SET_CONTEXT_MGR already set
[  836.452562] binder: 24738:24740 ioctl 40046207 0 returned -16
14:52:23 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:23 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:23 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:23 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:23 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:23 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:23 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:24 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  836.452660] binder_alloc: 30679: binder_alloc_buf, no vma
[  836.452679] binder: 24738:24740 transaction failed 29189/-3, size 24-8 line 3136
[  836.452758] binder: undelivered TRANSACTION_ERROR: 29189
14:52:24 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)="7a780a756af7d825576d0be8d1c0480700231802", 0x14)

14:52:24 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x820012, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200), &(0x7f0000000240)}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x5, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0463044001"], 0x0, 0x0, 0x0})

14:52:24 executing program 2:
syz_open_procfs(0x0, &(0x7f00000002c0)='\x00\xaf1\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w_2\f\xe5\xcc`\xa0\xce\xf0+\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aUl>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf08\xa6D\x97\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa2\f\x9a\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|<s\x18\xb7\xbc\xc3\xc5o\xd7\x0fu4(c\xa4\xd6u\xe8/\xaaO\xa4\xff\xea\xb1\x96\xdbIW\x9c\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='mem\x00aS.cu\a\x00U@\xcf\xcfL\x1ek\x98\xf2\xd4\xc5\x89\xc9J\x01\xe3\xfarent\x00\x00\x00\x00\x00\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)

14:52:24 executing program 3:
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @empty}}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x3d, &(0x7f0000b67000), &(0x7f00000000c0)=0x5d)

14:52:24 executing program 5:
socket$inet6(0xa, 0x2, 0x0)
ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070")
r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x17e)
r1 = memfd_create(&(0x7f0000000580)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0)
pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendfile(r0, r1, 0x0, 0x800000000000de)

14:52:24 executing program 1:
syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082)
memfd_create(&(0x7f00000002c0)='t\x00\x8c\x00', 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "a431c2a4cdb9795b06f93c44aefdc4ebf9addb49fd9e2cfaaa63c88dddde91314b0d0c1bcae24ad02e236d21bd56c63a54cc7bfd4ad9913e2f2b6f447da7afba", "ca7b43cfe50b09a476d2e2c6bfd6ac63b02d293cd0b94a4956448cd4144cb88abeba582dc0a71367dc57a23815f624081914c7ef067966df29d18a5750689cdf", "81c7d45ce1dc72f0bb0a35d8194333e5cd543f10797db1079d5bc87f576edc84"})

[  836.452828] binder: 24738:24740 IncRefs 0 refcount change on invalid ref 1 ret -22
[  836.502380] binder: BINDER_SET_CONTEXT_MGR already set
[  836.502392] binder: 24747:24750 ioctl 40046207 0 returned -16
[  836.502489] binder_alloc: 30679: binder_alloc_buf, no vma
[  836.502508] binder: 24747:24750 transaction failed 29189/-3, size 24-8 line 3136
[  836.502584] binder: undelivered TRANSACTION_ERROR: 29189
** 134 printk messages dropped ** [  838.190043] binder: 25085:25089 ioctl 40046207 0 returned -16
[  838.190334] binder_alloc: 30679: binder_alloc_buf, no vma
[  838.190351] binder: 25085:25089 transaction failed 29189/-3, size 24-8 line 3136
[  838.193770] binder: undelivered TRANSACTION_ERROR: 29189
[  838.210579] binder: 25085:25089 IncRefs 0 refcount change on invalid ref 1 ret -22
[  838.267737] binder: BINDER_SET_CONTEXT_MGR already set
[  838.267746] binder: 25104:25107 ioctl 40046207 0 returned -16
[  838.273712] binder_alloc: 30679: binder_alloc_buf, no vma
[  838.273731] binder: 25104:25107 transaction failed 29189/-3, size 24-8 line 3136
[  838.273832] binder: undelivered TRANSACTION_ERROR: 29189
[  838.273927] binder: 25104:25107 IncRefs 0 refcount change on invalid ref 1 ret -22
[  838.331734] binder: BINDER_SET_CONTEXT_MGR already set
[  838.331745] binder: 25116:25119 ioctl 40046207 0 returned -16
[  838.331853] binder_alloc: 30679: binder_alloc_buf, no vma
[  838.331871] binder: 25116:25119 transaction failed 29189/-3, size 24-8 line 3136
[  838.331993] binder: undelivered TRANSACTION_ERROR: 29189
[  838.333963] binder: 25116:25119 IncRefs 0 refcount change on invalid ref 1 ret -22
[  838.391229] binder: BINDER_SET_CONTEXT_MGR already set
[  838.391238] binder: 25128:25134 ioctl 40046207 0 returned -16
[  838.391351] binder_alloc: 30679: binder_alloc_buf, no vma
[  838.391379] binder: 25128:25134 transaction failed 29189/-3, size 24-8 line 3136
[  838.392324] binder: undelivered TRANSACTION_ERROR: 29189
[  838.392422] binder: 25128:25134 IncRefs 0 refcount change on invalid ref 1 ret -22
[  838.490057] binder: BINDER_SET_CONTEXT_MGR already set
[  838.490068] binder: 25143:25151 ioctl 40046207 0 returned -16
[  838.490259] binder_alloc: 30679: binder_alloc_buf, no vma
[  838.490277] binder: 25143:25151 transaction failed 29189/-3, size 24-8 line 3136
[  838.490370] binder: undelivered TRANSACTION_ERROR: 29189
[  838.490460] binder: 25143:25151 IncRefs 0 refcount change on invalid ref 1 ret -22
[  838.534072] binder: BINDER_SET_CONTEXT_MGR already set
[  838.534085] binder: 25161:25164 ioctl 40046207 0 returned -16
[  838.534472] binder_alloc: 30679: binder_alloc_buf, no vma
[  838.534491] binder: 25161:25164 transaction failed 29189/-3, size 24-8 line 3136
[  838.534579] binder: undelivered TRANSACTION_ERROR: 29189
[  838.534661] binder: 25161:25164 IncRefs 0 refcount change on invalid ref 1 ret -22
[  838.599912] binder: BINDER_SET_CONTEXT_MGR already set
[  838.599922] binder: 25173:25177 ioctl 40046207 0 returned -16
[  838.600019] binder_alloc: 30679: binder_alloc_buf, no vma
[  838.600038] binder: 25173:25177 transaction failed 29189/-3, size 24-8 line 3136
[  838.600112] binder: undelivered TRANSACTION_ERROR: 29189
[  838.600196] binder: 25173:25177 IncRefs 0 refcount change on invalid ref 1 ret -22
[  838.670629] binder: BINDER_SET_CONTEXT_MGR already set
[  838.670641] binder: 25189:25197 ioctl 40046207 0 returned -16
[  838.670755] binder_alloc: 30679: binder_alloc_buf, no vma
[  838.670775] binder: 25189:25197 transaction failed 29189/-3, size 24-8 line 3136
[  838.670922] binder: undelivered TRANSACTION_ERROR: 29189
[  838.670997] binder: 25189:25197 IncRefs 0 refcount change on invalid ref 1 ret -22
[  838.732434] binder: BINDER_SET_CONTEXT_MGR already set
[  838.732445] binder: 25202:25205 ioctl 40046207 0 returned -16
[  838.732754] binder_alloc: 30679: binder_alloc_buf, no vma
[  838.732773] binder: 25202:25205 transaction failed 29189/-3, size 24-8 line 3136
[  838.733537] binder: undelivered TRANSACTION_ERROR: 29189
[  838.733619] binder: 25202:25205 IncRefs 0 refcount change on invalid ref 1 ret -22
[  838.808627] binder: BINDER_SET_CONTEXT_MGR already set
[  838.808636] binder: 25220:25224 ioctl 40046207 0 returned -16
[  838.810067] binder_alloc: 30679: binder_alloc_buf, no vma
[  838.810086] binder: 25220:25224 transaction failed 29189/-3, size 24-8 line 3136
[  838.811192] binder: undelivered TRANSACTION_ERROR: 29189
[  838.811282] binder: 25220:25224 IncRefs 0 refcount change on invalid ref 1 ret -22
[  838.869853] binder: BINDER_SET_CONTEXT_MGR already set
[  838.869863] binder: 25238:25241 ioctl 40046207 0 returned -16
[  838.870477] binder_alloc: 30679: binder_alloc_buf, no vma
[  838.870497] binder: 25238:25241 transaction failed 29189/-3, size 24-8 line 3136
[  838.873833] binder: undelivered TRANSACTION_ERROR: 29189
[  838.873941] binder: 25238:25241 IncRefs 0 refcount change on invalid ref 1 ret -22
[  838.974077] binder: BINDER_SET_CONTEXT_MGR already set
[  838.974086] binder: 25256:25258 ioctl 40046207 0 returned -16
[  838.974183] binder_alloc: 30679: binder_alloc_buf, no vma
[  838.974201] binder: 25256:25258 transaction failed 29189/-3, size 24-8 line 3136
[  838.974274] binder: undelivered TRANSACTION_ERROR: 29189
[  838.974342] binder: 25256:25258 IncRefs 0 refcount change on invalid ref 1 ret -22
[  839.012868] binder: BINDER_SET_CONTEXT_MGR already set
[  839.012876] binder: 25271:25274 ioctl 40046207 0 returned -16
[  839.012979] binder_alloc: 30679: binder_alloc_buf, no vma
[  839.012997] binder: 25271:25274 transaction failed 29189/-3, size 24-8 line 3136
[  839.013075] binder: undelivered TRANSACTION_ERROR: 29189
[  839.013149] binder: 25271:25274 IncRefs 0 refcount change on invalid ref 1 ret -22
[  839.116495] binder: BINDER_SET_CONTEXT_MGR already set
[  839.116506] binder: 25286:25294 ioctl 40046207 0 returned -16
[  839.122250] binder_alloc: 30679: binder_alloc_buf, no vma
[  839.122271] binder: 25286:25294 transaction failed 29189/-3, size 24-8 line 3136
[  839.122378] binder: undelivered TRANSACTION_ERROR: 29189
[  839.122467] binder: 25286:25294 IncRefs 0 refcount change on invalid ref 1 ret -22
[  839.173041] binder: BINDER_SET_CONTEXT_MGR already set
[  839.173050] binder: 25302:25306 ioctl 40046207 0 returned -16
[  839.173149] binder_alloc: 30679: binder_alloc_buf, no vma
[  839.173168] binder: 25302:25306 transaction failed 29189/-3, size 24-8 line 3136
[  839.173244] binder: undelivered TRANSACTION_ERROR: 29189
[  839.173340] binder: 25302:25306 IncRefs 0 refcount change on invalid ref 1 ret -22
[  839.233841] binder: BINDER_SET_CONTEXT_MGR already set
[  839.233851] binder: 25313:25317 ioctl 40046207 0 returned -16
[  839.234440] binder_alloc: 30679: binder_alloc_buf, no vma
[  839.234459] binder: 25313:25317 transaction failed 29189/-3, size 24-8 line 3136
[  839.234904] binder: undelivered TRANSACTION_ERROR: 29189
[  839.234995] binder: 25313:25317 IncRefs 0 refcount change on invalid ref 1 ret -22
[  839.315792] binder: BINDER_SET_CONTEXT_MGR already set
[  839.315803] binder: 25329:25332 ioctl 40046207 0 returned -16
[  839.315925] binder_alloc: 30679: binder_alloc_buf, no vma
[  839.315945] binder: 25329:25332 transaction failed 29189/-3, size 24-8 line 3136
[  839.316036] binder: undelivered TRANSACTION_ERROR: 29189
[  839.316129] binder: 25329:25332 IncRefs 0 refcount change on invalid ref 1 ret -22
[  839.371353] binder: BINDER_SET_CONTEXT_MGR already set
[  839.371377] binder: 25339:25348 ioctl 40046207 0 returned -16
[  839.371566] binder_alloc: 30679: binder_alloc_buf, no vma
[  839.371585] binder: 25339:25348 transaction failed 29189/-3, size 24-8 line 3136
[  839.371718] binder: undelivered TRANSACTION_ERROR: 29189
[  839.371791] binder: 25339:25348 IncRefs 0 refcount change on invalid ref 1 ret -22
[  839.447884] binder: BINDER_SET_CONTEXT_MGR already set
[  839.447893] binder: 25357:25360 ioctl 40046207 0 returned -16
[  839.447991] binder_alloc: 30679: binder_alloc_buf, no vma
[  839.448010] binder: 25357:25360 transaction failed 29189/-3, size 24-8 line 3136
[  839.448087] binder: undelivered TRANSACTION_ERROR: 29189
[  839.448156] binder: 25357:25360 IncRefs 0 refcount change on invalid ref 1 ret -22
[  839.493087] binder: BINDER_SET_CONTEXT_MGR already set
[  839.493096] binder: 25368:25372 ioctl 40046207 0 returned -16
[  839.493191] binder_alloc: 30679: binder_alloc_buf, no vma
[  839.493210] binder: 25368:25372 transaction failed 29189/-3, size 24-8 line 3136
[  839.493283] binder: undelivered TRANSACTION_ERROR: 29189
[  839.493352] binder: 25368:25372 IncRefs 0 refcount change on invalid ref 1 ret -22
[  839.562411] binder: BINDER_SET_CONTEXT_MGR already set
[  839.562419] binder: 25382:25388 ioctl 40046207 0 returned -16
[  839.562958] binder_alloc: 30679: binder_alloc_buf, no vma
[  839.562976] binder: 25382:25388 transaction failed 29189/-3, size 24-8 line 3136
[  839.563562] binder: undelivered TRANSACTION_ERROR: 29189
[  839.574087] binder: 25382:25388 IncRefs 0 refcount change on invalid ref 1 ret -22
[  839.596941] binder: BINDER_SET_CONTEXT_MGR already set
[  839.597009] binder: 25396:25398 ioctl 40046207 0 returned -16
[  839.597102] binder_alloc: 30679: binder_alloc_buf, no vma
[  839.597119] binder: 25396:25398 transaction failed 29189/-3, size 24-8 line 3136
[  839.597187] binder: undelivered TRANSACTION_ERROR: 29189
[  839.597248] binder: 25396:25398 IncRefs 0 refcount change on invalid ref 1 ret -22
[  839.679633] binder: BINDER_SET_CONTEXT_MGR already set
[  839.679642] binder: 25406:25413 ioctl 40046207 0 returned -16
[  839.679748] binder_alloc: 30679: binder_alloc_buf, no vma
[  839.679767] binder: 25406:25413 transaction failed 29189/-3, size 24-8 line 3136
[  839.685919] binder: undelivered TRANSACTION_ERROR: 29189
[  839.686024] binder: 25406:25413 IncRefs 0 refcount change on invalid ref 1 ret -22
[  839.727025] binder: BINDER_SET_CONTEXT_MGR already set
[  839.727035] binder: 25424:25425 ioctl 40046207 0 returned -16
[  839.727144] binder_alloc: 30679: binder_alloc_buf, no vma
[  839.727164] binder: 25424:25425 transaction failed 29189/-3, size 24-8 line 3136
[  839.727237] binder: undelivered TRANSACTION_ERROR: 29189
[  839.727346] binder: 25424:25425 IncRefs 0 refcount change on invalid ref 1 ret -22
[  839.766962] binder: BINDER_SET_CONTEXT_MGR already set
[  839.766971] binder: 25428:25430 ioctl 40046207 0 returned -16
[  839.767170] binder_alloc: 30679: binder_alloc_buf, no vma
[  839.767189] binder: 25428:25430 transaction failed 29189/-3, size 24-8 line 3136
[  839.767268] binder: undelivered TRANSACTION_ERROR: 29189
[  839.767339] binder: 25428:25430 IncRefs 0 refcount change on invalid ref 1 ret -22
[  839.837528] binder: BINDER_SET_CONTEXT_MGR already set
[  839.837538] binder: 25444:25450 ioctl 40046207 0 returned -16
[  839.837648] binder_alloc: 30679: binder_alloc_buf, no vma
[  839.837668] binder: 25444:25450 transaction failed 29189/-3, size 24-8 line 3136
[  839.838108] binder: undelivered TRANSACTION_ERROR: 29189
[  839.838196] binder: 25444:25450 IncRefs 0 refcount change on invalid ref 1 ret -22
[  839.907549] binder: BINDER_SET_CONTEXT_MGR already set
[  839.907558] binder: 25462:25466 ioctl 40046207 0 returned -16
[  839.907668] binder_alloc: 30679: binder_alloc_buf, no vma
[  839.907688] binder: 25462:25466 transaction failed 29189/-3, size 24-8 line 3136
[  839.907775] binder: undelivered TRANSACTION_ERROR: 29189
[  839.907860] binder: 25462:25466 IncRefs 0 refcount change on invalid ref 1 ret -22
[  840.011913] binder: BINDER_SET_CONTEXT_MGR already set
[  840.011923] binder: 25472:25484 ioctl 40046207 0 returned -16
[  840.012347] binder_alloc: 30679: binder_alloc_buf, no vma
[  840.012366] binder: 25472:25484 transaction failed 29189/-3, size 24-8 line 3136
[  840.012556] binder: undelivered TRANSACTION_ERROR: 29189
[  840.012641] binder: 25472:25484 IncRefs 0 refcount change on invalid ref 1 ret -22
[  840.122243] binder: BINDER_SET_CONTEXT_MGR already set
[  840.122252] binder: 25502:25508 ioctl 40046207 0 returned -16
[  840.122363] binder_alloc: 30679: binder_alloc_buf, no vma
[  840.122381] binder: 25502:25508 transaction failed 29189/-3, size 24-8 line 3136
[  840.122470] binder: undelivered TRANSACTION_ERROR: 29189
[  840.122553] binder: 25502:25508 IncRefs 0 refcount change on invalid ref 1 ret -22
[  840.158837] binder: BINDER_SET_CONTEXT_MGR already set
[  840.158846] binder: 25514:25517 ioctl 40046207 0 returned -16
[  840.158956] binder_alloc: 30679: binder_alloc_buf, no vma
[  840.158974] binder: 25514:25517 transaction failed 29189/-3, size 24-8 line 3136
[  840.159049] binder: undelivered TRANSACTION_ERROR: 29189
[  840.159122] binder: 25514:25517 IncRefs 0 refcount change on invalid ref 1 ret -22
[  840.218333] binder: BINDER_SET_CONTEXT_MGR already set
[  840.218342] binder: 25528:25529 ioctl 40046207 0 returned -16
[  840.218468] binder_alloc: 30679: binder_alloc_buf, no vma
[  840.218488] binder: 25528:25529 transaction failed 29189/-3, size 24-8 line 3136
[  840.218565] binder: undelivered TRANSACTION_ERROR: 29189
[  840.218636] binder: 25528:25529 IncRefs 0 refcount change on invalid ref 1 ret -22
[  840.288172] binder: BINDER_SET_CONTEXT_MGR already set
[  840.288181] binder: 25536:25542 ioctl 40046207 0 returned -16
[  840.288296] binder_alloc: 30679: binder_alloc_buf, no vma
[  840.288315] binder: 25536:25542 transaction failed 29189/-3, size 24-8 line 3136
[  840.288490] binder: undelivered TRANSACTION_ERROR: 29189
[  840.289016] binder: 25536:25542 IncRefs 0 refcount change on invalid ref 1 ret -22
[  840.343351] binder: BINDER_SET_CONTEXT_MGR already set
[  840.343360] binder: 25553:25557 ioctl 40046207 0 returned -16
[  840.343448] binder_alloc: 30679: binder_alloc_buf, no vma
[  840.343463] binder: 25553:25557 transaction failed 29189/-3, size 24-8 line 3136
[  840.343524] binder: undelivered TRANSACTION_ERROR: 29189
[  840.343581] binder: 25553:25557 IncRefs 0 refcount change on invalid ref 1 ret -22
[  840.513099] binder: BINDER_SET_CONTEXT_MGR already set
[  840.513108] binder: 25569:25575 ioctl 40046207 0 returned -16
[  840.517000] binder_alloc: 30679: binder_alloc_buf, no vma
[  840.517021] binder: 25569:25575 transaction failed 29189/-3, size 24-8 line 3136
[  840.517110] binder: undelivered TRANSACTION_ERROR: 29189
[  840.517183] binder: 25569:25575 IncRefs 0 refcount change on invalid ref 1 ret -22
[  840.570265] binder: BINDER_SET_CONTEXT_MGR already set
[  840.570273] binder: 25585:25590 ioctl 40046207 0 returned -16
[  840.571571] binder_alloc: 30679: binder_alloc_buf, no vma
[  840.571590] binder: 25585:25590 transaction failed 29189/-3, size 24-8 line 3136
[  840.575599] binder: undelivered TRANSACTION_ERROR: 29189
[  840.575695] binder: 25585:25590 IncRefs 0 refcount change on invalid ref 1 ret -22
[  840.829977] binder: BINDER_SET_CONTEXT_MGR already set
[  840.829990] binder: 25604:25607 ioctl 40046207 0 returned -16
[  840.830119] binder_alloc: 30679: binder_alloc_buf, no vma
[  840.830137] binder: 25604:25607 transaction failed 29189/-3, size 24-8 line 3136
[  840.830605] binder: undelivered TRANSACTION_ERROR: 29189
[  840.830679] binder: 25604:25607 IncRefs 0 refcount change on invalid ref 1 ret -22
[  840.880111] binder: BINDER_SET_CONTEXT_MGR already set
[  840.880121] binder: 25616:25619 ioctl 40046207 0 returned -16
[  840.880239] binder_alloc: 30679: binder_alloc_buf, no vma
[  840.880258] binder: 25616:25619 transaction failed 29189/-3, size 24-8 line 3136
[  840.880346] binder: undelivered TRANSACTION_ERROR: 29189
[  840.880430] binder: 25616:25619 IncRefs 0 refcount change on invalid ref 1 ret -22
[  840.927724] binder: BINDER_SET_CONTEXT_MGR already set
[  840.927734] binder: 25624:25629 ioctl 40046207 0 returned -16
[  840.927834] binder_alloc: 30679: binder_alloc_buf, no vma
[  840.927852] binder: 25624:25629 transaction failed 29189/-3, size 24-8 line 3136
[  840.928000] binder: undelivered TRANSACTION_ERROR: 29189
[  840.928077] binder: 25624:25629 IncRefs 0 refcount change on invalid ref 1 ret -22
[  840.989317] binder: BINDER_SET_CONTEXT_MGR already set
[  840.989326] binder: 25638:25643 ioctl 40046207 0 returned -16
[  840.990567] binder_alloc: 30679: binder_alloc_buf, no vma
[  840.990588] binder: 25638:25643 transaction failed 29189/-3, size 24-8 line 3136
[  840.990681] binder: undelivered TRANSACTION_ERROR: 29189
[  840.990897] binder: 25638:25643 IncRefs 0 refcount change on invalid ref 1 ret -22
[  841.059442] binder: BINDER_SET_CONTEXT_MGR already set
[  841.059451] binder: 25650:25660 ioctl 40046207 0 returned -16
[  841.059550] binder_alloc: 30679: binder_alloc_buf, no vma
[  841.059570] binder: 25650:25660 transaction failed 29189/-3, size 24-8 line 3136
[  841.059648] binder: undelivered TRANSACTION_ERROR: 29189
[  841.059719] binder: 25650:25660 IncRefs 0 refcount change on invalid ref 1 ret -22
[  841.175506] binder: BINDER_SET_CONTEXT_MGR already set
[  841.175515] binder: 25671:25675 ioctl 40046207 0 returned -16
[  841.175622] binder_alloc: 30679: binder_alloc_buf, no vma
[  841.175640] binder: 25671:25675 transaction failed 29189/-3, size 24-8 line 3136
[  841.175891] binder: undelivered TRANSACTION_ERROR: 29189
[  841.175968] binder: 25671:25675 IncRefs 0 refcount change on invalid ref 1 ret -22
[  841.247691] binder: BINDER_SET_CONTEXT_MGR already set
[  841.247699] binder: 25687:25694 ioctl 40046207 0 returned -16
[  841.248582] binder_alloc: 30679: binder_alloc_buf, no vma
[  841.248602] binder: 25687:25694 transaction failed 29189/-3, size 24-8 line 3136
[  841.248696] binder: undelivered TRANSACTION_ERROR: 29189
[  841.249667] binder: 25687:25694 IncRefs 0 refcount change on invalid ref 1 ret -22
[  841.308251] binder: BINDER_SET_CONTEXT_MGR already set
[  841.308260] binder: 25705:25708 ioctl 40046207 0 returned -16
[  841.308666] binder_alloc: 30679: binder_alloc_buf, no vma
[  841.309888] binder: 25705:25708 transaction failed 29189/-3, size 24-8 line 3136
[  841.309985] binder: undelivered TRANSACTION_ERROR: 29189
[  841.310066] binder: 25705:25708 IncRefs 0 refcount change on invalid ref 1 ret -22
[  841.377311] binder: BINDER_SET_CONTEXT_MGR already set
[  841.377320] binder: 25713:25717 ioctl 40046207 0 returned -16
[  841.378045] binder_alloc: 30679: binder_alloc_buf, no vma
[  841.378065] binder: 25713:25717 transaction failed 29189/-3, size 24-8 line 3136
[  841.378148] binder: undelivered TRANSACTION_ERROR: 29189
[  841.378261] binder: 25713:25717 IncRefs 0 refcount change on invalid ref 1 ret -22
[  841.447966] binder: BINDER_SET_CONTEXT_MGR already set
[  841.447975] binder: 25731:25732 ioctl 40046207 0 returned -16
[  841.448071] binder_alloc: 30679: binder_alloc_buf, no vma
[  841.448090] binder: 25731:25732 transaction failed 29189/-3, size 24-8 line 3136
[  841.448165] binder: undelivered TRANSACTION_ERROR: 29189
[  841.448234] binder: 25731:25732 IncRefs 0 refcount change on invalid ref 1 ret -22
[  841.541591] binder: BINDER_SET_CONTEXT_MGR already set
[  841.541601] binder: 25742:25751 ioctl 40046207 0 returned -16
[  841.541707] binder_alloc: 30679: binder_alloc_buf, no vma
[  841.541726] binder: 25742:25751 transaction failed 29189/-3, size 24-8 line 3136
[  841.541804] binder: undelivered TRANSACTION_ERROR: 29189
[  841.541874] binder: 25742:25751 IncRefs 0 refcount change on invalid ref 1 ret -22
[  841.600391] binder: BINDER_SET_CONTEXT_MGR already set
[  841.600401] binder: 25773:25775 ioctl 40046207 0 returned -16
[  841.600511] binder_alloc: 30679: binder_alloc_buf, no vma
[  841.600530] binder: 25773:25775 transaction failed 29189/-3, size 24-8 line 3136
[  841.600688] binder: undelivered TRANSACTION_ERROR: 29189
[  841.600771] binder: 25773:25775 IncRefs 0 refcount change on invalid ref 1 ret -22
[  841.677017] binder: BINDER_SET_CONTEXT_MGR already set
[  841.677026] binder: 25778:25791 ioctl 40046207 0 returned -16
[  841.677364] binder_alloc: 30679: binder_alloc_buf, no vma
[  841.677396] binder: 25778:25791 transaction failed 29189/-3, size 24-8 line 3136
[  841.677781] binder: undelivered TRANSACTION_ERROR: 29189
[  841.677900] binder: 25778:25791 IncRefs 0 refcount change on invalid ref 1 ret -22
[  841.723781] binder: BINDER_SET_CONTEXT_MGR already set
[  841.723790] binder: 25797:25804 ioctl 40046207 0 returned -16
[  841.723908] binder_alloc: 30679: binder_alloc_buf, no vma
[  841.723926] binder: 25797:25804 transaction failed 29189/-3, size 24-8 line 3136
[  841.724204] binder: undelivered TRANSACTION_ERROR: 29189
[  841.724293] binder: 25797:25804 IncRefs 0 refcount change on invalid ref 1 ret -22
[  841.786351] binder: BINDER_SET_CONTEXT_MGR already set
[  841.786359] binder: 25806:25815 ioctl 40046207 0 returned -16
[  841.787108] binder_alloc: 30679: binder_alloc_buf, no vma
[  841.787127] binder: 25806:25815 transaction failed 29189/-3, size 24-8 line 3136
[  841.791268] binder: undelivered TRANSACTION_ERROR: 29189
[  841.791364] binder: 25806:25815 IncRefs 0 refcount change on invalid ref 1 ret -22
[  841.857322] binder: BINDER_SET_CONTEXT_MGR already set
[  841.857332] binder: 25824:25830 ioctl 40046207 0 returned -16
[  841.857438] binder_alloc: 30679: binder_alloc_buf, no vma
[  841.857457] binder: 25824:25830 transaction failed 29189/-3, size 24-8 line 3136
[  841.857602] binder: undelivered TRANSACTION_ERROR: 29189
[  841.857680] binder: 25824:25830 IncRefs 0 refcount change on invalid ref 1 ret -22
[  841.918855] binder: BINDER_SET_CONTEXT_MGR already set
[  841.918864] binder: 25843:25848 ioctl 40046207 0 returned -16
[  841.918971] binder_alloc: 30679: binder_alloc_buf, no vma
[  841.918990] binder: 25843:25848 transaction failed 29189/-3, size 24-8 line 3136
[  841.919281] binder: undelivered TRANSACTION_ERROR: 29189
[  841.919643] binder: 25843:25848 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.054888] binder: BINDER_SET_CONTEXT_MGR already set
[  842.054897] binder: 25865:25875 ioctl 40046207 0 returned -16
[  842.055835] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.055856] binder: 25865:25875 transaction failed 29189/-3, size 24-8 line 3136
[  842.056194] binder: undelivered TRANSACTION_ERROR: 29189
[  842.056290] binder: 25865:25875 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.105393] binder: BINDER_SET_CONTEXT_MGR already set
[  842.105403] binder: 25885:25889 ioctl 40046207 0 returned -16
[  842.105503] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.105523] binder: 25885:25889 transaction failed 29189/-3, size 24-8 line 3136
[  842.105598] binder: undelivered TRANSACTION_ERROR: 29189
[  842.105669] binder: 25885:25889 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.158203] binder: BINDER_SET_CONTEXT_MGR already set
[  842.158212] binder: 25893:25900 ioctl 40046207 0 returned -16
[  842.158321] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.158339] binder: 25893:25900 transaction failed 29189/-3, size 24-8 line 3136
[  842.159126] binder: undelivered TRANSACTION_ERROR: 29189
[  842.159331] binder: 25893:25900 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.224999] binder: BINDER_SET_CONTEXT_MGR already set
[  842.225008] binder: 25909:25913 ioctl 40046207 0 returned -16
[  842.225106] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.225125] binder: 25909:25913 transaction failed 29189/-3, size 24-8 line 3136
[  842.225300] binder: undelivered TRANSACTION_ERROR: 29189
[  842.225384] binder: 25909:25913 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.325797] binder: BINDER_SET_CONTEXT_MGR already set
[  842.325807] binder: 25924:25934 ioctl 40046207 0 returned -16
[  842.325950] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.325970] binder: 25924:25934 transaction failed 29189/-3, size 24-8 line 3136
[  842.326063] binder: undelivered TRANSACTION_ERROR: 29189
[  842.326143] binder: 25924:25934 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.357068] binder: BINDER_SET_CONTEXT_MGR already set
[  842.357078] binder: 25943:25947 ioctl 40046207 0 returned -16
[  842.357184] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.357203] binder: 25943:25947 transaction failed 29189/-3, size 24-8 line 3136
[  842.357290] binder: undelivered TRANSACTION_ERROR: 29189
[  842.357373] binder: 25943:25947 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.437494] binder: BINDER_SET_CONTEXT_MGR already set
[  842.437504] binder: 25958:25963 ioctl 40046207 0 returned -16
[  842.437608] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.437628] binder: 25958:25963 transaction failed 29189/-3, size 24-8 line 3136
[  842.440764] binder: undelivered TRANSACTION_ERROR: 29189
[  842.440857] binder: 25958:25963 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.515490] binder: BINDER_SET_CONTEXT_MGR already set
[  842.515500] binder: 25971:25979 ioctl 40046207 0 returned -16
[  842.515596] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.515614] binder: 25971:25979 transaction failed 29189/-3, size 24-8 line 3136
[  842.515690] binder: undelivered TRANSACTION_ERROR: 29189
[  842.515765] binder: 25971:25979 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.598511] binder: BINDER_SET_CONTEXT_MGR already set
[  842.598522] binder: 25986:25997 ioctl 40046207 0 returned -16
[  842.598654] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.598676] binder: 25986:25997 transaction failed 29189/-3, size 24-8 line 3136
[  842.598864] binder: undelivered TRANSACTION_ERROR: 29189
[  842.599033] binder: 25986:25997 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.650787] binder: BINDER_SET_CONTEXT_MGR already set
[  842.650796] binder: 26006:26008 ioctl 40046207 0 returned -16
[  842.650915] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.650934] binder: 26006:26008 transaction failed 29189/-3, size 24-8 line 3136
[  842.651025] binder: undelivered TRANSACTION_ERROR: 29189
[  842.651107] binder: 26006:26008 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.727415] binder: BINDER_SET_CONTEXT_MGR already set
[  842.727425] binder: 26016:26023 ioctl 40046207 0 returned -16
[  842.727524] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.727544] binder: 26016:26023 transaction failed 29189/-3, size 24-8 line 3136
[  842.727767] binder: undelivered TRANSACTION_ERROR: 29189
[  842.727940] binder: 26016:26023 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.786687] binder: BINDER_SET_CONTEXT_MGR already set
[  842.786697] binder: 26031:26033 ioctl 40046207 0 returned -16
[  842.786813] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.789061] binder: 26031:26033 transaction failed 29189/-3, size 24-8 line 3136
[  842.789160] binder: undelivered TRANSACTION_ERROR: 29189
[  842.789243] binder: 26031:26033 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.836548] binder: BINDER_SET_CONTEXT_MGR already set
[  842.836557] binder: 26047:26051 ioctl 40046207 0 returned -16
[  842.836671] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.836689] binder: 26047:26051 transaction failed 29189/-3, size 24-8 line 3136
[  842.836777] binder: undelivered TRANSACTION_ERROR: 29189
[  842.836860] binder: 26047:26051 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.879522] binder: BINDER_SET_CONTEXT_MGR already set
[  842.879531] binder: 26056:26058 ioctl 40046207 0 returned -16
[  842.879628] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.879648] binder: 26056:26058 transaction failed 29189/-3, size 24-8 line 3136
[  842.880126] binder: undelivered TRANSACTION_ERROR: 29189
[  842.880202] binder: 26056:26058 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.923667] binder: BINDER_SET_CONTEXT_MGR already set
[  842.923677] binder: 26064:26069 ioctl 40046207 0 returned -16
[  842.923784] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.923802] binder: 26064:26069 transaction failed 29189/-3, size 24-8 line 3136
[  842.923902] binder: undelivered TRANSACTION_ERROR: 29189
[  842.924310] binder: 26064:26069 IncRefs 0 refcount change on invalid ref 1 ret -22
[  842.979314] binder: BINDER_SET_CONTEXT_MGR already set
[  842.979323] binder: 26077:26082 ioctl 40046207 0 returned -16
[  842.979423] binder_alloc: 30679: binder_alloc_buf, no vma
[  842.979443] binder: 26077:26082 transaction failed 29189/-3, size 24-8 line 3136
[  842.979517] binder: undelivered TRANSACTION_ERROR: 29189
[  842.979591] binder: 26077:26082 IncRefs 0 refcount change on invalid ref 1 ret -22
[  843.033921] binder: BINDER_SET_CONTEXT_MGR already set
[  843.033932] binder: 26091:26096 ioctl 40046207 0 returned -16
[  843.034299] binder_alloc: 30679: binder_alloc_buf, no vma
[  843.034318] binder: 26091:26096 transaction failed 29189/-3, size 24-8 line 3136
[  843.034393] binder: undelivered TRANSACTION_ERROR: 29189
[  843.034468] binder: 26091:26096 IncRefs 0 refcount change on invalid ref 1 ret -22
[  843.132357] binder: BINDER_SET_CONTEXT_MGR already set
[  843.132366] binder: 26110:26114 ioctl 40046207 0 returned -16
[  843.132487] binder_alloc: 30679: binder_alloc_buf, no vma
[  843.132507] binder: 26110:26114 transaction failed 29189/-3, size 24-8 line 3136
[  843.132592] binder: undelivered TRANSACTION_ERROR: 29189
[  843.132676] binder: 26110:26114 IncRefs 0 refcount change on invalid ref 1 ret -22
[  843.200175] binder: BINDER_SET_CONTEXT_MGR already set
[  843.200183] binder: 26125:26129 ioctl 40046207 0 returned -16
[  843.200292] binder_alloc: 30679: binder_alloc_buf, no vma
[  843.200312] binder: 26125:26129 transaction failed 29189/-3, size 24-8 line 3136
[  843.200397] binder: undelivered TRANSACTION_ERROR: 29189
[  843.200481] binder: 26125:26129 IncRefs 0 refcount change on invalid ref 1 ret -22
[  843.283524] binder: BINDER_SET_CONTEXT_MGR already set
[  843.283533] binder: 26142:26145 ioctl 40046207 0 returned -16
[  843.283636] binder_alloc: 30679: binder_alloc_buf, no vma
[  843.283654] binder: 26142:26145 transaction failed 29189/-3, size 24-8 line 3136
[  843.283736] binder: undelivered TRANSACTION_ERROR: 29189
[  843.283811] binder: 26142:26145 IncRefs 0 refcount change on invalid ref 1 ret -22
[  843.359530] binder: BINDER_SET_CONTEXT_MGR already set
[  843.359538] binder: 26161:26163 ioctl 40046207 0 returned -16
[  843.359908] binder_alloc: 30679: binder_alloc_buf, no vma
[  843.359926] binder: 26161:26163 transaction failed 29189/-3, size 24-8 line 3136
[  843.360048] binder: undelivered TRANSACTION_ERROR: 29189
[  843.360159] binder: 26161:26163 IncRefs 0 refcount change on invalid ref 1 ret -22
[  843.421143] binder: BINDER_SET_CONTEXT_MGR already set
[  843.421152] binder: 26175:26177 ioctl 40046207 0 returned -16
[  843.421812] binder_alloc: 30679: binder_alloc_buf, no vma
[  843.421831] binder: 26175:26177 transaction failed 29189/-3, size 24-8 line 3136
[  843.421933] binder: undelivered TRANSACTION_ERROR: 29189
[  843.422016] binder: 26175:26177 IncRefs 0 refcount change on invalid ref 1 ret -22
[  843.463441] binder: BINDER_SET_CONTEXT_MGR already set
[  843.463450] binder: 26186:26187 ioctl 40046207 0 returned -16
[  843.463639] binder_alloc: 30679: binder_alloc_buf, no vma
[  843.463659] binder: 26186:26187 transaction failed 29189/-3, size 24-8 line 3136
[  843.463735] binder: undelivered TRANSACTION_ERROR: 29189
[  843.463806] binder: 26186:26187 IncRefs 0 refcount change on invalid ref 1 ret -22
[  843.525864] binder: BINDER_SET_CONTEXT_MGR already set
[  843.525881] binder: 26193:26194 ioctl 40046207 0 returned -16
[  843.525981] binder_alloc: 30679: binder_alloc_buf, no vma
[  843.525999] binder: 26193:26194 transaction failed 29189/-3, size 24-8 line 3136
[  843.526073] binder: undelivered TRANSACTION_ERROR: 29189
[  843.526148] binder: 26193:26194 IncRefs 0 refcount change on invalid ref 1 ret -22
[  843.595227] binder: BINDER_SET_CONTEXT_MGR already set
[  843.595235] binder: 26213:26215 ioctl 40046207 0 returned -16
[  843.595494] binder_alloc: 30679: binder_alloc_buf, no vma
[  843.595512] binder: 26213:26215 transaction failed 29189/-3, size 24-8 line 3136
[  843.596391] binder: undelivered TRANSACTION_ERROR: 29189
[  843.597282] binder: 26213:26215 IncRefs 0 refcount change on invalid ref 1 ret -22
[  843.766469] binder_alloc: 30679: binder_alloc_buf, no vma
[  843.766488] binder: 26219:26221 transaction failed 29189/-3, size 24-8 line 3136
[  843.766571] binder: undelivered TRANSACTION_ERROR: 29189
[  843.854698] binder: BINDER_SET_CONTEXT_MGR already set
[  843.854707] binder: 26253:26258 ioctl 40046207 0 returned -16
[  843.854961] binder_alloc: 30679: binder_alloc_buf, no vma
[  843.854981] binder: 26253:26258 transaction failed 29189/-3, size 24-8 line 3136
[  843.855341] binder: undelivered TRANSACTION_ERROR: 29189
[  843.856477] binder: 26253:26258 IncRefs 0 refcount change on invalid ref 1 ret -22
[  843.923410] binder: BINDER_SET_CONTEXT_MGR already set
[  843.923419] binder: 26264:26271 ioctl 40046207 0 returned -16
[  843.923515] binder_alloc: 30679: binder_alloc_buf, no vma
[  843.923535] binder: 26264:26271 transaction failed 29189/-3, size 24-8 line 3136
[  843.923607] binder: undelivered TRANSACTION_ERROR: 29189
[  843.923676] binder: 26264:26271 IncRefs 0 refcount change on invalid ref 1 ret -22
[  843.991503] binder: BINDER_SET_CONTEXT_MGR already set
[  843.991511] binder: 26280:26287 ioctl 40046207 0 returned -16
[  843.992342] binder_alloc: 30679: binder_alloc_buf, no vma
[  843.992361] binder: 26280:26287 transaction failed 29189/-3, size 24-8 line 3136
[  843.993544] binder: undelivered TRANSACTION_ERROR: 29189
[  843.993631] binder: 26280:26287 IncRefs 0 refcount change on invalid ref 1 ret -22
[  844.066429] binder: BINDER_SET_CONTEXT_MGR already set
[  844.066439] binder: 26300:26306 ioctl 40046207 0 returned -16
[  844.067488] binder_alloc: 30679: binder_alloc_buf, no vma
[  844.067507] binder: 26300:26306 transaction failed 29189/-3, size 24-8 line 3136
[  844.067600] binder: undelivered TRANSACTION_ERROR: 29189
[  844.067685] binder: 26300:26306 IncRefs 0 refcount change on invalid ref 1 ret -22
[  844.233007] binder: BINDER_SET_CONTEXT_MGR already set
[  844.233017] binder: 26311:26326 ioctl 40046207 0 returned -16
[  844.233125] binder_alloc: 30679: binder_alloc_buf, no vma
[  844.233143] binder: 26311:26326 transaction failed 29189/-3, size 24-8 line 3136
[  844.233233] binder: undelivered TRANSACTION_ERROR: 29189
[  844.233315] binder: 26311:26326 IncRefs 0 refcount change on invalid ref 1 ret -22
[  844.284757] binder: BINDER_SET_CONTEXT_MGR already set
[  844.284766] binder: 26330:26338 ioctl 40046207 0 returned -16
[  844.284876] binder_alloc: 30679: binder_alloc_buf, no vma
[  844.284897] binder: 26330:26338 transaction failed 29189/-3, size 24-8 line 3136
[  844.284984] binder: undelivered TRANSACTION_ERROR: 29189
[  844.285064] binder: 26330:26338 IncRefs 0 refcount change on invalid ref 1 ret -22
[  844.407398] binder: BINDER_SET_CONTEXT_MGR already set
[  844.407407] binder: 26348:26350 ioctl 40046207 0 returned -16
[  844.407503] binder_alloc: 30679: binder_alloc_buf, no vma
[  844.407522] binder: 26348:26350 transaction failed 29189/-3, size 24-8 line 3136
[  844.407595] binder: undelivered TRANSACTION_ERROR: 29189
[  844.407665] binder: 26348:26350 IncRefs 0 refcount change on invalid ref 1 ret -22
[  844.437116] binder: BINDER_SET_CONTEXT_MGR already set
[  844.437125] binder: 26359:26361 ioctl 40046207 0 returned -16
[  844.437233] binder_alloc: 30679: binder_alloc_buf, no vma
[  844.437253] binder: 26359:26361 transaction failed 29189/-3, size 24-8 line 3136
[  844.437342] binder: undelivered TRANSACTION_ERROR: 29189
[  844.437426] binder: 26359:26361 IncRefs 0 refcount change on invalid ref 1 ret -22
[  844.532534] binder: BINDER_SET_CONTEXT_MGR already set
[  844.532547] binder: 26371:26379 ioctl 40046207 0 returned -16
[  844.532657] binder_alloc: 30679: binder_alloc_buf, no vma
[  844.532676] binder: 26371:26379 transaction failed 29189/-3, size 24-8 line 3136
[  844.532757] binder: undelivered TRANSACTION_ERROR: 29189
[  844.532836] binder: 26371:26379 IncRefs 0 refcount change on invalid ref 1 ret -22
[  844.652115] binder: BINDER_SET_CONTEXT_MGR already set
[  844.652124] binder: 26387:26389 ioctl 40046207 0 returned -16
[  844.652220] binder_alloc: 30679: binder_alloc_buf, no vma
[  844.652238] binder: 26387:26389 transaction failed 29189/-3, size 24-8 line 3136
[  844.652310] binder: undelivered TRANSACTION_ERROR: 29189
[  844.652388] binder: 26387:26389 IncRefs 0 refcount change on invalid ref 1 ret -22
[  844.715519] binder: BINDER_SET_CONTEXT_MGR already set
[  844.715528] binder: 26399:26402 ioctl 40046207 0 returned -16
[  844.715634] binder_alloc: 30679: binder_alloc_buf, no vma
[  844.715654] binder: 26399:26402 transaction failed 29189/-3, size 24-8 line 3136
[  844.715739] binder: undelivered TRANSACTION_ERROR: 29189
[  844.715824] binder: 26399:26402 IncRefs 0 refcount change on invalid ref 1 ret -22
[  844.870222] binder: BINDER_SET_CONTEXT_MGR already set
[  844.870232] binder: 26410:26418 ioctl 40046207 0 returned -16
[  844.870329] binder_alloc: 30679: binder_alloc_buf, no vma
[  844.870349] binder: 26410:26418 transaction failed 29189/-3, size 24-8 line 3136
[  844.870436] binder: undelivered TRANSACTION_ERROR: 29189
[  844.870511] binder: 26410:26418 IncRefs 0 refcount change on invalid ref 1 ret -22
[  844.941650] binder: BINDER_SET_CONTEXT_MGR already set
[  844.941658] binder: 26425:26428 ioctl 40046207 0 returned -16
[  844.941850] binder_alloc: 30679: binder_alloc_buf, no vma
[  844.941869] binder: 26425:26428 transaction failed 29189/-3, size 24-8 line 3136
[  844.945402] binder: undelivered TRANSACTION_ERROR: 29189
[  844.946472] binder: 26425:26428 IncRefs 0 refcount change on invalid ref 1 ret -22
[  844.990565] binder: BINDER_SET_CONTEXT_MGR already set
[  844.990574] binder: 26436:26442 ioctl 40046207 0 returned -16
[  844.990680] binder_alloc: 30679: binder_alloc_buf, no vma
[  844.990698] binder: 26436:26442 transaction failed 29189/-3, size 24-8 line 3136
[  844.990803] binder: undelivered TRANSACTION_ERROR: 29189
[  844.990897] binder: 26436:26442 IncRefs 0 refcount change on invalid ref 1 ret -22
[  845.070584] binder: BINDER_SET_CONTEXT_MGR already set
[  845.070593] binder: 26448:26460 ioctl 40046207 0 returned -16
[  845.071710] binder_alloc: 30679: binder_alloc_buf, no vma
[  845.071729] binder: 26448:26460 transaction failed 29189/-3, size 24-8 line 3136
[  845.072814] binder: undelivered TRANSACTION_ERROR: 29189
[  845.073093] binder: 26448:26460 IncRefs 0 refcount change on invalid ref 1 ret -22
[  845.125295] binder: BINDER_SET_CONTEXT_MGR already set
[  845.125303] binder: 26468:26469 ioctl 40046207 0 returned -16
[  845.125402] binder_alloc: 30679: binder_alloc_buf, no vma
[  845.125419] binder: 26468:26469 transaction failed 29189/-3, size 24-8 line 3136
[  845.125539] binder: undelivered TRANSACTION_ERROR: 29189
[  845.130739] binder: 26468:26469 IncRefs 0 refcount change on invalid ref 1 ret -22
[  845.209036] binder: BINDER_SET_CONTEXT_MGR already set
[  845.209046] binder: 26481:26482 ioctl 40046207 0 returned -16
[  845.209144] binder_alloc: 30679: binder_alloc_buf, no vma
[  845.209163] binder: 26481:26482 transaction failed 29189/-3, size 24-8 line 3136
[  845.210252] binder: undelivered TRANSACTION_ERROR: 29189
[  845.210342] binder: 26481:26482 IncRefs 0 refcount change on invalid ref 1 ret -22
[  845.252292] binder: BINDER_SET_CONTEXT_MGR already set
[  845.252301] binder: 26490:26494 ioctl 40046207 0 returned -16
[  845.252406] binder_alloc: 30679: binder_alloc_buf, no vma
[  845.252425] binder: 26490:26494 transaction failed 29189/-3, size 24-8 line 3136
[  845.253164] binder: undelivered TRANSACTION_ERROR: 29189
[  845.253241] binder: 26490:26494 IncRefs 0 refcount change on invalid ref 1 ret -22
[  845.302537] binder: BINDER_SET_CONTEXT_MGR already set
[  845.302547] binder: 26504:26507 ioctl 40046207 0 returned -16
[  845.302658] binder_alloc: 30679: binder_alloc_buf, no vma
[  845.302678] binder: 26504:26507 transaction failed 29189/-3, size 24-8 line 3136
[  845.302764] binder: undelivered TRANSACTION_ERROR: 29189
[  845.302854] binder: 26504:26507 IncRefs 0 refcount change on invalid ref 1 ret -22
[  845.369888] binder: BINDER_SET_CONTEXT_MGR already set
[  845.369898] binder: 26512:26521 ioctl 40046207 0 returned -16
[  845.370032] binder_alloc: 30679: binder_alloc_buf, no vma
[  845.370053] binder: 26512:26521 transaction failed 29189/-3, size 24-8 line 3136
[  845.370145] binder: undelivered TRANSACTION_ERROR: 29189
[  845.370714] binder: 26512:26521 IncRefs 0 refcount change on invalid ref 1 ret -22
[  845.442720] binder: BINDER_SET_CONTEXT_MGR already set
[  845.442730] binder: 26530:26535 ioctl 40046207 0 returned -16
[  845.442848] binder_alloc: 30679: binder_alloc_buf, no vma
[  845.442869] binder: 26530:26535 transaction failed 29189/-3, size 24-8 line 3136
[  845.442960] binder: undelivered TRANSACTION_ERROR: 29189
[  845.443049] binder: 26530:26535 IncRefs 0 refcount change on invalid ref 1 ret -22
[  845.513442] binder: BINDER_SET_CONTEXT_MGR already set
[  845.513452] binder: 26543:26554 ioctl 40046207 0 returned -16
[  845.513559] binder_alloc: 30679: binder_alloc_buf, no vma
[  845.513578] binder: 26543:26554 transaction failed 29189/-3, size 24-8 line 3136
[  845.513662] binder: undelivered TRANSACTION_ERROR: 29189
[  845.513747] binder: 26543:26554 IncRefs 0 refcount change on invalid ref 1 ret -22
[  845.580008] binder: BINDER_SET_CONTEXT_MGR already set
[  845.580016] binder: 26566:26570 ioctl 40046207 0 returned -16
[  845.580121] binder_alloc: 30679: binder_alloc_buf, no vma
[  845.580140] binder: 26566:26570 transaction failed 29189/-3, size 24-8 line 3136
[  845.580224] binder: undelivered TRANSACTION_ERROR: 29189
[  845.580308] binder: 26566:26570 IncRefs 0 refcount change on invalid ref 1 ret -22
[  845.673919] binder: BINDER_SET_CONTEXT_MGR already set
[  845.673927] binder: 26582:26584 ioctl 40046207 0 returned -16
[  845.674066] binder_alloc: 30679: binder_alloc_buf, no vma
[  845.674084] binder: 26582:26584 transaction failed 29189/-3, size 24-8 line 3136
[  845.675371] binder: undelivered TRANSACTION_ERROR: 29189
[  845.675515] binder: 26582:26584 IncRefs 0 refcount change on invalid ref 1 ret -22
[  845.712360] binder: BINDER_SET_CONTEXT_MGR already set
[  845.712370] binder: 26598:26599 ioctl 40046207 0 returned -16
[  845.712492] binder_alloc: 30679: binder_alloc_buf, no vma
[  845.712510] binder: 26598:26599 transaction failed 29189/-3, size 24-8 line 3136
[  845.712597] binder: undelivered TRANSACTION_ERROR: 29189
[  845.712679] binder: 26598:26599 IncRefs 0 refcount change on invalid ref 1 ret -22
[  845.757012] binder: BINDER_SET_CONTEXT_MGR already set
[  845.757021] binder: 26607:26610 ioctl 40046207 0 returned -16
[  845.758344] binder_alloc: 30679: binder_alloc_buf, no vma
[  845.758365] binder: 26607:26610 transaction failed 29189/-3, size 24-8 line 3136
[  845.760559] binder: undelivered TRANSACTION_ERROR: 29189
[  845.760704] binder: 26607:26610 IncRefs 0 refcount change on invalid ref 1 ret -22
[  845.844451] binder: BINDER_SET_CONTEXT_MGR already set
[  845.844461] binder: 26616:26625 ioctl 40046207 0 returned -16
[  845.844934] binder_alloc: 30679: binder_alloc_buf, no vma
[  845.844953] binder: 26616:26625 transaction failed 29189/-3, size 24-8 line 3136
[  845.845039] binder: undelivered TRANSACTION_ERROR: 29189
[  845.845118] binder: 26616:26625 IncRefs 0 refcount change on invalid ref 1 ret -22
[  845.942016] binder: BINDER_SET_CONTEXT_MGR already set
[  845.942027] binder: 26639:26655 ioctl 40046207 0 returned -16
[  845.942445] binder_alloc: 30679: binder_alloc_buf, no vma
[  845.942464] binder: 26639:26655 transaction failed 29189/-3, size 24-8 line 3136
[  845.942538] binder: undelivered TRANSACTION_ERROR: 29189
[  845.942606] binder: 26639:26655 IncRefs 0 refcount change on invalid ref 1 ret -22
[  846.004818] binder: BINDER_SET_CONTEXT_MGR already set
[  846.004827] binder: 26663:26669 ioctl 40046207 0 returned -16
[  846.004921] binder_alloc: 30679: binder_alloc_buf, no vma
[  846.004938] binder: 26663:26669 transaction failed 29189/-3, size 24-8 line 3136
[  846.005698] binder: undelivered TRANSACTION_ERROR: 29189
[  846.032333] binder: 26663:26669 IncRefs 0 refcount change on invalid ref 1 ret -22
[  846.101975] binder: BINDER_SET_CONTEXT_MGR already set
[  846.101986] binder: 26684:26689 ioctl 40046207 0 returned -16
[  846.103064] binder_alloc: 30679: binder_alloc_buf, no vma
[  846.103084] binder: 26684:26689 transaction failed 29189/-3, size 24-8 line 3136
[  846.103254] binder: undelivered TRANSACTION_ERROR: 29189
[  846.103344] binder: 26684:26689 IncRefs 0 refcount change on invalid ref 1 ret -22
[  846.194972] binder: BINDER_SET_CONTEXT_MGR already set
[  846.194982] binder: 26699:26711 ioctl 40046207 0 returned -16
[  846.195082] binder_alloc: 30679: binder_alloc_buf, no vma
[  846.195100] binder: 26699:26711 transaction failed 29189/-3, size 24-8 line 3136
[  846.195174] binder: undelivered TRANSACTION_ERROR: 29189
[  846.195243] binder: 26699:26711 IncRefs 0 refcount change on invalid ref 1 ret -22
[  846.309714] binder: BINDER_SET_CONTEXT_MGR already set
[  846.309723] binder: 26720:26732 ioctl 40046207 0 returned -16
[  846.309843] binder_alloc: 30679: binder_alloc_buf, no vma
[  846.309864] binder: 26720:26732 transaction failed 29189/-3, size 24-8 line 3136
[  846.309955] binder: undelivered TRANSACTION_ERROR: 29189
[  846.310040] binder: 26720:26732 IncRefs 0 refcount change on invalid ref 1 ret -22
[  846.429833] binder: BINDER_SET_CONTEXT_MGR already set
[  846.429842] binder: 26748:26760 ioctl 40046207 0 returned -16
[  846.430793] binder_alloc: 30679: binder_alloc_buf, no vma
[  846.430813] binder: 26748:26760 transaction failed 29189/-3, size 24-8 line 3136
[  846.430903] binder: undelivered TRANSACTION_ERROR: 29189
[  846.430980] binder: 26748:26760 IncRefs 0 refcount change on invalid ref 1 ret -22
[  846.505332] binder: BINDER_SET_CONTEXT_MGR already set
[  846.505341] binder: 26770:26778 ioctl 40046207 0 returned -16
[  846.505447] binder_alloc: 30679: binder_alloc_buf, no vma
[  846.505466] binder: 26770:26778 transaction failed 29189/-3, size 24-8 line 3136
[  846.505551] binder: undelivered TRANSACTION_ERROR: 29189
[  846.505696] binder: 26770:26778 IncRefs 0 refcount change on invalid ref 1 ret -22
[  846.580520] binder: BINDER_SET_CONTEXT_MGR already set
[  846.580529] binder: 26784:26795 ioctl 40046207 0 returned -16
[  846.580625] binder_alloc: 30679: binder_alloc_buf, no vma
[  846.580644] binder: 26784:26795 transaction failed 29189/-3, size 24-8 line 3136
[  846.580719] binder: undelivered TRANSACTION_ERROR: 29189
[  846.580789] binder: 26784:26795 IncRefs 0 refcount change on invalid ref 1 ret -22
[  846.645668] binder: BINDER_SET_CONTEXT_MGR already set
[  846.645678] binder: 26803:26810 ioctl 40046207 0 returned -16
[  846.645790] binder_alloc: 30679: binder_alloc_buf, no vma
[  846.645809] binder: 26803:26810 transaction failed 29189/-3, size 24-8 line 3136
[  846.646200] binder: undelivered TRANSACTION_ERROR: 29189
[  846.647076] binder: 26803:26810 IncRefs 0 refcount change on invalid ref 1 ret -22
[  846.740017] binder: BINDER_SET_CONTEXT_MGR already set
[  846.740026] binder: 26822:26827 ioctl 40046207 0 returned -16
[  846.740171] binder_alloc: 30679: binder_alloc_buf, no vma
[  846.740272] binder: 26822:26827 transaction failed 29189/-3, size 24-8 line 3136
[  846.740365] binder: undelivered TRANSACTION_ERROR: 29189
[  846.740481] binder: 26822:26827 IncRefs 0 refcount change on invalid ref 1 ret -22
[  846.834160] binder: BINDER_SET_CONTEXT_MGR already set
[  846.834177] binder: 26834:26851 ioctl 40046207 0 returned -16
[  846.834672] binder_alloc: 30679: binder_alloc_buf, no vma
[  846.834692] binder: 26834:26851 transaction failed 29189/-3, size 24-8 line 3136
[  846.834878] binder: undelivered TRANSACTION_ERROR: 29189
[  846.834965] binder: 26834:26851 IncRefs 0 refcount change on invalid ref 1 ret -22
[  846.894142] binder: BINDER_SET_CONTEXT_MGR already set
[  846.894152] binder: 26861:26864 ioctl 40046207 0 returned -16
[  846.894245] binder_alloc: 30679: binder_alloc_buf, no vma
[  846.894265] binder: 26861:26864 transaction failed 29189/-3, size 24-8 line 3136
[  846.894338] binder: undelivered TRANSACTION_ERROR: 29189
[  846.894407] binder: 26861:26864 IncRefs 0 refcount change on invalid ref 1 ret -22
[  847.016168] binder: BINDER_SET_CONTEXT_MGR already set
[  847.016177] binder: 26877:26878 ioctl 40046207 0 returned -16
[  847.016273] binder_alloc: 30679: binder_alloc_buf, no vma
[  847.016291] binder: 26877:26878 transaction failed 29189/-3, size 24-8 line 3136
[  847.016572] binder: undelivered TRANSACTION_ERROR: 29189
[  847.017229] binder: 26877:26878 IncRefs 0 refcount change on invalid ref 1 ret -22
[  847.070405] binder: BINDER_SET_CONTEXT_MGR already set
[  847.070414] binder: 26892:26893 ioctl 40046207 0 returned -16
[  847.070514] binder_alloc: 30679: binder_alloc_buf, no vma
[  847.070532] binder: 26892:26893 transaction failed 29189/-3, size 24-8 line 3136
[  847.070609] binder: undelivered TRANSACTION_ERROR: 29189
[  847.070681] binder: 26892:26893 IncRefs 0 refcount change on invalid ref 1 ret -22
[  847.129556] binder: BINDER_SET_CONTEXT_MGR already set
[  847.129565] binder: 26900:26909 ioctl 40046207 0 returned -16
[  847.129672] binder_alloc: 30679: binder_alloc_buf, no vma
[  847.129691] binder: 26900:26909 transaction failed 29189/-3, size 24-8 line 3136
[  847.129776] binder: undelivered TRANSACTION_ERROR: 29189
[  847.129857] binder: 26900:26909 IncRefs 0 refcount change on invalid ref 1 ret -22
[  847.214643] binder: BINDER_SET_CONTEXT_MGR already set
[  847.214652] binder: 26922:26924 ioctl 40046207 0 returned -16
[  847.222079] binder_alloc: 30679: binder_alloc_buf, no vma
[  847.222096] binder: 26922:26924 transaction failed 29189/-3, size 24-8 line 3136
[  847.222193] binder: undelivered TRANSACTION_ERROR: 29189
[  847.222267] binder: 26922:26924 IncRefs 0 refcount change on invalid ref 1 ret -22
[  847.285929] binder: BINDER_SET_CONTEXT_MGR already set
[  847.285940] binder: 26934:26943 ioctl 40046207 0 returned -16
[  847.290513] binder_alloc: 30679: binder_alloc_buf, no vma
[  847.290533] binder: 26934:26943 transaction failed 29189/-3, size 24-8 line 3136
[  847.290631] binder: undelivered TRANSACTION_ERROR: 29189
[  847.290715] binder: 26934:26943 IncRefs 0 refcount change on invalid ref 1 ret -22
[  847.329428] binder: BINDER_SET_CONTEXT_MGR already set
[  847.329437] binder: 26950:26953 ioctl 40046207 0 returned -16
[  847.329543] binder_alloc: 30679: binder_alloc_buf, no vma
[  847.329562] binder: 26950:26953 transaction failed 29189/-3, size 24-8 line 3136
[  847.329649] binder: undelivered TRANSACTION_ERROR: 29189
[  847.329734] binder: 26950:26953 IncRefs 0 refcount change on invalid ref 1 ret -22
[  847.366700] binder: BINDER_SET_CONTEXT_MGR already set
[  847.366709] binder: 26957:26958 ioctl 40046207 0 returned -16
[  847.366801] binder_alloc: 30679: binder_alloc_buf, no vma
[  847.366820] binder: 26957:26958 transaction failed 29189/-3, size 24-8 line 3136
[  847.366934] binder: undelivered TRANSACTION_ERROR: 29189
[  847.367003] binder: 26957:26958 IncRefs 0 refcount change on invalid ref 1 ret -22
[  847.460369] binder: BINDER_SET_CONTEXT_MGR already set
[  847.460377] binder: 26968:26980 ioctl 40046207 0 returned -16
[  847.460517] binder_alloc: 30679: binder_alloc_buf, no vma
[  847.460536] binder: 26968:26980 transaction failed 29189/-3, size 24-8 line 3136
[  847.460622] binder: undelivered TRANSACTION_ERROR: 29189
[  847.460793] binder: 26968:26980 IncRefs 0 refcount change on invalid ref 1 ret -22
[  847.545566] binder: BINDER_SET_CONTEXT_MGR already set
[  847.545576] binder: 26995:27001 ioctl 40046207 0 returned -16
[  847.545690] binder_alloc: 30679: binder_alloc_buf, no vma
[  847.545710] binder: 26995:27001 transaction failed 29189/-3, size 24-8 line 3136
[  847.545798] binder: undelivered TRANSACTION_ERROR: 29189
[  847.545935] binder: 26995:27001 IncRefs 0 refcount change on invalid ref 1 ret -22
[  847.598099] binder: BINDER_SET_CONTEXT_MGR already set
[  847.598109] binder: 27004:27009 ioctl 40046207 0 returned -16
[  847.598292] binder_alloc: 30679: binder_alloc_buf, no vma
[  847.598309] binder: 27004:27009 transaction failed 29189/-3, size 24-8 line 3136
[  847.611775] binder: undelivered TRANSACTION_ERROR: 29189
[  847.611900] binder: 27004:27009 IncRefs 0 refcount change on invalid ref 1 ret -22
[  847.643836] binder: BINDER_SET_CONTEXT_MGR already set
[  847.643845] binder: 27018:27019 ioctl 40046207 0 returned -16
[  847.643950] binder_alloc: 30679: binder_alloc_buf, no vma
[  847.644072] binder: 27018:27019 transaction failed 29189/-3, size 24-8 line 3136
[  847.644148] binder: undelivered TRANSACTION_ERROR: 29189
[  847.644280] binder: 27018:27019 IncRefs 0 refcount change on invalid ref 1 ret -22
[  847.707932] binder: BINDER_SET_CONTEXT_MGR already set
[  847.707940] binder: 27030:27035 ioctl 40046207 0 returned -16
[  847.708034] binder_alloc: 30679: binder_alloc_buf, no vma
[  847.708052] binder: 27030:27035 transaction failed 29189/-3, size 24-8 line 3136
[  847.708124] binder: undelivered TRANSACTION_ERROR: 29189
[  847.708195] binder: 27030:27035 IncRefs 0 refcount change on invalid ref 1 ret -22
[  847.796395] binder: BINDER_SET_CONTEXT_MGR already set
[  847.796407] binder: 27049:27053 ioctl 40046207 0 returned -16
[  847.796534] binder_alloc: 30679: binder_alloc_buf, no vma
[  847.796552] binder: 27049:27053 transaction failed 29189/-3, size 24-8 line 3136
[  847.796648] binder: undelivered TRANSACTION_ERROR: 29189
[  847.796730] binder: 27049:27053 IncRefs 0 refcount change on invalid ref 1 ret -22
[  847.891032] binder: BINDER_SET_CONTEXT_MGR already set
[  847.891042] binder: 27063:27072 ioctl 40046207 0 returned -16
[  847.891152] binder_alloc: 30679: binder_alloc_buf, no vma
[  847.891172] binder: 27063:27072 transaction failed 29189/-3, size 24-8 line 3136
[  847.891260] binder: undelivered TRANSACTION_ERROR: 29189
[  847.891346] binder: 27063:27072 IncRefs 0 refcount change on invalid ref 1 ret -22
[  847.955760] binder: BINDER_SET_CONTEXT_MGR already set
[  847.955769] binder: 27081:27089 ioctl 40046207 0 returned -16
[  847.955871] binder_alloc: 30679: binder_alloc_buf, no vma
[  847.955890] binder: 27081:27089 transaction failed 29189/-3, size 24-8 line 3136
[  847.955980] binder: undelivered TRANSACTION_ERROR: 29189
[  847.956054] binder: 27081:27089 IncRefs 0 refcount change on invalid ref 1 ret -22
[  848.046990] binder: BINDER_SET_CONTEXT_MGR already set
[  848.047000] binder: 27098:27100 ioctl 40046207 0 returned -16
[  848.047865] binder_alloc: 30679: binder_alloc_buf, no vma
[  848.047893] binder: 27098:27100 transaction failed 29189/-3, size 24-8 line 3136
[  848.048065] binder: undelivered TRANSACTION_ERROR: 29189
[  848.048195] binder: 27098:27100 IncRefs 0 refcount change on invalid ref 1 ret -22
[  848.114297] binder: BINDER_SET_CONTEXT_MGR already set
[  848.114306] binder: 27113:27123 ioctl 40046207 0 returned -16
[  848.114496] binder_alloc: 30679: binder_alloc_buf, no vma
[  848.114512] binder: 27113:27123 transaction failed 29189/-3, size 24-8 line 3136
[  848.114587] binder: undelivered TRANSACTION_ERROR: 29189
[  848.114657] binder: 27113:27123 IncRefs 0 refcount change on invalid ref 1 ret -22
[  848.160865] binder: BINDER_SET_CONTEXT_MGR already set
[  848.160884] binder: 27128:27132 ioctl 40046207 0 returned -16
[  848.160981] binder_alloc: 30679: binder_alloc_buf, no vma
[  848.161000] binder: 27128:27132 transaction failed 29189/-3, size 24-8 line 3136
[  848.161921] binder: undelivered TRANSACTION_ERROR: 29189
[  848.162003] binder: 27128:27132 IncRefs 0 refcount change on invalid ref 1 ret -22
[  848.201117] binder: BINDER_SET_CONTEXT_MGR already set
[  848.201126] binder: 27140:27141 ioctl 40046207 0 returned -16
[  848.201228] binder_alloc: 30679: binder_alloc_buf, no vma
[  848.201246] binder: 27140:27141 transaction failed 29189/-3, size 24-8 line 3136
[  848.201997] binder: undelivered TRANSACTION_ERROR: 29189
[  848.202074] binder: 27140:27141 IncRefs 0 refcount change on invalid ref 1 ret -22
[  848.276134] binder: BINDER_SET_CONTEXT_MGR already set
[  848.276143] binder: 27148:27154 ioctl 40046207 0 returned -16
[  848.276251] binder_alloc: 30679: binder_alloc_buf, no vma
[  848.276271] binder: 27148:27154 transaction failed 29189/-3, size 24-8 line 3136
[  848.276358] binder: undelivered TRANSACTION_ERROR: 29189
[  848.276442] binder: 27148:27154 IncRefs 0 refcount change on invalid ref 1 ret -22
[  848.321509] binder: BINDER_SET_CONTEXT_MGR already set
[  848.321518] binder: 27163:27166 ioctl 40046207 0 returned -16
[  848.321624] binder_alloc: 30679: binder_alloc_buf, no vma
[  848.321641] binder: 27163:27166 transaction failed 29189/-3, size 24-8 line 3136
[  848.321724] binder: undelivered TRANSACTION_ERROR: 29189
[  848.322744] binder: 27163:27166 IncRefs 0 refcount change on invalid ref 1 ret -22
[  848.360396] binder: BINDER_SET_CONTEXT_MGR already set
[  848.360405] binder: 27178:27179 ioctl 40046207 0 returned -16
[  848.360516] binder_alloc: 30679: binder_alloc_buf, no vma
[  848.360533] binder: 27178:27179 transaction failed 29189/-3, size 24-8 line 3136
[  848.360609] binder: undelivered TRANSACTION_ERROR: 29189
[  848.360679] binder: 27178:27179 IncRefs 0 refcount change on invalid ref 1 ret -22
[  848.444717] binder: BINDER_SET_CONTEXT_MGR already set
[  848.444727] binder: 27187:27189 ioctl 40046207 0 returned -16
[  848.444822] binder_alloc: 30679: binder_alloc_buf, no vma
[  848.444841] binder: 27187:27189 transaction failed 29189/-3, size 24-8 line 3136
[  848.445916] binder: undelivered TRANSACTION_ERROR: 29189
[  848.445996] binder: 27187:27189 IncRefs 0 refcount change on invalid ref 1 ret -22
[  848.471494] binder: BINDER_SET_CONTEXT_MGR already set
[  848.471502] binder: 27201:27202 ioctl 40046207 0 returned -16
[  848.471612] binder_alloc: 30679: binder_alloc_buf, no vma
[  848.471631] binder: 27201:27202 transaction failed 29189/-3, size 24-8 line 3136
[  848.471715] binder: undelivered TRANSACTION_ERROR: 29189
[  848.471791] binder: 27201:27202 IncRefs 0 refcount change on invalid ref 1 ret -22
[  848.518562] binder: BINDER_SET_CONTEXT_MGR already set
[  848.518570] binder: 27213:27214 ioctl 40046207 0 returned -16
[  848.518683] binder_alloc: 30679: binder_alloc_buf, no vma
[  848.518702] binder: 27213:27214 transaction failed 29189/-3, size 24-8 line 3136
[  848.518789] binder: undelivered TRANSACTION_ERROR: 29189
[  848.518885] binder: 27213:27214 IncRefs 0 refcount change on invalid ref 1 ret -22
[  848.656326] binder: BINDER_SET_CONTEXT_MGR already set
[  848.656336] binder: 27226:27235 ioctl 40046207 0 returned -16
[  848.656446] binder_alloc: 30679: binder_alloc_buf, no vma
[  848.656466] binder: 27226:27235 transaction failed 29189/-3, size 24-8 line 3136
[  848.656541] binder: undelivered TRANSACTION_ERROR: 29189
[  848.656610] binder: 27226:27235 IncRefs 0 refcount change on invalid ref 1 ret -22
[  848.870445] binder: BINDER_SET_CONTEXT_MGR already set
[  848.870454] binder: 27262:27270 ioctl 40046207 0 returned -16
[  848.874331] binder_alloc: 30679: binder_alloc_buf, no vma
[  848.874350] binder: 27262:27270 transaction failed 29189/-3, size 24-8 line 3136
[  848.874460] binder: undelivered TRANSACTION_ERROR: 29189
[  848.874545] binder: 27262:27270 IncRefs 0 refcount change on invalid ref 1 ret -22
[  848.936205] binder: BINDER_SET_CONTEXT_MGR already set
[  848.936215] binder: 27276:27282 ioctl 40046207 0 returned -16
[  848.936944] binder_alloc: 30679: binder_alloc_buf, no vma
[  848.936962] binder: 27276:27282 transaction failed 29189/-3, size 24-8 line 3136
[  848.937042] binder: undelivered TRANSACTION_ERROR: 29189
[  848.937115] binder: 27276:27282 IncRefs 0 refcount change on invalid ref 1 ret -22
[  849.075411] binder: BINDER_SET_CONTEXT_MGR already set
[  849.075418] binder: 27293:27296 ioctl 40046207 0 returned -16
[  849.075505] binder_alloc: 30679: binder_alloc_buf, no vma
[  849.075524] binder: 27293:27296 transaction failed 29189/-3, size 24-8 line 3136
[  849.075596] binder: undelivered TRANSACTION_ERROR: 29189
[  849.075669] binder: 27293:27296 IncRefs 0 refcount change on invalid ref 1 ret -22
[  849.152131] binder: BINDER_SET_CONTEXT_MGR already set
[  849.152141] binder: 27300:27310 ioctl 40046207 0 returned -16
[  849.152330] binder_alloc: 30679: binder_alloc_buf, no vma
[  849.152350] binder: 27300:27310 transaction failed 29189/-3, size 24-8 line 3136
[  849.152984] binder: undelivered TRANSACTION_ERROR: 29189
[  849.153396] binder: 27300:27310 IncRefs 0 refcount change on invalid ref 1 ret -22
[  849.255526] binder: BINDER_SET_CONTEXT_MGR already set
[  849.255534] binder: 27323:27326 ioctl 40046207 0 returned -16
[  849.255632] binder_alloc: 30679: binder_alloc_buf, no vma
[  849.255652] binder: 27323:27326 transaction failed 29189/-3, size 24-8 line 3136
[  849.255727] binder: undelivered TRANSACTION_ERROR: 29189
[  849.255800] binder: 27323:27326 IncRefs 0 refcount change on invalid ref 1 ret -22
[  849.300903] binder: BINDER_SET_CONTEXT_MGR already set
[  849.300912] binder: 27338:27340 ioctl 40046207 0 returned -16
[  849.301020] binder_alloc: 30679: binder_alloc_buf, no vma
[  849.301039] binder: 27338:27340 transaction failed 29189/-3, size 24-8 line 3136
[  849.301125] binder: undelivered TRANSACTION_ERROR: 29189
[  849.301204] binder: 27338:27340 IncRefs 0 refcount change on invalid ref 1 ret -22
[  849.369330] binder: BINDER_SET_CONTEXT_MGR already set
[  849.369339] binder: 27353:27355 ioctl 40046207 0 returned -16
[  849.369441] binder_alloc: 30679: binder_alloc_buf, no vma
[  849.369460] binder: 27353:27355 transaction failed 29189/-3, size 24-8 line 3136
[  849.375349] binder: undelivered TRANSACTION_ERROR: 29189
[  849.375442] binder: 27353:27355 IncRefs 0 refcount change on invalid ref 1 ret -22
[  849.423681] binder: BINDER_SET_CONTEXT_MGR already set
[  849.423691] binder: 27362:27368 ioctl 40046207 0 returned -16
[  849.423785] binder_alloc: 30679: binder_alloc_buf, no vma
[  849.423806] binder: 27362:27368 transaction failed 29189/-3, size 24-8 line 3136
[  849.423874] binder: undelivered TRANSACTION_ERROR: 29189
[  849.423946] binder: 27362:27368 IncRefs 0 refcount change on invalid ref 1 ret -22
[  849.559526] binder: BINDER_SET_CONTEXT_MGR already set
[  849.559536] binder: 27386:27396 ioctl 40046207 0 returned -16
[  849.559651] binder_alloc: 30679: binder_alloc_buf, no vma
[  849.559671] binder: 27386:27396 transaction failed 29189/-3, size 24-8 line 3136
[  849.559759] binder: undelivered TRANSACTION_ERROR: 29189
[  849.559843] binder: 27386:27396 IncRefs 0 refcount change on invalid ref 1 ret -22
[  849.607745] binder: BINDER_SET_CONTEXT_MGR already set
[  849.607754] binder: 27402:27405 ioctl 40046207 0 returned -16
[  849.607862] binder_alloc: 30679: binder_alloc_buf, no vma
[  849.607891] binder: 27402:27405 transaction failed 29189/-3, size 24-8 line 3136
[  849.607978] binder: undelivered TRANSACTION_ERROR: 29189
[  849.608057] binder: 27402:27405 IncRefs 0 refcount change on invalid ref 1 ret -22
[  849.740456] binder: BINDER_SET_CONTEXT_MGR already set
[  849.740465] binder: 27409:27412 ioctl 40046207 0 returned -16
[  849.740565] binder_alloc: 30679: binder_alloc_buf, no vma
[  849.740584] binder: 27409:27412 transaction failed 29189/-3, size 24-8 line 3136
[  849.740657] binder: undelivered TRANSACTION_ERROR: 29189
[  849.740726] binder: 27409:27412 IncRefs 0 refcount change on invalid ref 1 ret -22
[  849.821087] binder: BINDER_SET_CONTEXT_MGR already set
[  849.821096] binder: 27427:27429 ioctl 40046207 0 returned -16
[  849.821204] binder_alloc: 30679: binder_alloc_buf, no vma
[  849.821223] binder: 27427:27429 transaction failed 29189/-3, size 24-8 line 3136
[  849.821305] binder: undelivered TRANSACTION_ERROR: 29189
[  849.821388] binder: 27427:27429 IncRefs 0 refcount change on invalid ref 1 ret -22
[  849.917106] binder: BINDER_SET_CONTEXT_MGR already set
[  849.917115] binder: 27452:27458 ioctl 40046207 0 returned -16
[  849.917224] binder_alloc: 30679: binder_alloc_buf, no vma
[  849.917244] binder: 27452:27458 transaction failed 29189/-3, size 24-8 line 3136
[  849.917421] binder: undelivered TRANSACTION_ERROR: 29189
[  849.917515] binder: 27452:27458 IncRefs 0 refcount change on invalid ref 1 ret -22
[  849.965815] binder: BINDER_SET_CONTEXT_MGR already set
[  849.965825] binder: 27462:27465 ioctl 40046207 0 returned -16
[  849.965936] binder_alloc: 30679: binder_alloc_buf, no vma
[  849.965955] binder: 27462:27465 transaction failed 29189/-3, size 24-8 line 3136
[  849.966032] binder: undelivered TRANSACTION_ERROR: 29189
[  849.966103] binder: 27462:27465 IncRefs 0 refcount change on invalid ref 1 ret -22
[  850.049147] binder: BINDER_SET_CONTEXT_MGR already set
[  850.049156] binder: 27482:27488 ioctl 40046207 0 returned -16
[  850.049255] binder_alloc: 30679: binder_alloc_buf, no vma
[  850.049274] binder: 27482:27488 transaction failed 29189/-3, size 24-8 line 3136
[  850.049347] binder: undelivered TRANSACTION_ERROR: 29189
[  850.049809] binder: 27482:27488 IncRefs 0 refcount change on invalid ref 1 ret -22
[  850.125256] binder: BINDER_SET_CONTEXT_MGR already set
[  850.125265] binder: 27498:27501 ioctl 40046207 0 returned -16
[  850.125368] binder_alloc: 30679: binder_alloc_buf, no vma
[  850.125387] binder: 27498:27501 transaction failed 29189/-3, size 24-8 line 3136
[  850.127761] binder: undelivered TRANSACTION_ERROR: 29189
[  850.127853] binder: 27498:27501 IncRefs 0 refcount change on invalid ref 1 ret -22
[  850.181565] binder: BINDER_SET_CONTEXT_MGR already set
[  850.181575] binder: 27509:27510 ioctl 40046207 0 returned -16
[  850.181817] binder_alloc: 30679: binder_alloc_buf, no vma
[  850.181836] binder: 27509:27510 transaction failed 29189/-3, size 24-8 line 3136
[  850.181916] binder: undelivered TRANSACTION_ERROR: 29189
[  850.181988] binder: 27509:27510 IncRefs 0 refcount change on invalid ref 1 ret -22
[  850.254772] binder: BINDER_SET_CONTEXT_MGR already set
[  850.254782] binder: 27529:27530 ioctl 40046207 0 returned -16
[  850.254903] binder_alloc: 30679: binder_alloc_buf, no vma
[  850.254923] binder: 27529:27530 transaction failed 29189/-3, size 24-8 line 3136
[  850.255373] binder: undelivered TRANSACTION_ERROR: 29189
[  850.256092] binder: 27529:27530 IncRefs 0 refcount change on invalid ref 1 ret -22
[  850.316874] binder: BINDER_SET_CONTEXT_MGR already set
[  850.316883] binder: 27540:27543 ioctl 40046207 0 returned -16
[  850.317139] binder_alloc: 30679: binder_alloc_buf, no vma
[  850.317159] binder: 27540:27543 transaction failed 29189/-3, size 24-8 line 3136
[  850.317240] binder: undelivered TRANSACTION_ERROR: 29189
[  850.317313] binder: 27540:27543 IncRefs 0 refcount change on invalid ref 1 ret -22
[  850.375889] binder: BINDER_SET_CONTEXT_MGR already set
[  850.375898] binder: 27552:27555 ioctl 40046207 0 returned -16
[  850.375995] binder_alloc: 30679: binder_alloc_buf, no vma
[  850.376014] binder: 27552:27555 transaction failed 29189/-3, size 24-8 line 3136
[  850.376090] binder: undelivered TRANSACTION_ERROR: 29189
[  850.376166] binder: 27552:27555 IncRefs 0 refcount change on invalid ref 1 ret -22
[  850.466882] binder: BINDER_SET_CONTEXT_MGR already set
[  850.466891] binder: 27567:27580 ioctl 40046207 0 returned -16
[  850.466994] binder_alloc: 30679: binder_alloc_buf, no vma
[  850.467014] binder: 27567:27580 transaction failed 29189/-3, size 24-8 line 3136
[  850.467177] binder: undelivered TRANSACTION_ERROR: 29189
[  850.467382] binder: 27567:27580 IncRefs 0 refcount change on invalid ref 1 ret -22
[  850.531807] binder: BINDER_SET_CONTEXT_MGR already set
[  850.531816] binder: 27586:27591 ioctl 40046207 0 returned -16
[  850.532185] binder_alloc: 30679: binder_alloc_buf, no vma
[  850.532204] binder: 27586:27591 transaction failed 29189/-3, size 24-8 line 3136
[  850.532283] binder: undelivered TRANSACTION_ERROR: 29189
[  850.532365] binder: 27586:27591 IncRefs 0 refcount change on invalid ref 1 ret -22
[  850.607242] binder: BINDER_SET_CONTEXT_MGR already set
[  850.607251] binder: 27603:27608 ioctl 40046207 0 returned -16
[  850.607361] binder_alloc: 30679: binder_alloc_buf, no vma
[  850.607389] binder: 27603:27608 transaction failed 29189/-3, size 24-8 line 3136
[  850.607479] binder: undelivered TRANSACTION_ERROR: 29189
[  850.607662] binder: 27603:27608 IncRefs 0 refcount change on invalid ref 1 ret -22
[  850.676114] binder: BINDER_SET_CONTEXT_MGR already set
[  850.676123] binder: 27619:27620 ioctl 40046207 0 returned -16
[  850.676584] binder_alloc: 30679: binder_alloc_buf, no vma
[  850.676603] binder: 27619:27620 transaction failed 29189/-3, size 24-8 line 3136
[  850.676684] binder: undelivered TRANSACTION_ERROR: 29189
[  850.679999] binder: 27619:27620 IncRefs 0 refcount change on invalid ref 1 ret -22
[  850.728281] binder: BINDER_SET_CONTEXT_MGR already set
[  850.728291] binder: 27629:27632 ioctl 40046207 0 returned -16
[  850.728386] binder_alloc: 30679: binder_alloc_buf, no vma
[  850.728405] binder: 27629:27632 transaction failed 29189/-3, size 24-8 line 3136
[  850.728479] binder: undelivered TRANSACTION_ERROR: 29189
[  850.728547] binder: 27629:27632 IncRefs 0 refcount change on invalid ref 1 ret -22
[  850.785024] binder: BINDER_SET_CONTEXT_MGR already set
[  850.785033] binder: 27645:27648 ioctl 40046207 0 returned -16
[  850.785143] binder_alloc: 30679: binder_alloc_buf, no vma
[  850.785162] binder: 27645:27648 transaction failed 29189/-3, size 24-8 line 3136
[  850.785250] binder: undelivered TRANSACTION_ERROR: 29189
[  850.785334] binder: 27645:27648 IncRefs 0 refcount change on invalid ref 1 ret -22
[  850.870549] binder: BINDER_SET_CONTEXT_MGR already set
[  850.870558] binder: 27656:27665 ioctl 40046207 0 returned -16
[  850.870673] binder_alloc: 30679: binder_alloc_buf, no vma
[  850.870693] binder: 27656:27665 transaction failed 29189/-3, size 24-8 line 3136
[  850.870781] binder: undelivered TRANSACTION_ERROR: 29189
[  850.871207] binder: 27656:27665 IncRefs 0 refcount change on invalid ref 1 ret -22
[  850.930407] binder: BINDER_SET_CONTEXT_MGR already set
[  850.930417] binder: 27674:27676 ioctl 40046207 0 returned -16
[  850.930527] binder_alloc: 30679: binder_alloc_buf, no vma
[  850.930546] binder: 27674:27676 transaction failed 29189/-3, size 24-8 line 3136
[  850.930633] binder: undelivered TRANSACTION_ERROR: 29189
[  850.931820] binder: 27674:27676 IncRefs 0 refcount change on invalid ref 1 ret -22
[  850.972147] binder: BINDER_SET_CONTEXT_MGR already set
[  850.972158] binder: 27684:27689 ioctl 40046207 0 returned -16
[  850.972346] binder_alloc: 30679: binder_alloc_buf, no vma
[  850.972366] binder: 27684:27689 transaction failed 29189/-3, size 24-8 line 3136
[  850.972770] binder: undelivered TRANSACTION_ERROR: 29189
[  850.973262] binder: 27684:27689 IncRefs 0 refcount change on invalid ref 1 ret -22
[  851.065455] binder: BINDER_SET_CONTEXT_MGR already set
[  851.065463] binder: 27703:27710 ioctl 40046207 0 returned -16
[  851.065573] binder_alloc: 30679: binder_alloc_buf, no vma
[  851.065592] binder: 27703:27710 transaction failed 29189/-3, size 24-8 line 3136
[  851.065678] binder: undelivered TRANSACTION_ERROR: 29189
[  851.065763] binder: 27703:27710 IncRefs 0 refcount change on invalid ref 1 ret -22
[  851.111789] binder: BINDER_SET_CONTEXT_MGR already set
[  851.111798] binder: 27716:27719 ioctl 40046207 0 returned -16
[  851.111907] binder_alloc: 30679: binder_alloc_buf, no vma
[  851.111927] binder: 27716:27719 transaction failed 29189/-3, size 24-8 line 3136
[  851.112005] binder: undelivered TRANSACTION_ERROR: 29189
[  851.112080] binder: 27716:27719 IncRefs 0 refcount change on invalid ref 1 ret -22
[  851.162014] binder: BINDER_SET_CONTEXT_MGR already set
[  851.162025] binder: 27727:27732 ioctl 40046207 0 returned -16
[  851.162184] binder_alloc: 30679: binder_alloc_buf, no vma
[  851.162204] binder: 27727:27732 transaction failed 29189/-3, size 24-8 line 3136
[  851.162474] binder: undelivered TRANSACTION_ERROR: 29189
[  851.162717] binder: 27727:27732 IncRefs 0 refcount change on invalid ref 1 ret -22
[  851.262773] binder: BINDER_SET_CONTEXT_MGR already set
[  851.262782] binder: 27749:27752 ioctl 40046207 0 returned -16
[  851.262876] binder_alloc: 30679: binder_alloc_buf, no vma
[  851.262895] binder: 27749:27752 transaction failed 29189/-3, size 24-8 line 3136
[  851.263110] binder: undelivered TRANSACTION_ERROR: 29189
[  851.263185] binder: 27749:27752 IncRefs 0 refcount change on invalid ref 1 ret -22
[  851.337715] binder: BINDER_SET_CONTEXT_MGR already set
[  851.337727] binder: 27760:27762 ioctl 40046207 0 returned -16
[  851.337960] binder_alloc: 30679: binder_alloc_buf, no vma
[  851.337979] binder: 27760:27762 transaction failed 29189/-3, size 24-8 line 3136
[  851.341043] binder: undelivered TRANSACTION_ERROR: 29189
[  851.341415] binder: 27760:27762 IncRefs 0 refcount change on invalid ref 1 ret -22
[  851.465244] binder: BINDER_SET_CONTEXT_MGR already set
[  851.465253] binder: 27786:27793 ioctl 40046207 0 returned -16
[  851.465480] binder_alloc: 30679: binder_alloc_buf, no vma
[  851.465507] binder: 27786:27793 transaction failed 29189/-3, size 24-8 line 3136
[  851.466361] binder: undelivered TRANSACTION_ERROR: 29189
[  851.466440] binder: 27786:27793 IncRefs 0 refcount change on invalid ref 1 ret -22
[  851.519489] binder: BINDER_SET_CONTEXT_MGR already set
[  851.519498] binder: 27800:27805 ioctl 40046207 0 returned -16
[  851.519611] binder_alloc: 30679: binder_alloc_buf, no vma
[  851.519630] binder: 27800:27805 transaction failed 29189/-3, size 24-8 line 3136
[  851.519954] binder: undelivered TRANSACTION_ERROR: 29189
[  851.524897] binder: 27800:27805 IncRefs 0 refcount change on invalid ref 1 ret -22
[  851.587059] binder: BINDER_SET_CONTEXT_MGR already set
[  851.587070] binder: 27814:27816 ioctl 40046207 0 returned -16
[  851.587167] binder_alloc: 30679: binder_alloc_buf, no vma
[  851.587186] binder: 27814:27816 transaction failed 29189/-3, size 24-8 line 3136
[  851.587260] binder: undelivered TRANSACTION_ERROR: 29189
[  851.587332] binder: 27814:27816 IncRefs 0 refcount change on invalid ref 1 ret -22
[  851.652865] binder: BINDER_SET_CONTEXT_MGR already set
[  851.652875] binder: 27827:27835 ioctl 40046207 0 returned -16
[  851.653037] binder_alloc: 30679: binder_alloc_buf, no vma
[  851.653056] binder: 27827:27835 transaction failed 29189/-3, size 24-8 line 3136
[  851.653141] binder: undelivered TRANSACTION_ERROR: 29189
[  851.653218] binder: 27827:27835 IncRefs 0 refcount change on invalid ref 1 ret -22
[  851.729426] binder: BINDER_SET_CONTEXT_MGR already set
[  851.729435] binder: 27848:27853 ioctl 40046207 0 returned -16
[  851.729535] binder_alloc: 30679: binder_alloc_buf, no vma
[  851.729551] binder: 27848:27853 transaction failed 29189/-3, size 24-8 line 3136
[  851.729628] binder: undelivered TRANSACTION_ERROR: 29189
[  851.729700] binder: 27848:27853 IncRefs 0 refcount change on invalid ref 1 ret -22
[  851.810689] binder: BINDER_SET_CONTEXT_MGR already set
[  851.810698] binder: 27864:27871 ioctl 40046207 0 returned -16
[  851.810791] binder_alloc: 30679: binder_alloc_buf, no vma
[  851.810809] binder: 27864:27871 transaction failed 29189/-3, size 24-8 line 3136
[  851.810890] binder: undelivered TRANSACTION_ERROR: 29189
[  851.810959] binder: 27864:27871 IncRefs 0 refcount change on invalid ref 1 ret -22
[  851.860683] binder: BINDER_SET_CONTEXT_MGR already set
[  851.860691] binder: 27876:27881 ioctl 40046207 0 returned -16
[  851.860800] binder_alloc: 30679: binder_alloc_buf, no vma
[  851.860818] binder: 27876:27881 transaction failed 29189/-3, size 24-8 line 3136
[  851.861261] binder: undelivered TRANSACTION_ERROR: 29189
[  851.861350] binder: 27876:27881 IncRefs 0 refcount change on invalid ref 1 ret -22
[  851.920579] binder: BINDER_SET_CONTEXT_MGR already set
[  851.920588] binder: 27892:27893 ioctl 40046207 0 returned -16
[  851.920683] binder_alloc: 30679: binder_alloc_buf, no vma
[  851.920701] binder: 27892:27893 transaction failed 29189/-3, size 24-8 line 3136
[  851.920774] binder: undelivered TRANSACTION_ERROR: 29189
[  851.920842] binder: 27892:27893 IncRefs 0 refcount change on invalid ref 1 ret -22
[  851.963146] binder: BINDER_SET_CONTEXT_MGR already set
[  851.963155] binder: 27901:27903 ioctl 40046207 0 returned -16
[  851.963349] binder_alloc: 30679: binder_alloc_buf, no vma
[  851.963368] binder: 27901:27903 transaction failed 29189/-3, size 24-8 line 3136
[  851.963445] binder: undelivered TRANSACTION_ERROR: 29189
[  851.963514] binder: 27901:27903 IncRefs 0 refcount change on invalid ref 1 ret -22
[  852.032325] binder: BINDER_SET_CONTEXT_MGR already set
[  852.032336] binder: 27909:27914 ioctl 40046207 0 returned -16
[  852.035450] binder_alloc: 30679: binder_alloc_buf, no vma
[  852.035470] binder: 27909:27914 transaction failed 29189/-3, size 24-8 line 3136
[  852.035551] binder: undelivered TRANSACTION_ERROR: 29189
[  852.035625] binder: 27909:27914 IncRefs 0 refcount change on invalid ref 1 ret -22
[  852.084955] binder: BINDER_SET_CONTEXT_MGR already set
[  852.084964] binder: 27928:27932 ioctl 40046207 0 returned -16
[  852.085262] binder_alloc: 30679: binder_alloc_buf, no vma
[  852.085281] binder: 27928:27932 transaction failed 29189/-3, size 24-8 line 3136
[  852.085464] binder: undelivered TRANSACTION_ERROR: 29189
[  852.085700] binder: 27928:27932 IncRefs 0 refcount change on invalid ref 1 ret -22
[  852.163646] binder: BINDER_SET_CONTEXT_MGR already set
[  852.163656] binder: 27941:27947 ioctl 40046207 0 returned -16
[  852.163766] binder_alloc: 30679: binder_alloc_buf, no vma
[  852.163785] binder: 27941:27947 transaction failed 29189/-3, size 24-8 line 3136
[  852.164098] binder: undelivered TRANSACTION_ERROR: 29189
[  852.164204] binder: 27941:27947 IncRefs 0 refcount change on invalid ref 1 ret -22
[  852.267038] binder: BINDER_SET_CONTEXT_MGR already set
[  852.267049] binder: 27961:27967 ioctl 40046207 0 returned -16
[  852.267157] binder_alloc: 30679: binder_alloc_buf, no vma
[  852.267176] binder: 27961:27967 transaction failed 29189/-3, size 24-8 line 3136
[  852.267259] binder: undelivered TRANSACTION_ERROR: 29189
[  852.267338] binder: 27961:27967 IncRefs 0 refcount change on invalid ref 1 ret -22
[  852.317121] binder: BINDER_SET_CONTEXT_MGR already set
[  852.317130] binder: 27969:27973 ioctl 40046207 0 returned -16
[  852.317741] binder_alloc: 30679: binder_alloc_buf, no vma
[  852.317760] binder: 27969:27973 transaction failed 29189/-3, size 24-8 line 3136
[  852.317850] binder: undelivered TRANSACTION_ERROR: 29189
[  852.317946] binder: 27969:27973 IncRefs 0 refcount change on invalid ref 1 ret -22
[  852.369004] binder: BINDER_SET_CONTEXT_MGR already set
[  852.369012] binder: 27982:27985 ioctl 40046207 0 returned -16
[  852.369092] binder_alloc: 30679: binder_alloc_buf, no vma
[  852.369107] binder: 27982:27985 transaction failed 29189/-3, size 24-8 line 3136
[  852.369168] binder: undelivered TRANSACTION_ERROR: 29189
[  852.369234] binder: 27982:27985 IncRefs 0 refcount change on invalid ref 1 ret -22
[  852.465117] binder: BINDER_SET_CONTEXT_MGR already set
[  852.465127] binder: 27999:28007 ioctl 40046207 0 returned -16
[  852.465237] binder_alloc: 30679: binder_alloc_buf, no vma
[  852.465256] binder: 27999:28007 transaction failed 29189/-3, size 24-8 line 3136
[  852.465344] binder: undelivered TRANSACTION_ERROR: 29189
[  852.465438] binder: 27999:28007 IncRefs 0 refcount change on invalid ref 1 ret -22
[  852.512665] binder: BINDER_SET_CONTEXT_MGR already set
[  852.512674] binder: 28012:28015 ioctl 40046207 0 returned -16
[  852.512766] binder_alloc: 30679: binder_alloc_buf, no vma
[  852.512784] binder: 28012:28015 transaction failed 29189/-3, size 24-8 line 3136
[  852.512858] binder: undelivered TRANSACTION_ERROR: 29189
[  852.512941] binder: 28012:28015 IncRefs 0 refcount change on invalid ref 1 ret -22
[  852.592514] binder: BINDER_SET_CONTEXT_MGR already set
[  852.592523] binder: 28031:28035 ioctl 40046207 0 returned -16
[  852.592663] binder_alloc: 30679: binder_alloc_buf, no vma
[  852.592681] binder: 28031:28035 transaction failed 29189/-3, size 24-8 line 3136
[  852.593155] binder: undelivered TRANSACTION_ERROR: 29189
[  852.593234] binder: 28031:28035 IncRefs 0 refcount change on invalid ref 1 ret -22
[  852.737061] binder: BINDER_SET_CONTEXT_MGR already set
[  852.737070] binder: 28040:28043 ioctl 40046207 0 returned -16
[  852.737169] binder_alloc: 30679: binder_alloc_buf, no vma
[  852.737188] binder: 28040:28043 transaction failed 29189/-3, size 24-8 line 3136
[  852.737260] binder: undelivered TRANSACTION_ERROR: 29189
[  852.737328] binder: 28040:28043 IncRefs 0 refcount change on invalid ref 1 ret -22
[  852.810186] binder: BINDER_SET_CONTEXT_MGR already set
[  852.810195] binder: 28059:28066 ioctl 40046207 0 returned -16
[  852.810308] binder_alloc: 30679: binder_alloc_buf, no vma
[  852.810326] binder: 28059:28066 transaction failed 29189/-3, size 24-8 line 3136
[  852.810415] binder: undelivered TRANSACTION_ERROR: 29189
[  852.810491] binder: 28059:28066 IncRefs 0 refcount change on invalid ref 1 ret -22
[  852.833471] binder: BINDER_SET_CONTEXT_MGR already set
[  852.833480] binder: 28069:28070 ioctl 40046207 0 returned -16
[  852.833577] binder_alloc: 30679: binder_alloc_buf, no vma
[  852.833596] binder: 28069:28070 transaction failed 29189/-3, size 24-8 line 3136
[  852.833670] binder: undelivered TRANSACTION_ERROR: 29189
[  852.833742] binder: 28069:28070 IncRefs 0 refcount change on invalid ref 1 ret -22
[  852.942645] binder: BINDER_SET_CONTEXT_MGR already set
[  852.942655] binder: 28085:28092 ioctl 40046207 0 returned -16
[  852.942760] binder_alloc: 30679: binder_alloc_buf, no vma
[  852.942779] binder: 28085:28092 transaction failed 29189/-3, size 24-8 line 3136
[  852.942865] binder: undelivered TRANSACTION_ERROR: 29189
[  852.942957] binder: 28085:28092 IncRefs 0 refcount change on invalid ref 1 ret -22
[  852.965655] binder: BINDER_SET_CONTEXT_MGR already set
[  852.965664] binder: 28095:28096 ioctl 40046207 0 returned -16
[  852.965773] binder_alloc: 30679: binder_alloc_buf, no vma
[  852.965793] binder: 28095:28096 transaction failed 29189/-3, size 24-8 line 3136
[  852.966105] binder: undelivered TRANSACTION_ERROR: 29189
[  852.966276] binder: 28095:28096 IncRefs 0 refcount change on invalid ref 1 ret -22
[  853.009083] binder: BINDER_SET_CONTEXT_MGR already set
[  853.009092] binder: 28107:28110 ioctl 40046207 0 returned -16
[  853.009201] binder_alloc: 30679: binder_alloc_buf, no vma
[  853.009221] binder: 28107:28110 transaction failed 29189/-3, size 24-8 line 3136
[  853.009310] binder: undelivered TRANSACTION_ERROR: 29189
[  853.009394] binder: 28107:28110 IncRefs 0 refcount change on invalid ref 1 ret -22
[  853.072131] binder: BINDER_SET_CONTEXT_MGR already set
[  853.072140] binder: 28122:28126 ioctl 40046207 0 returned -16
[  853.072672] binder_alloc: 30679: binder_alloc_buf, no vma
[  853.072691] binder: 28122:28126 transaction failed 29189/-3, size 24-8 line 3136
[  853.073223] binder: undelivered TRANSACTION_ERROR: 29189
[  853.073784] binder: 28122:28126 IncRefs 0 refcount change on invalid ref 1 ret -22
[  853.132799] binder: BINDER_SET_CONTEXT_MGR already set
[  853.132808] binder: 28133:28139 ioctl 40046207 0 returned -16
[  853.132916] binder_alloc: 30679: binder_alloc_buf, no vma
[  853.132936] binder: 28133:28139 transaction failed 29189/-3, size 24-8 line 3136
[  853.133013] binder: undelivered TRANSACTION_ERROR: 29189
[  853.133088] binder: 28133:28139 IncRefs 0 refcount change on invalid ref 1 ret -22
[  853.222095] binder: BINDER_SET_CONTEXT_MGR already set
[  853.222105] binder: 28145:28153 ioctl 40046207 0 returned -16
[  853.222215] binder_alloc: 30679: binder_alloc_buf, no vma
[  853.222234] binder: 28145:28153 transaction failed 29189/-3, size 24-8 line 3136
[  853.223151] binder: undelivered TRANSACTION_ERROR: 29189
[  853.223248] binder: 28145:28153 IncRefs 0 refcount change on invalid ref 1 ret -22
[  853.299703] binder: BINDER_SET_CONTEXT_MGR already set
[  853.299712] binder: 28164:28166 ioctl 40046207 0 returned -16
[  853.299817] binder_alloc: 30679: binder_alloc_buf, no vma
[  853.299837] binder: 28164:28166 transaction failed 29189/-3, size 24-8 line 3136
[  853.300026] binder: undelivered TRANSACTION_ERROR: 29189
[  853.300114] binder: 28164:28166 IncRefs 0 refcount change on invalid ref 1 ret -22
[  853.334566] binder: BINDER_SET_CONTEXT_MGR already set
[  853.334575] binder: 28169:28171 ioctl 40046207 0 returned -16
[  853.334678] binder_alloc: 30679: binder_alloc_buf, no vma
[  853.334698] binder: 28169:28171 transaction failed 29189/-3, size 24-8 line 3136
[  853.334785] binder: undelivered TRANSACTION_ERROR: 29189
[  853.334871] binder: 28169:28171 IncRefs 0 refcount change on invalid ref 1 ret -22
[  853.435436] binder: BINDER_SET_CONTEXT_MGR already set
[  853.435445] binder: 28184:28188 ioctl 40046207 0 returned -16
[  853.435540] binder_alloc: 30679: binder_alloc_buf, no vma
[  853.435559] binder: 28184:28188 transaction failed 29189/-3, size 24-8 line 3136
[  853.435631] binder: undelivered TRANSACTION_ERROR: 29189
[  853.435702] binder: 28184:28188 IncRefs 0 refcount change on invalid ref 1 ret -22
[  853.505890] binder: BINDER_SET_CONTEXT_MGR already set
[  853.505900] binder: 28202:28212 ioctl 40046207 0 returned -16
[  853.506027] binder_alloc: 30679: binder_alloc_buf, no vma
[  853.506046] binder: 28202:28212 transaction failed 29189/-3, size 24-8 line 3136
[  853.506865] binder: undelivered TRANSACTION_ERROR: 29189
[  853.510430] binder: 28202:28212 IncRefs 0 refcount change on invalid ref 1 ret -22
[  853.609983] binder: BINDER_SET_CONTEXT_MGR already set
[  853.609992] binder: 28228:28229 ioctl 40046207 0 returned -16
[  853.610092] binder_alloc: 30679: binder_alloc_buf, no vma
[  853.610111] binder: 28228:28229 transaction failed 29189/-3, size 24-8 line 3136
[  853.610187] binder: undelivered TRANSACTION_ERROR: 29189
[  853.610257] binder: 28228:28229 IncRefs 0 refcount change on invalid ref 1 ret -22
[  853.682792] binder: BINDER_SET_CONTEXT_MGR already set
[  853.682800] binder: 28244:28248 ioctl 40046207 0 returned -16
[  853.686921] binder_alloc: 30679: binder_alloc_buf, no vma
[  853.686941] binder: 28244:28248 transaction failed 29189/-3, size 24-8 line 3136
[  853.687045] binder: undelivered TRANSACTION_ERROR: 29189
[  853.687131] binder: 28244:28248 IncRefs 0 refcount change on invalid ref 1 ret -22
[  853.791802] binder: BINDER_SET_CONTEXT_MGR already set
[  853.791813] binder: 28264:28267 ioctl 40046207 0 returned -16
[  853.795336] binder_alloc: 30679: binder_alloc_buf, no vma
[  853.795356] binder: 28264:28267 transaction failed 29189/-3, size 24-8 line 3136
[  853.796323] binder: undelivered TRANSACTION_ERROR: 29189
[  853.796423] binder: 28264:28267 IncRefs 0 refcount change on invalid ref 1 ret -22
[  853.845564] binder: BINDER_SET_CONTEXT_MGR already set
[  853.845573] binder: 28281:28283 ioctl 40046207 0 returned -16
[  853.845670] binder_alloc: 30679: binder_alloc_buf, no vma
[  853.845689] binder: 28281:28283 transaction failed 29189/-3, size 24-8 line 3136
[  853.845841] binder: undelivered TRANSACTION_ERROR: 29189
[  853.845924] binder: 28281:28283 IncRefs 0 refcount change on invalid ref 1 ret -22
[  853.920643] binder: BINDER_SET_CONTEXT_MGR already set
[  853.920653] binder: 28291:28300 ioctl 40046207 0 returned -16
[  853.920761] binder_alloc: 30679: binder_alloc_buf, no vma
[  853.920780] binder: 28291:28300 transaction failed 29189/-3, size 24-8 line 3136
[  853.920864] binder: undelivered TRANSACTION_ERROR: 29189
[  853.920965] binder: 28291:28300 IncRefs 0 refcount change on invalid ref 1 ret -22
[  854.020140] binder: BINDER_SET_CONTEXT_MGR already set
[  854.020151] binder: 28315:28325 ioctl 40046207 0 returned -16
[  854.020314] binder_alloc: 30679: binder_alloc_buf, no vma
[  854.020334] binder: 28315:28325 transaction failed 29189/-3, size 24-8 line 3136
[  854.020421] binder: undelivered TRANSACTION_ERROR: 29189
[  854.020491] binder: 28315:28325 IncRefs 0 refcount change on invalid ref 1 ret -22
[  854.104228] binder: BINDER_SET_CONTEXT_MGR already set
[  854.104237] binder: 28332:28334 ioctl 40046207 0 returned -16
[  854.104348] binder_alloc: 30679: binder_alloc_buf, no vma
[  854.104367] binder: 28332:28334 transaction failed 29189/-3, size 24-8 line 3136
[  854.104452] binder: undelivered TRANSACTION_ERROR: 29189
[  854.104534] binder: 28332:28334 IncRefs 0 refcount change on invalid ref 1 ret -22
[  854.148605] binder: BINDER_SET_CONTEXT_MGR already set
[  854.148614] binder: 28345:28349 ioctl 40046207 0 returned -16
[  854.148724] binder_alloc: 30679: binder_alloc_buf, no vma
[  854.148743] binder: 28345:28349 transaction failed 29189/-3, size 24-8 line 3136
[  854.148830] binder: undelivered TRANSACTION_ERROR: 29189
[  854.148925] binder: 28345:28349 IncRefs 0 refcount change on invalid ref 1 ret -22
[  854.186711] binder: BINDER_SET_CONTEXT_MGR already set
[  854.186720] binder: 28355:28358 ioctl 40046207 0 returned -16
[  854.186819] binder_alloc: 30679: binder_alloc_buf, no vma
[  854.186838] binder: 28355:28358 transaction failed 29189/-3, size 24-8 line 3136
[  854.186928] binder: undelivered TRANSACTION_ERROR: 29189
[  854.186999] binder: 28355:28358 IncRefs 0 refcount change on invalid ref 1 ret -22
[  854.344189] binder: BINDER_SET_CONTEXT_MGR already set
[  854.344199] binder: 28364:28369 ioctl 40046207 0 returned -16
[  854.344298] binder_alloc: 30679: binder_alloc_buf, no vma
[  854.344318] binder: 28364:28369 transaction failed 29189/-3, size 24-8 line 3136
[  854.345070] binder: undelivered TRANSACTION_ERROR: 29189
[  854.345154] binder: 28364:28369 IncRefs 0 refcount change on invalid ref 1 ret -22
[  854.397639] binder: BINDER_SET_CONTEXT_MGR already set
[  854.397647] binder: 28382:28384 ioctl 40046207 0 returned -16
[  854.397748] binder_alloc: 30679: binder_alloc_buf, no vma
[  854.397778] binder: 28382:28384 transaction failed 29189/-3, size 24-8 line 3136
[  854.398058] binder: undelivered TRANSACTION_ERROR: 29189
[  854.398128] binder: 28382:28384 IncRefs 0 refcount change on invalid ref 1 ret -22
[  854.493083] binder: BINDER_SET_CONTEXT_MGR already set
[  854.493091] binder: 28399:28401 ioctl 40046207 0 returned -16
[  854.495676] binder_alloc: 30679: binder_alloc_buf, no vma
[  854.495696] binder: 28399:28401 transaction failed 29189/-3, size 24-8 line 3136
[  854.495792] binder: undelivered TRANSACTION_ERROR: 29189
[  854.495887] binder: 28399:28401 IncRefs 0 refcount change on invalid ref 1 ret -22
[  854.538941] binder: BINDER_SET_CONTEXT_MGR already set
[  854.538951] binder: 28418:28420 ioctl 40046207 0 returned -16
[  854.539060] binder_alloc: 30679: binder_alloc_buf, no vma
[  854.539079] binder: 28418:28420 transaction failed 29189/-3, size 24-8 line 3136
[  854.539169] binder: undelivered TRANSACTION_ERROR: 29189
[  854.541718] binder: 28418:28420 IncRefs 0 refcount change on invalid ref 1 ret -22
[  854.570509] binder: BINDER_SET_CONTEXT_MGR already set
[  854.570519] binder: 28428:28429 ioctl 40046207 0 returned -16
[  854.570616] binder_alloc: 30679: binder_alloc_buf, no vma
[  854.570636] binder: 28428:28429 transaction failed 29189/-3, size 24-8 line 3136
[  854.570713] binder: undelivered TRANSACTION_ERROR: 29189
[  854.570884] binder: 28428:28429 IncRefs 0 refcount change on invalid ref 1 ret -22
[  854.634115] binder: BINDER_SET_CONTEXT_MGR already set
[  854.634126] binder: 28435:28436 ioctl 40046207 0 returned -16
[  854.634892] binder_alloc: 30679: binder_alloc_buf, no vma
[  854.634912] binder: 28435:28436 transaction failed 29189/-3, size 24-8 line 3136
[  854.635143] binder: undelivered TRANSACTION_ERROR: 29189
[  854.635274] binder: 28435:28436 IncRefs 0 refcount change on invalid ref 1 ret -22
[  854.707740] binder: BINDER_SET_CONTEXT_MGR already set
[  854.707750] binder: 28453:28456 ioctl 40046207 0 returned -16
[  854.707859] binder_alloc: 30679: binder_alloc_buf, no vma
[  854.707889] binder: 28453:28456 transaction failed 29189/-3, size 24-8 line 3136
[  854.707981] binder: undelivered TRANSACTION_ERROR: 29189
[  854.708066] binder: 28453:28456 IncRefs 0 refcount change on invalid ref 1 ret -22
[  854.786210] binder: BINDER_SET_CONTEXT_MGR already set
[  854.786219] binder: 28464:28475 ioctl 40046207 0 returned -16
[  854.786324] binder_alloc: 30679: binder_alloc_buf, no vma
[  854.786342] binder: 28464:28475 transaction failed 29189/-3, size 24-8 line 3136
[  854.786427] binder: undelivered TRANSACTION_ERROR: 29189
[  854.786507] binder: 28464:28475 IncRefs 0 refcount change on invalid ref 1 ret -22
[  854.806933] binder: BINDER_SET_CONTEXT_MGR already set
[  854.806939] binder: 28479:28482 ioctl 40046207 0 returned -16
[  854.807001] binder_alloc: 30679: binder_alloc_buf, no vma
[  854.807013] binder: 28479:28482 transaction failed 29189/-3, size 24-8 line 3136
[  854.807062] binder: undelivered TRANSACTION_ERROR: 29189
[  854.807106] binder: 28479:28482 IncRefs 0 refcount change on invalid ref 1 ret -22
[  854.883134] binder: BINDER_SET_CONTEXT_MGR already set
[  854.883143] binder: 28485:28489 ioctl 40046207 0 returned -16
[  854.883249] binder_alloc: 30679: binder_alloc_buf, no vma
[  854.883268] binder: 28485:28489 transaction failed 29189/-3, size 24-8 line 3136
[  854.883351] binder: undelivered TRANSACTION_ERROR: 29189
[  854.883444] binder: 28485:28489 IncRefs 0 refcount change on invalid ref 1 ret -22
[  854.959483] binder: BINDER_SET_CONTEXT_MGR already set
[  854.959492] binder: 28493:28494 ioctl 40046207 0 returned -16
[  854.959700] binder_alloc: 30679: binder_alloc_buf, no vma
[  854.959720] binder: 28493:28494 transaction failed 29189/-3, size 24-8 line 3136
[  854.959802] binder: undelivered TRANSACTION_ERROR: 29189
[  854.959884] binder: 28493:28494 IncRefs 0 refcount change on invalid ref 1 ret -22
[  855.068917] binder: BINDER_SET_CONTEXT_MGR already set
[  855.068927] binder: 28522:28525 ioctl 40046207 0 returned -16
[  855.070058] binder_alloc: 30679: binder_alloc_buf, no vma
[  855.070078] binder: 28522:28525 transaction failed 29189/-3, size 24-8 line 3136
[  855.071146] binder: undelivered TRANSACTION_ERROR: 29189
[  855.072282] binder: 28522:28525 IncRefs 0 refcount change on invalid ref 1 ret -22
[  855.171922] binder: BINDER_SET_CONTEXT_MGR already set
[  855.171931] binder: 28540:28548 ioctl 40046207 0 returned -16
[  855.172031] binder_alloc: 30679: binder_alloc_buf, no vma
[  855.172049] binder: 28540:28548 transaction failed 29189/-3, size 24-8 line 3136
[  855.172988] binder: undelivered TRANSACTION_ERROR: 29189
[  855.173067] binder: 28540:28548 IncRefs 0 refcount change on invalid ref 1 ret -22
[  855.332751] binder: BINDER_SET_CONTEXT_MGR already set
[  855.332763] binder: 28559:28563 ioctl 40046207 0 returned -16
[  855.332873] binder_alloc: 30679: binder_alloc_buf, no vma
[  855.332892] binder: 28559:28563 transaction failed 29189/-3, size 24-8 line 3136
[  855.332975] binder: undelivered TRANSACTION_ERROR: 29189
[  855.333053] binder: 28559:28563 IncRefs 0 refcount change on invalid ref 1 ret -22
[  855.449796] binder: BINDER_SET_CONTEXT_MGR already set
[  855.449807] binder: 28584:28586 ioctl 40046207 0 returned -16
[  855.449914] binder_alloc: 30679: binder_alloc_buf, no vma
[  855.449935] binder: 28584:28586 transaction failed 29189/-3, size 24-8 line 3136
[  855.450014] binder: undelivered TRANSACTION_ERROR: 29189
[  855.450090] binder: 28584:28586 IncRefs 0 refcount change on invalid ref 1 ret -22
[  855.487493] binder: BINDER_SET_CONTEXT_MGR already set
[  855.487503] binder: 28589:28590 ioctl 40046207 0 returned -16
[  855.487603] binder_alloc: 30679: binder_alloc_buf, no vma
[  855.487624] binder: 28589:28590 transaction failed 29189/-3, size 24-8 line 3136
[  855.487699] binder: undelivered TRANSACTION_ERROR: 29189
[  855.487770] binder: 28589:28590 IncRefs 0 refcount change on invalid ref 1 ret -22
[  855.626162] binder: BINDER_SET_CONTEXT_MGR already set
[  855.626169] binder: 28620:28621 ioctl 40046207 0 returned -16
[  855.626587] binder_alloc: 30679: binder_alloc_buf, no vma
[  855.626602] binder: 28620:28621 transaction failed 29189/-3, size 24-8 line 3136
[  855.626668] binder: undelivered TRANSACTION_ERROR: 29189
[  855.626719] binder: 28620:28621 IncRefs 0 refcount change on invalid ref 1 ret -22
[  855.704358] binder: BINDER_SET_CONTEXT_MGR already set
[  855.704368] binder: 28635:28639 ioctl 40046207 0 returned -16
[  855.704471] binder_alloc: 30679: binder_alloc_buf, no vma
[  855.704492] binder: 28635:28639 transaction failed 29189/-3, size 24-8 line 3136
[  855.704566] binder: undelivered TRANSACTION_ERROR: 29189
[  855.704636] binder: 28635:28639 IncRefs 0 refcount change on invalid ref 1 ret -22
[  855.782345] binder: BINDER_SET_CONTEXT_MGR already set
[  855.782355] binder: 28646:28657 ioctl 40046207 0 returned -16
[  855.782678] binder_alloc: 30679: binder_alloc_buf, no vma
[  855.782699] binder: 28646:28657 transaction failed 29189/-3, size 24-8 line 3136
[  855.782779] binder: undelivered TRANSACTION_ERROR: 29189
[  855.782860] binder: 28646:28657 IncRefs 0 refcount change on invalid ref 1 ret -22
[  855.954681] binder: BINDER_SET_CONTEXT_MGR already set
[  855.954692] binder: 28668:28671 ioctl 40046207 0 returned -16
[  855.954794] binder_alloc: 30679: binder_alloc_buf, no vma
[  855.954816] binder: 28668:28671 transaction failed 29189/-3, size 24-8 line 3136
[  855.954894] binder: undelivered TRANSACTION_ERROR: 29189
[  855.954970] binder: 28668:28671 IncRefs 0 refcount change on invalid ref 1 ret -22
[  855.990658] binder: BINDER_SET_CONTEXT_MGR already set
[  855.990668] binder: 28675:28677 ioctl 40046207 0 returned -16
[  855.990790] binder_alloc: 30679: binder_alloc_buf, no vma
[  855.990811] binder: 28675:28677 transaction failed 29189/-3, size 24-8 line 3136
[  855.992576] binder: undelivered TRANSACTION_ERROR: 29189
[  855.992673] binder: 28675:28677 IncRefs 0 refcount change on invalid ref 1 ret -22
[  856.085391] binder: BINDER_SET_CONTEXT_MGR already set
[  856.085400] binder: 28691:28699 ioctl 40046207 0 returned -16
[  856.085500] binder_alloc: 30679: binder_alloc_buf, no vma
[  856.085519] binder: 28691:28699 transaction failed 29189/-3, size 24-8 line 3136
[  856.085593] binder: undelivered TRANSACTION_ERROR: 29189
[  856.085665] binder: 28691:28699 IncRefs 0 refcount change on invalid ref 1 ret -22
[  856.233231] binder: BINDER_SET_CONTEXT_MGR already set
[  856.233237] binder: 28703:28704 ioctl 40046207 0 returned -16
[  856.233388] binder_alloc: 30679: binder_alloc_buf, no vma
[  856.233401] binder: 28703:28704 transaction failed 29189/-3, size 24-8 line 3136
[  856.233480] binder: undelivered TRANSACTION_ERROR: 29189
[  856.233663] binder: 28703:28704 IncRefs 0 refcount change on invalid ref 1 ret -22
[  856.278033] binder: BINDER_SET_CONTEXT_MGR already set
[  856.278039] binder: 28719:28729 ioctl 40046207 0 returned -16
[  856.278118] binder_alloc: 30679: binder_alloc_buf, no vma
[  856.278132] binder: 28719:28729 transaction failed 29189/-3, size 24-8 line 3136
[  856.278181] binder: undelivered TRANSACTION_ERROR: 29189
[  856.278224] binder: 28719:28729 IncRefs 0 refcount change on invalid ref 1 ret -22
[  856.399391] binder: BINDER_SET_CONTEXT_MGR already set
[  856.399397] binder: 28734:28743 ioctl 40046207 0 returned -16
[  856.399465] binder_alloc: 30679: binder_alloc_buf, no vma
[  856.399478] binder: 28734:28743 transaction failed 29189/-3, size 24-8 line 3136
[  856.399527] binder: undelivered TRANSACTION_ERROR: 29189
[  856.399879] binder: 28734:28743 IncRefs 0 refcount change on invalid ref 1 ret -22
[  856.426745] binder: BINDER_SET_CONTEXT_MGR already set
[  856.426752] binder: 28748:28752 ioctl 40046207 0 returned -16
[  856.427378] binder_alloc: 30679: binder_alloc_buf, no vma
[  856.427391] binder: 28748:28752 transaction failed 29189/-3, size 24-8 line 3136
[  856.427453] binder: undelivered TRANSACTION_ERROR: 29189
[  856.427504] binder: 28748:28752 IncRefs 0 refcount change on invalid ref 1 ret -22
[  856.475122] binder: BINDER_SET_CONTEXT_MGR already set
[  856.475128] binder: 28758:28763 ioctl 40046207 0 returned -16
[  856.475185] binder_alloc: 30679: binder_alloc_buf, no vma
[  856.475197] binder: 28758:28763 transaction failed 29189/-3, size 24-8 line 3136
[  856.475240] binder: undelivered TRANSACTION_ERROR: 29189
[  856.475280] binder: 28758:28763 IncRefs 0 refcount change on invalid ref 1 ret -22
[  856.507119] binder: BINDER_SET_CONTEXT_MGR already set
[  856.507125] binder: 28774:28776 ioctl 40046207 0 returned -16
[  856.507183] binder_alloc: 30679: binder_alloc_buf, no vma
[  856.507195] binder: 28774:28776 transaction failed 29189/-3, size 24-8 line 3136
[  856.507239] binder: undelivered TRANSACTION_ERROR: 29189
[  856.507278] binder: 28774:28776 IncRefs 0 refcount change on invalid ref 1 ret -22
[  856.570113] binder: BINDER_SET_CONTEXT_MGR already set
[  856.570119] binder: 28781:28785 ioctl 40046207 0 returned -16
[  856.570188] binder_alloc: 30679: binder_alloc_buf, no vma
[  856.570201] binder: 28781:28785 transaction failed 29189/-3, size 24-8 line 3136
[  856.570250] binder: undelivered TRANSACTION_ERROR: 29189
[  856.570523] binder: 28781:28785 IncRefs 0 refcount change on invalid ref 1 ret -22
[  856.606524] binder: BINDER_SET_CONTEXT_MGR already set
[  856.606530] binder: 28793:28801 ioctl 40046207 0 returned -16
[  856.606599] binder_alloc: 30679: binder_alloc_buf, no vma
[  856.606612] binder: 28793:28801 transaction failed 29189/-3, size 24-8 line 3136
[  856.606678] binder: undelivered TRANSACTION_ERROR: 29189
[  856.606726] binder: 28793:28801 IncRefs 0 refcount change on invalid ref 1 ret -22
[  856.732459] binder: BINDER_SET_CONTEXT_MGR already set
[  856.732465] binder: 28808:28815 ioctl 40046207 0 returned -16
[  856.732535] binder_alloc: 30679: binder_alloc_buf, no vma
[  856.732549] binder: 28808:28815 transaction failed 29189/-3, size 24-8 line 3136
[  856.734887] binder: undelivered TRANSACTION_ERROR: 29189
[  856.734953] binder: 28808:28815 IncRefs 0 refcount change on invalid ref 1 ret -22
[  856.752038] binder: BINDER_SET_CONTEXT_MGR already set
[  856.752044] binder: 28819:28823 ioctl 40046207 0 returned -16
[  856.752122] binder_alloc: 30679: binder_alloc_buf, no vma
[  856.752135] binder: 28819:28823 transaction failed 29189/-3, size 24-8 line 3136
[  856.752187] binder: undelivered TRANSACTION_ERROR: 29189
[  856.752236] binder: 28819:28823 IncRefs 0 refcount change on invalid ref 1 ret -22
[  856.798501] binder: BINDER_SET_CONTEXT_MGR already set
[  856.798508] binder: 28828:28839 ioctl 40046207 0 returned -16
[  856.798585] binder_alloc: 30679: binder_alloc_buf, no vma
[  856.798599] binder: 28828:28839 transaction failed 29189/-3, size 24-8 line 3136
[  856.798657] binder: undelivered TRANSACTION_ERROR: 29189
[  856.798707] binder: 28828:28839 IncRefs 0 refcount change on invalid ref 1 ret -22
[  856.839904] binder: BINDER_SET_CONTEXT_MGR already set
[  856.839910] binder: 28842:28849 ioctl 40046207 0 returned -16
[  856.839977] binder_alloc: 30679: binder_alloc_buf, no vma
[  856.839990] binder: 28842:28849 transaction failed 29189/-3, size 24-8 line 3136
[  856.840041] binder: undelivered TRANSACTION_ERROR: 29189
[  856.840090] binder: 28842:28849 IncRefs 0 refcount change on invalid ref 1 ret -22
[  856.875786] binder: BINDER_SET_CONTEXT_MGR already set
[  856.875792] binder: 28855:28858 ioctl 40046207 0 returned -16
[  856.875858] binder_alloc: 30679: binder_alloc_buf, no vma
[  856.875870] binder: 28855:28858 transaction failed 29189/-3, size 24-8 line 3136
[  856.875929] binder: undelivered TRANSACTION_ERROR: 29189
[  856.875979] binder: 28855:28858 IncRefs 0 refcount change on invalid ref 1 ret -22
[  856.999983] binder: BINDER_SET_CONTEXT_MGR already set
[  856.999989] binder: 28865:28876 ioctl 40046207 0 returned -16
[  857.000062] binder_alloc: 30679: binder_alloc_buf, no vma
[  857.000075] binder: 28865:28876 transaction failed 29189/-3, size 24-8 line 3136
[  857.000121] binder: undelivered TRANSACTION_ERROR: 29189
[  857.000163] binder: 28865:28876 IncRefs 0 refcount change on invalid ref 1 ret -22
[  857.044931] binder: BINDER_SET_CONTEXT_MGR already set
[  857.044937] binder: 28886:28888 ioctl 40046207 0 returned -16
[  857.045007] binder_alloc: 30679: binder_alloc_buf, no vma
[  857.045020] binder: 28886:28888 transaction failed 29189/-3, size 24-8 line 3136
[  857.045070] binder: undelivered TRANSACTION_ERROR: 29189
[  857.045125] binder: 28886:28888 IncRefs 0 refcount change on invalid ref 1 ret -22
[  857.083252] binder: BINDER_SET_CONTEXT_MGR already set
[  857.083259] binder: 28897:28901 ioctl 40046207 0 returned -16
[  857.083333] binder_alloc: 30679: binder_alloc_buf, no vma
[  857.083346] binder: 28897:28901 transaction failed 29189/-3, size 24-8 line 3136
[  857.083414] binder: undelivered TRANSACTION_ERROR: 29189
[  857.083481] binder: 28897:28901 IncRefs 0 refcount change on invalid ref 1 ret -22
[  857.153471] binder: BINDER_SET_CONTEXT_MGR already set
[  857.153478] binder: 28911:28916 ioctl 40046207 0 returned -16
[  857.153549] binder_alloc: 30679: binder_alloc_buf, no vma
[  857.153562] binder: 28911:28916 transaction failed 29189/-3, size 24-8 line 3136
[  857.153616] binder: undelivered TRANSACTION_ERROR: 29189
[  857.153662] binder: 28911:28916 IncRefs 0 refcount change on invalid ref 1 ret -22
[  857.195783] binder: BINDER_SET_CONTEXT_MGR already set
[  857.195789] binder: 28923:28930 ioctl 40046207 0 returned -16
[  857.195877] binder_alloc: 30679: binder_alloc_buf, no vma
[  857.195890] binder: 28923:28930 transaction failed 29189/-3, size 24-8 line 3136
[  857.195943] binder: undelivered TRANSACTION_ERROR: 29189
[  857.195992] binder: 28923:28930 IncRefs 0 refcount change on invalid ref 1 ret -22
[  857.418481] binder: BINDER_SET_CONTEXT_MGR already set
[  857.418490] binder: 28949:28962 ioctl 40046207 0 returned -16
[  857.418597] binder_alloc: 30679: binder_alloc_buf, no vma
[  857.418617] binder: 28949:28962 transaction failed 29189/-3, size 24-8 line 3136
[  857.418989] binder: undelivered TRANSACTION_ERROR: 29189
[  857.419074] binder: 28949:28962 IncRefs 0 refcount change on invalid ref 1 ret -22
[  857.642699] binder: BINDER_SET_CONTEXT_MGR already set
[  857.642708] binder: 28975:28979 ioctl 40046207 0 returned -16
[  857.642801] binder_alloc: 30679: binder_alloc_buf, no vma
[  857.642820] binder: 28975:28979 transaction failed 29189/-3, size 24-8 line 3136
[  857.642902] binder: undelivered TRANSACTION_ERROR: 29189
[  857.642972] binder: 28975:28979 IncRefs 0 refcount change on invalid ref 1 ret -22
[  857.683143] binder: BINDER_SET_CONTEXT_MGR already set
[  857.683151] binder: 28985:28989 ioctl 40046207 0 returned -16
[  857.683252] binder_alloc: 30679: binder_alloc_buf, no vma
[  857.683270] binder: 28985:28989 transaction failed 29189/-3, size 24-8 line 3136
[  857.683345] binder: undelivered TRANSACTION_ERROR: 29189
[  857.683418] binder: 28985:28989 IncRefs 0 refcount change on invalid ref 1 ret -22
[  857.707781] binder: BINDER_SET_CONTEXT_MGR already set
[  857.707791] binder: 28994:28995 ioctl 40046207 0 returned -16
[  857.707912] binder_alloc: 30679: binder_alloc_buf, no vma
[  857.707932] binder: 28994:28995 transaction failed 29189/-3, size 24-8 line 3136
[  857.708018] binder: undelivered TRANSACTION_ERROR: 29189
[  857.708096] binder: 28994:28995 IncRefs 0 refcount change on invalid ref 1 ret -22
[  857.812209] binder_alloc: 30679: binder_alloc_buf, no vma
[  857.812230] binder: 29001:29006 transaction failed 29189/-3, size 24-8 line 3136
[  857.812309] binder: undelivered TRANSACTION_ERROR: 29189
[  857.889170] binder: BINDER_SET_CONTEXT_MGR already set
[  857.889179] binder: 29026:29029 ioctl 40046207 0 returned -16
[  857.889285] binder_alloc: 30679: binder_alloc_buf, no vma
[  857.889304] binder: 29026:29029 transaction failed 29189/-3, size 24-8 line 3136
[  857.889388] binder: undelivered TRANSACTION_ERROR: 29189
[  857.889462] binder: 29026:29029 IncRefs 0 refcount change on invalid ref 1 ret -22
[  857.949700] binder: BINDER_SET_CONTEXT_MGR already set
[  857.949711] binder: 29045:29050 ioctl 40046207 0 returned -16
[  857.949810] binder_alloc: 30679: binder_alloc_buf, no vma
[  857.949830] binder: 29045:29050 transaction failed 29189/-3, size 24-8 line 3136
[  857.949906] binder: undelivered TRANSACTION_ERROR: 29189
[  857.949979] binder: 29045:29050 IncRefs 0 refcount change on invalid ref 1 ret -22
[  858.011117] binder: BINDER_SET_CONTEXT_MGR already set
[  858.011126] binder: 29055:29056 ioctl 40046207 0 returned -16
[  858.011220] binder_alloc: 30679: binder_alloc_buf, no vma
[  858.011238] binder: 29055:29056 transaction failed 29189/-3, size 24-8 line 3136
[  858.011309] binder: undelivered TRANSACTION_ERROR: 29189
[  858.011375] binder: 29055:29056 IncRefs 0 refcount change on invalid ref 1 ret -22
[  858.073794] binder: BINDER_SET_CONTEXT_MGR already set
[  858.073802] binder: 29073:29075 ioctl 40046207 0 returned -16
[  858.076266] binder_alloc: 30679: binder_alloc_buf, no vma
[  858.076285] binder: 29073:29075 transaction failed 29189/-3, size 24-8 line 3136
[  858.077348] binder: undelivered TRANSACTION_ERROR: 29189
[  858.077503] binder: 29073:29075 IncRefs 0 refcount change on invalid ref 1 ret -22
[  858.177470] binder: BINDER_SET_CONTEXT_MGR already set
[  858.177480] binder: 29082:29094 ioctl 40046207 0 returned -16
[  858.177593] binder_alloc: 30679: binder_alloc_buf, no vma
[  858.177611] binder: 29082:29094 transaction failed 29189/-3, size 24-8 line 3136
[  858.185270] binder: undelivered TRANSACTION_ERROR: 29189
[  858.185389] binder: 29082:29094 IncRefs 0 refcount change on invalid ref 1 ret -22
[  858.220449] binder: BINDER_SET_CONTEXT_MGR already set
[  858.220457] binder: 29104:29106 ioctl 40046207 0 returned -16
[  858.220742] binder_alloc: 30679: binder_alloc_buf, no vma
[  858.222857] binder: 29104:29106 transaction failed 29189/-3, size 24-8 line 3136
[  858.222953] binder: undelivered TRANSACTION_ERROR: 29189
[  858.223037] binder: 29104:29106 IncRefs 0 refcount change on invalid ref 1 ret -22
[  858.315854] binder: BINDER_SET_CONTEXT_MGR already set
[  858.315865] binder: 29119:29121 ioctl 40046207 0 returned -16
[  858.315990] binder_alloc: 30679: binder_alloc_buf, no vma
[  858.316010] binder: 29119:29121 transaction failed 29189/-3, size 24-8 line 3136
[  858.316097] binder: undelivered TRANSACTION_ERROR: 29189
[  858.316180] binder: 29119:29121 IncRefs 0 refcount change on invalid ref 1 ret -22
[  858.482138] binder: BINDER_SET_CONTEXT_MGR already set
[  858.482147] binder: 29126:29144 ioctl 40046207 0 returned -16
[  858.482256] binder_alloc: 30679: binder_alloc_buf, no vma
[  858.482273] binder: 29126:29144 transaction failed 29189/-3, size 24-8 line 3136
[  858.482359] binder: undelivered TRANSACTION_ERROR: 29189
[  858.482445] binder: 29126:29144 IncRefs 0 refcount change on invalid ref 1 ret -22
[  858.560684] binder: BINDER_SET_CONTEXT_MGR already set
[  858.560693] binder: 29156:29158 ioctl 40046207 0 returned -16
[  858.560790] binder_alloc: 30679: binder_alloc_buf, no vma
[  858.560810] binder: 29156:29158 transaction failed 29189/-3, size 24-8 line 3136
[  858.560897] binder: undelivered TRANSACTION_ERROR: 29189
[  858.560968] binder: 29156:29158 IncRefs 0 refcount change on invalid ref 1 ret -22
[  858.625419] binder: BINDER_SET_CONTEXT_MGR already set
[  858.625428] binder: 29169:29173 ioctl 40046207 0 returned -16
[  858.625696] binder_alloc: 30679: binder_alloc_buf, no vma
[  858.625715] binder: 29169:29173 transaction failed 29189/-3, size 24-8 line 3136
[  858.631218] binder: undelivered TRANSACTION_ERROR: 29189
[  858.631303] binder: 29169:29173 IncRefs 0 refcount change on invalid ref 1 ret -22
[  858.720138] binder: BINDER_SET_CONTEXT_MGR already set
[  858.720150] binder: 29180:29194 ioctl 40046207 0 returned -16
[  858.720741] binder_alloc: 30679: binder_alloc_buf, no vma
[  858.720762] binder: 29180:29194 transaction failed 29189/-3, size 24-8 line 3136
[  858.721278] binder: undelivered TRANSACTION_ERROR: 29189
[  858.721375] binder: 29180:29194 IncRefs 0 refcount change on invalid ref 1 ret -22
[  858.813446] binder: BINDER_SET_CONTEXT_MGR already set
[  858.813455] binder: 29203:29207 ioctl 40046207 0 returned -16
[  858.813553] binder_alloc: 30679: binder_alloc_buf, no vma
[  858.813572] binder: 29203:29207 transaction failed 29189/-3, size 24-8 line 3136
[  858.813646] binder: undelivered TRANSACTION_ERROR: 29189
[  858.813716] binder: 29203:29207 IncRefs 0 refcount change on invalid ref 1 ret -22
[  858.849013] binder: BINDER_SET_CONTEXT_MGR already set
[  858.849022] binder: 29214:29220 ioctl 40046207 0 returned -16
[  858.849124] binder_alloc: 30679: binder_alloc_buf, no vma
[  858.849143] binder: 29214:29220 transaction failed 29189/-3, size 24-8 line 3136
[  858.849229] binder: undelivered TRANSACTION_ERROR: 29189
[  858.849313] binder: 29214:29220 IncRefs 0 refcount change on invalid ref 1 ret -22
[  858.901263] binder: BINDER_SET_CONTEXT_MGR already set
[  858.901272] binder: 29230:29234 ioctl 40046207 0 returned -16
[  858.901383] binder_alloc: 30679: binder_alloc_buf, no vma
[  858.901402] binder: 29230:29234 transaction failed 29189/-3, size 24-8 line 3136
[  858.901489] binder: undelivered TRANSACTION_ERROR: 29189
[  858.901570] binder: 29230:29234 IncRefs 0 refcount change on invalid ref 1 ret -22
[  858.996960] binder: BINDER_SET_CONTEXT_MGR already set
[  858.996970] binder: 29235:29250 ioctl 40046207 0 returned -16
[  858.997085] binder_alloc: 30679: binder_alloc_buf, no vma
[  858.997105] binder: 29235:29250 transaction failed 29189/-3, size 24-8 line 3136
[  859.000349] binder: undelivered TRANSACTION_ERROR: 29189
[  859.000450] binder: 29235:29250 IncRefs 0 refcount change on invalid ref 1 ret -22
[  859.051820] binder: BINDER_SET_CONTEXT_MGR already set
[  859.051830] binder: 29260:29262 ioctl 40046207 0 returned -16
[  859.051941] binder_alloc: 30679: binder_alloc_buf, no vma
[  859.051960] binder: 29260:29262 transaction failed 29189/-3, size 24-8 line 3136
[  859.052049] binder: undelivered TRANSACTION_ERROR: 29189
[  859.052134] binder: 29260:29262 IncRefs 0 refcount change on invalid ref 1 ret -22
[  859.134127] binder: BINDER_SET_CONTEXT_MGR already set
[  859.134137] binder: 29272:29274 ioctl 40046207 0 returned -16
[  859.134255] binder_alloc: 30679: binder_alloc_buf, no vma
[  859.134273] binder: 29272:29274 transaction failed 29189/-3, size 24-8 line 3136
[  859.134363] binder: undelivered TRANSACTION_ERROR: 29189
[  859.134443] binder: 29272:29274 IncRefs 0 refcount change on invalid ref 1 ret -22
[  859.182978] binder: BINDER_SET_CONTEXT_MGR already set
[  859.182987] binder: 29288:29289 ioctl 40046207 0 returned -16
[  859.183087] binder_alloc: 30679: binder_alloc_buf, no vma
[  859.183105] binder: 29288:29289 transaction failed 29189/-3, size 24-8 line 3136
[  859.183422] binder: undelivered TRANSACTION_ERROR: 29189
[  859.183505] binder: 29288:29289 IncRefs 0 refcount change on invalid ref 1 ret -22
[  859.258536] binder: BINDER_SET_CONTEXT_MGR already set
[  859.258544] binder: 29300:29308 ioctl 40046207 0 returned -16
[  859.259285] binder_alloc: 30679: binder_alloc_buf, no vma
[  859.259304] binder: 29300:29308 transaction failed 29189/-3, size 24-8 line 3136
[  859.260127] binder: undelivered TRANSACTION_ERROR: 29189
[  859.260611] binder: 29300:29308 IncRefs 0 refcount change on invalid ref 1 ret -22
[  859.352521] binder: BINDER_SET_CONTEXT_MGR already set
[  859.352530] binder: 29322:29325 ioctl 40046207 0 returned -16
[  859.352627] binder_alloc: 30679: binder_alloc_buf, no vma
[  859.352647] binder: 29322:29325 transaction failed 29189/-3, size 24-8 line 3136
[  859.352722] binder: undelivered TRANSACTION_ERROR: 29189
[  859.352795] binder: 29322:29325 IncRefs 0 refcount change on invalid ref 1 ret -22
[  859.374108] INFO: task init:32083 blocked for more than 140 seconds.
[  859.374114]       Not tainted 4.9.141+ #1
[  859.374116] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  859.374135] init            D28888 32083      1 0x00000000
[  859.374151]  ffff8801c8a397c0 ffff8801d0b72100 ffff8801d1aee300 ffff8801d0344740
[  859.374162]  ffff8801db721018 ffff8801a9d6f580 ffffffff828075c2 ffff8801c8a3a070
[  859.374172]  000000000000015c 0000000000000000 0000000000000000 ffff8801db7218f0
[  859.374174] Call Trace:
[  859.374191]  [<ffffffff828075c2>] ? __schedule+0x662/0x1b10
[  859.374199]  [<ffffffff8281088a>] ? __down+0x15a/0x2b0
[  859.374206]  [<ffffffff82808aef>] schedule+0x7f/0x1b0
[  859.374224]  [<ffffffff828142d5>] schedule_timeout+0x735/0xe20
[  859.374232]  [<ffffffff82813ba0>] ? usleep_range+0x140/0x140
[  859.374241]  [<ffffffff81501e3f>] ? do_dentry_open+0x3ef/0xc90
[  859.374249]  [<ffffffff8153c542>] ? path_openat+0x542/0x2790
[  859.374258]  [<ffffffff81243c87>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  859.374266]  [<ffffffff81206da7>] ? mark_held_locks+0xc7/0x130
[  859.374273]  [<ffffffff82816ff7>] ? _raw_spin_unlock_irq+0x27/0x50
[  859.374281]  [<ffffffff8281088a>] ? __down+0x15a/0x2b0
[  859.374288]  [<ffffffff8120719b>] ? trace_hardirqs_on_caller+0x38b/0x590
[  859.374296]  [<ffffffff8281088a>] ? __down+0x15a/0x2b0
[  859.374303]  [<ffffffff828108c1>] __down+0x191/0x2b0
[  859.374311]  [<ffffffff82810730>] ? ww_mutex_unlock+0x300/0x300
[  859.374320]  [<ffffffff811fcbfe>] down+0x5e/0x80
[  859.374329]  [<ffffffff812223ac>] console_lock+0x2c/0x80
[  859.374338]  [<ffffffff814edf67>] ? kmem_cache_alloc_trace+0x117/0x2e0
[  859.374345]  [<ffffffff8122793c>] console_device+0x1c/0xc0
[  859.374353]  [<ffffffff81d2be15>] tty_open+0x6f5/0xdf0
[  859.374361]  [<ffffffff81d2b720>] ? tty_init_dev+0x430/0x430
[  859.374369]  [<ffffffff81517a77>] ? chrdev_open+0xc7/0x5c0
[  859.374388]  [<ffffffff81d2b720>] ? tty_init_dev+0x430/0x430
[  859.374443]  [<ffffffff81517bdd>] chrdev_open+0x22d/0x5c0
[  859.374456]  [<ffffffff815179b0>] ? cdev_put.part.0+0x50/0x50
[  859.374496]  [<ffffffff81501e3f>] do_dentry_open+0x3ef/0xc90
[  859.374504]  [<ffffffff815179b0>] ? cdev_put.part.0+0x50/0x50
[  859.374512]  [<ffffffff8150576c>] vfs_open+0x11c/0x210
[  859.374519]  [<ffffffff815372ef>] ? may_open.isra.20+0x14f/0x2a0
[  859.374527]  [<ffffffff8153c542>] path_openat+0x542/0x2790
[  859.374534]  [<ffffffff8153c000>] ? path_mountpoint+0x6c0/0x6c0
[  859.374542]  [<ffffffff812073b0>] ? trace_hardirqs_on+0x10/0x10
[  859.374551]  [<ffffffff8156a8e9>] ? expand_files.part.3+0x3a9/0x6d0
[  859.374559]  [<ffffffff81541617>] do_filp_open+0x197/0x270
[  859.374566]  [<ffffffff81541480>] ? may_open_dev+0xe0/0xe0
[  859.374574]  [<ffffffff82816efc>] ? _raw_spin_unlock+0x2c/0x50
[  859.374582]  [<ffffffff8156bd07>] ? __alloc_fd+0x1d7/0x4a0
[  859.374590]  [<ffffffff8150617d>] do_sys_open+0x30d/0x5c0
[  859.374599]  [<ffffffff81505e70>] ? filp_open+0x70/0x70
[  859.374606]  [<ffffffff82817537>] ? _raw_write_unlock_irq+0x27/0x50
[  859.374615]  [<ffffffff8150645d>] SyS_open+0x2d/0x40
[  859.374623]  [<ffffffff81506430>] ? do_sys_open+0x5c0/0x5c0
[  859.374636]  [<ffffffff810056ef>] do_syscall_64+0x19f/0x550
[  859.374645]  [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[  859.374648] 
[  859.374648] Showing all locks held in the system:
[  859.374655] 2 locks held by khungtaskd/24:
[  859.374672]  #0:  (rcu_read_lock){......}, at: [<ffffffff8131c0cc>] watchdog+0x11c/0xa20
[  859.374687]  #1:  (tasklist_lock){.+.+..}, at: [<ffffffff813fe63f>] debug_show_all_locks+0x79/0x218
[  859.374694] 1 lock held by rsyslogd/1913:
[  859.374709]  #0:  (&f->f_pos_lock){+.+.+.}, at: [<ffffffff8156cc7c>] __fdget_pos+0xac/0xd0
[  859.374713] 2 locks held by getty/2040:
[  859.374728]  #0:  (&tty->ldisc_sem){++++++}, at: [<ffffffff82815952>] ldsem_down_read+0x32/0x40
[  859.374742]  #1:  (&ldata->atomic_read_lock){+.+...}, at: [<ffffffff81d37362>] n_tty_read+0x202/0x16e0
[  859.374748] 2 locks held by kworker/u4:1/25747:
[  859.374762]  #0:  ("events_unbound"){.+.+.+}, at: [<ffffffff81130f0c>] process_one_work+0x73c/0x15f0
[  859.374776]  #1:  ((reaper_work).work){+.+...}, at: [<ffffffff81130f44>] process_one_work+0x774/0x15f0
[  859.374779] 1 lock held by init/32083:
[  859.374793]  #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0
[  859.374797] 1 lock held by init/32124:
[  859.374810]  #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0
[  859.374814] 1 lock held by init/32138:
[  859.374834]  #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0
[  859.374839] 1 lock held by init/32238:
[  859.374852]  #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0
[  859.374856] 1 lock held by init/32247:
[  859.374868]  #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0
[  859.374872] 1 lock held by init/32248:
[  859.374884]  #0:  (tty_mutex){+.+.+.}, at: [<ffffffff81d2bb96>] tty_open+0x476/0xdf0
[  859.374887] 
[  859.374889] =============================================
[  859.374889] 
[  859.374893] NMI backtrace for cpu 1
[  859.374901] CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1
[  859.374912]  ffff8801d9907d08 ffffffff81b42e79 0000000000000000 0000000000000001
[  859.374922]  0000000000000001 0000000000000001 ffffffff810983b0 ffff8801d9907d40
[  859.374938]  ffffffff81b4df89 0000000000000001 0000000000000000 0000000000000002
[  859.374939] Call Trace:
[  859.374950]  [<ffffffff81b42e79>] dump_stack+0xc1/0x128
[  859.374960]  [<ffffffff810983b0>] ? irq_force_complete_move+0x330/0x330
[  859.374967]  [<ffffffff81b4df89>] nmi_cpu_backtrace.cold.0+0x48/0x87
[  859.374976]  [<ffffffff810983b0>] ? irq_force_complete_move+0x330/0x330
[  859.374984]  [<ffffffff81b4df1c>] nmi_trigger_cpumask_backtrace+0x12c/0x151
[  859.374993]  [<ffffffff810984b4>] arch_trigger_cpumask_backtrace+0x14/0x20
[  859.375000]  [<ffffffff8131c65d>] watchdog+0x6ad/0xa20
[  859.375007]  [<ffffffff8131c0cc>] ? watchdog+0x11c/0xa20
[  859.375015]  [<ffffffff81142c3d>] kthread+0x26d/0x300
[  859.375023]  [<ffffffff8131bfb0>] ? reset_hung_task_detector+0x20/0x20
[  859.375031]  [<ffffffff811429d0>] ? kthread_park+0xa0/0xa0
[  859.375039]  [<ffffffff828179c4>] ? __switch_to_asm+0x34/0x70
[  859.375047]  [<ffffffff811429d0>] ? kthread_park+0xa0/0xa0
[  859.375054]  [<ffffffff811429d0>] ? kthread_park+0xa0/0xa0
[  859.375061]  [<ffffffff82817a5c>] ret_from_fork+0x5c/0x70
[  859.375067] Sending NMI from CPU 1 to CPUs 0:
[  859.375466] NMI backtrace for cpu 0
[  859.375470] CPU: 0 PID: 29326 Comm: syz-executor.2 Not tainted 4.9.141+ #1
[  859.375473] task: ffff8801a7f05f00 task.stack: ffff8801c49f8000
[  859.375477] RIP: 0010:[<ffffffff81495762>] 
c [<ffffffff81495762>] __tlb_remove_page_size+0x102/0x500
[  859.375480] RSP: 0018:ffff8801c49ff6d8  EFLAGS: 00000a03
[  859.375483] RAX: ffff8801cf88600c RBX: ffff8801c49ff920 RCX: ffff8801c49ff940
[  859.375486] RDX: 0000000000000000 RSI: ffffffff814956f7 RDI: ffff8801cf88600c
[  859.375490] RBP: ffff8801c49ff708 R08: ffff8801a7f067d0 R09: 9e50ee563b4102ff
[  859.375493] R10: ffff8801a7f05f00 R11: 0000000000000001 R12: ffff8801cf886000
[  859.375496] R13: 0000000000000041 R14: ffffea0006d06d40 R15: ffff8801cf886008
[  859.375500] FS:  0000000000000000(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
[  859.375503] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  859.375506] CR2: 0000001b2f221000 CR3: 000000000301e000 CR4: 00000000001606b0
[  859.375508] Stack:
[  859.375512]  ffffffff814be468
c 00007f488412e000
c 00007f488412f000
c 0000000000000006
c
[  859.375515]  ffffea0006d06d40
c ffff8801d2b49970
c ffff8801c49ff868
c ffffffff81499b10
c
[  859.375518]  1ffff1003893fefc
c dffffc0000000003
c fffffbfff067cf3a
c 0000000000000019
c
[  859.375520] Call Trace:
[  859.375523]  [<ffffffff814be468>] ? page_remove_rmap+0x98/0x280
[  859.375526]  [<ffffffff81499b10>] unmap_page_range+0xe60/0x1680
[  859.375528]  [<ffffffff81498cb0>] ? do_wp_page+0x2010/0x2010
[  859.375531]  [<ffffffff813f33f4>] ? uprobe_munmap+0x94/0x220
[  859.375534]  [<ffffffff8149a44c>] unmap_single_vma+0x11c/0x170
[  859.375537]  [<ffffffff8149ab51>] unmap_vmas+0x81/0xd0
[  859.375540]  [<ffffffff814b0c2c>] exit_mmap+0x1cc/0x3a0
[  859.375542]  [<ffffffff814b0a60>] ? SyS_munmap+0xa0/0xa0
[  859.375545]  [<ffffffff81167c85>] ? __might_sleep+0x95/0x1a0
[  859.375548]  [<ffffffff810d265d>] mmput+0xcd/0x360
[  859.375551]  [<ffffffff810e6b89>] do_exit+0x6c9/0x2a50
[  859.375554]  [<ffffffff812073b0>] ? trace_hardirqs_on+0x10/0x10
[  859.375557]  [<ffffffff810e64c0>] ? release_task.part.4+0x14b0/0x14b0
[  859.375559]  [<ffffffff81206da7>] ? mark_held_locks+0xc7/0x130
[  859.375562]  [<ffffffff81104979>] ? __dequeue_signal+0x79/0x5f0
[  859.375566]  [<ffffffff81243c87>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  859.375568]  [<ffffffff81104542>] ? recalc_sigpending+0x72/0x90
[  859.375571]  [<ffffffff81104fb4>] ? dequeue_signal+0xc4/0x4b0
[  859.375575]  [<ffffffff81ba7d7b>] ? check_preemption_disabled+0x3b/0x200
[  859.375577]  [<ffffffff810ed3a1>] do_group_exit+0x111/0x300
[  859.375580]  [<ffffffff8110eb61>] get_signal+0x4e1/0x1460
[  859.375583]  [<ffffffff81052aa5>] do_signal+0x95/0x1b00
[  859.375586]  [<ffffffff82816fa5>] ? _raw_spin_unlock_irqrestore+0x45/0x70
[  859.375589]  [<ffffffff81243c87>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  859.375592]  [<ffffffff81243c87>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  859.375595]  [<ffffffff81052a10>] ? setup_sigcontext+0x7d0/0x7d0
[  859.375598]  [<ffffffff81243c87>] ? debug_lockdep_rcu_enabled+0x77/0x90
[  859.375601]  [<ffffffff812a20e0>] ? do_futex+0x1a30/0x1a30
[  859.375604]  [<ffffffff81003dde>] ? exit_to_usermode_loop+0xbe/0x150
[  859.375607]  [<ffffffff81003e2e>] exit_to_usermode_loop+0x10e/0x150
[  859.375609]  [<ffffffff81005932>] do_syscall_64+0x3e2/0x550
[  859.375612]  [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[  859.375623] Code: 
c08 
c3c 
c03 
c0f 
c8e 
c6e 
c03 
c00 
c00 
c49 
c8d 
c7c 
c24 
c0c 
c45 
c8b 
c6c 
c24 
c08 
c48 
cb8 
c00 
c00 
c00 
c00 
c00 
cfc 
cff 
cdf 
c48 
c89 
cfa 
c48 
cc1 
cea 
c03 
c0f 
cb6 
c14 
c02 
c48 
c89 
cf8 
c<83> 
ce0 
c07 
c83 
cc0 
c03 
c38 
cd0 
c7c 
c08 
c84 
cd2 
c0f 
c85 
c13 
c03 
c00 
c00 
c41 
c8b 
c44 
c
[  859.376086] Kernel panic - not syncing: hung_task: blocked tasks
[  859.376093] CPU: 1 PID: 24 Comm: khungtaskd Not tainted 4.9.141+ #1
[  859.376106]  ffff8801d9907cc8 ffffffff81b42e79 ffffffff82a78560 00000000ffffffff
[  859.376116]  0000000000000000 0000000000000001 dffffc0000000000 ffff8801d9907d88
[  859.376127]  ffffffff813f7125 0000000041b58ab3 ffffffff82e2b62b ffffffff813f6f66
[  859.376128] Call Trace:
[  859.376138]  [<ffffffff81b42e79>] dump_stack+0xc1/0x128
[  859.376145]  [<ffffffff813f7125>] panic+0x1bf/0x39f
[  859.376153]  [<ffffffff813f6f66>] ? add_taint.cold.5+0x16/0x16
[  859.376161]  [<ffffffff81b4def2>] ? nmi_trigger_cpumask_backtrace+0x102/0x151
[  859.376169]  [<ffffffff8131c66e>] watchdog+0x6be/0xa20
[  859.376176]  [<ffffffff8131c0cc>] ? watchdog+0x11c/0xa20
[  859.376184]  [<ffffffff81142c3d>] kthread+0x26d/0x300
[  859.376192]  [<ffffffff8131bfb0>] ? reset_hung_task_detector+0x20/0x20
[  859.376199]  [<ffffffff811429d0>] ? kthread_park+0xa0/0xa0
[  859.376207]  [<ffffffff828179c4>] ? __switch_to_asm+0x34/0x70
[  859.376214]  [<ffffffff811429d0>] ? kthread_park+0xa0/0xa0
[  859.376221]  [<ffffffff811429d0>] ? kthread_park+0xa0/0xa0
[  859.376228]  [<ffffffff82817a5c>] ret_from_fork+0x5c/0x70
[  859.376559] Kernel Offset: disabled