0000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:24 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KDSETLED(r2, 0x4b32, 0x5) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x13, &(0x7f0000000080)={0x3, {{0xa, 0x4e22, 0xffff, @local, 0x1b18}}, {{0xa, 0x4e24, 0x71e1, @mcast2, 0x6}}}, 0x108) ioctl$TIOCGPTLCK(r2, 0x80045439, &(0x7f00000001c0)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) [ 3326.169597] device lo left promiscuous mode [ 3326.181137] device ip_vti0 left promiscuous mode [ 3326.181843] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=31034 comm=syz-executor.4 [ 3326.199752] device ip6_vti0 left promiscuous mode [ 3326.204651] device sit0 left promiscuous mode [ 3326.209240] device ip6tnl0 left promiscuous mode [ 3326.214077] device syz_tun left promiscuous mode 03:58:24 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xa) socket$netlink(0x10, 0x3, 0x2) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:24 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = gettid() socket$inet6_udplite(0xa, 0x2, 0x88) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x11) r3 = pidfd_open(r2, 0x0) fsetxattr$trusted_overlay_redirect(r3, &(0x7f00000000c0)='trusted.overlay.redirect\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000000080)=r5) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="00000000000800140000000500"], 0x3}}, 0x80) [ 3326.219765] binder: 31030:31033 got transaction with out-of-order buffer fixup [ 3326.231437] binder: 31030:31033 transaction failed 29201/-22, size 96-24 line 3467 03:58:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = dup3(r1, r0, 0x180000) ioctl$RTC_ALM_READ(r2, 0x80247008, &(0x7f0000000080)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:25 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$FUSE_INTERRUPT(r1, &(0x7f0000000080)={0x10, 0xfd4b84effc6f18c6, 0x4}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}}, 0x0) pwritev(r2, &(0x7f0000000180)=[{&(0x7f00000000c0)="d7285f5e58c455229bcfea317753f639482acf66d8afd230b46a19a9485c41037bb226a3af11506972ddfb53c6f958a2932bd2e242a04571a7098767469deec88c70ff538f4d2b99cbe9202b5e3d62ceb35ec773c03c2f64161cd8f4ad5c3c5241a519747d607bb8e23c65d794e20138b4a40e91b97395c060bd81c33dd54fb9b47a4fd3db65db7d8a", 0x89}], 0x1, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$inet_udp_int(r4, 0x11, 0xa, &(0x7f00000001c0), &(0x7f0000000200)=0x4) 03:58:25 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x5) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0x30}}, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x81, 0x0) ioctl$PPPIOCSMAXCID(r1, 0x40047451, &(0x7f00000000c0)) [ 3326.237826] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=31040 comm=syz-executor.4 [ 3326.302726] binder: undelivered TRANSACTION_ERROR: 29201 03:58:25 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) connect$netlink(r1, &(0x7f0000000080)=@kern={0x10, 0x0, 0x0, 0x19fd9fbc9f911fea}, 0xc) 03:58:25 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x2000000, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:25 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/enforce\x00', 0x6149b2a2dec58ec4, 0x0) bind$unix(r1, &(0x7f0000000280)=@abs={0x1, 0x0, 0x4e24}, 0x6e) socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$setperm(0x5, r3, 0x0) keyctl$revoke(0x3, r3) keyctl$invalidate(0x15, r3) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:25 executing program 2: socket$netlink(0x10, 0x3, 0x0) 03:58:25 executing program 3: pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket(0x11, 0x800000003, 0x8) setsockopt$packet_buf(r3, 0x107, 0xf, &(0x7f00000014c0)="12cb96df", 0x4) bind(r3, &(0x7f0000000280)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="300200001700000228bd7000fbdbdf257f000001000000000000000000000000000004d333000000e0000002000000000000000000000000fe800000000000000000000000000016ff0200000000000000000000000000014e20f6874e2300030a0020202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000ffffe00000024e2300054e240000020080c288000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff7f0000000000000700000000000000c600000000000000000200000000000007000000000000000600000000000000010000000100000008000000000000007c060000000000000000000000000000ffff000000000000200000000000000005000000b06b6e0000a40101000000000400000007000000080000002dbd7000000102006c72772d73657270656e742d61767800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0050000b3e38c5e58abcd37527104e3bb95a89b3ae0010500c6313e7e49a62960e9961594fbdb8fc91c24c1db6111752f6806ebeb4d3d969c9e340db3c73497e86a62b52e867dc82c024e63e8b26da22bebe6a4e4c8a56e0c39d34e6d966f7c5c237a6bbddab8c0d67d33735b534a47c139ae41a0"], 0x7}}, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="20000000002300000000000000000000000000000000000008000000000000000529"], 0x22) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/avc/hash_stats\x00', 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfffffe14) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 03:58:25 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast2}, 0x10) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:25 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800142100000000"], 0x30}}, 0x0) setuid(0xffffffffffffffff) 03:58:25 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x0) read$eventfd(r1, &(0x7f00000000c0), 0x8) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:25 executing program 4: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0xa480, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000100)='./control\x00', 0x0) chmod(&(0x7f00000000c0)='./control\x00', 0x9c32f69e6caa24eb) lstat(&(0x7f0000000080)='./control\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000280)='./control\x00', 0x0, r3) r4 = socket(0x10, 0xa, 0x4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r5, 0x0) open(&(0x7f0000000140)='./control\x00', 0xc40beb2474df942a, 0x5f37900f6c944dba) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000040)={0x7, 0x3, 0x0, 0x1, 0xfffffffa}, 0xc) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_GET(r8, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x1ac, r9, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x3c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xac}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x100}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9c}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}]}, @TIPC_NLA_NODE={0x24, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x70}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7fff}]}, @TIPC_NLA_MEDIA={0x34, 0x5, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1000}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7ff}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_LINK={0x70, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x80}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0x60, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x533f}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA={0x14, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_NODE={0x8, 0x6, [@TIPC_NLA_NODE_UP={0x4}]}]}, 0x1ac}, 0x1, 0x0, 0x0, 0x4}, 0x20010004) r10 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) setsockopt$inet6_MRT6_ADD_MIF(r10, 0x29, 0xca, &(0x7f0000000200)={0x1000, 0x1, 0x1, 0x6, 0x2f}, 0xc) socket$netlink(0x10, 0x3, 0x0) [ 3326.997246] nla_parse: 6 callbacks suppressed [ 3326.997252] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3327.013430] binder: 31082:31089 got transaction with out-of-order buffer fixup [ 3327.023021] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3327.039304] binder: 31082:31089 transaction failed 29201/-22, size 96-24 line 3467 03:58:25 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) setxattr$security_selinux(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='security.selinux\x00', &(0x7f0000000340)='system_u:object_r:pinentry_exec_t:s0\x00', 0x25, 0x3) fdatasync(r0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000000000)=[@enter_looper], 0x53, 0x0, &(0x7f0000000240)="c2bc7d782492ca1b7cc255994bc1454ce455397a75eea5abccc4dee741cae1e8d87a9805b9cb711d80937fc4c399f918fe7acd5ffaa53cd51bb3a55745e96ab3e8deea7303d7d37db915a63d21c7e700d87074"}) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@binder={0x73622a85, 0x100a}, @fda}, &(0x7f0000000180)={0x0, 0x28, 0xfffffffffffffcf3}}}], 0x0, 0x0, 0x0}) [ 3327.052616] binder: undelivered TRANSACTION_ERROR: 29201 03:58:25 executing program 1: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r1 = dup2(r0, r0) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000000040)) r2 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0xae, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="006340404300000000000000000000000000000000000000000000000000000000000000600000000000000024c2d11800000000", @ANYRES16=r6, @ANYBLOB="478330e82d3118700bbe65ac84006c711288afa43a7c7d24ed2afeb5eaa89502e6630c685ed238ecac916086c29d1b81490760e5d333f96d4958f2460e79bf8b8f3d0b89da3dfb8ed754d8218f6e70570ed2ce6baab65da32023ddd0276cd3249bb421358dbc8ba9171ee19a997224cfa2f560094040a5"], 0xfffffe24, 0x0, 0x0}) 03:58:25 executing program 4: r0 = dup(0xffffffffffffffff) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000080)) r1 = socket$netlink(0x10, 0x3, 0xb) ioctl$sock_SIOCSIFBR(r1, 0x8941, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'nr0\x00', 0x0}) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r3}, 0x14) sendmmsg$inet(r0, &(0x7f0000000680)=[{{&(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000180)="259af7e1eafb40c33424a3ad1b9efcb53444b97c7ba151e9f6a8df25067c9dbab0e0b4fc09092697e0e3554bb751db0440d104ec43385b013a77409b91469d4e847e5db9c59b312ab04399877fc1447d42762249ec32fb98624985dc8346754ec16a5a1196a84e573a169d5b85fda3d2ca8c4d095eb096bbc42b", 0x7a}], 0x1, &(0x7f0000000240)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}, @ip_ttl={{0x14, 0x0, 0x2, 0x8001}}], 0x30}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000280)="6daff4e3dc3168e700c4a6096295e53d96418dac811bf4a781795d6379b770c05d2f5e9f230071db2bf9069d73be3c3be05d602428e08e6cce8050df", 0x3c}, {&(0x7f00000002c0)="e78d4d1c895b7ba4b953609e55eab340233a94c45a9a9bf4fbf81719481ae15136232f6f3fab882c77534d9914aa726e757457d30c6566dad680b16aa72499e97f3009111ef53ed7d01892a14aa361ad86c34954593fa5e663a2052f1751ffc20d26e19f04e58b79425c43", 0x6b}, {&(0x7f0000000340)="fedc0c7297b3240ae2126dd16e10c96327c49ff9f1510a443068a260ced67c3ec513c19e9ac16c30e1ceea954db60707f8d75b4485b7328123ce0a49a97b871149dcbaa0430e11e365221df9d61b522458618f578dc951483d71b49cff77d87178c61fc007782a2a2d95a070325e92cf53c7a13dc017449b14d9343eb053", 0x7e}, {&(0x7f00000003c0)="e3707d3e597e55bb510b2feeaac8d51285620c658d6c3b1632021e1630e79d331cbd95f5e139a2359a02a47ea17ce1cdab2c41e8f0f2c62aca75c5930b3f0f6b2017f1a72e906f7a302b044cefdccbd0a455efbb7b3daa76", 0x58}], 0x4, &(0x7f0000000640)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @loopback, @multicast1}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @broadcast, @empty}}}], 0x40}}], 0x2, 0x840) sendmsg$nl_route(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="3000080000001d0c0000fffdffff000010000008008ebec291ccd6f06b4a8002fc76c8c1373cf5a840102dbd3993e9d8ddc5d3d5a76be0cecc8a8d91bf1ea7393fb6b51c450db12370f36d2bb566d72c802c05a5ec1824762bfc2717d80648c9e8ea9c8bb1115980afd005dce5eb33b3784595be374adfc669efab5dbc0edff79a6a899b156ea45a49cae8a03ac7323bf8c8cabc99d1b1e7fe14db3aaad7d1650600000000000000cf4b6149419b60fa35190fd0a2225ef905a92b7ea54955cd9323860a8e320dbbd1ed9dbde620a63f4e6b985c46e7663e743f82fdb5ab35161678d8e44561eec6bfec947b10e640defb45714012916dc2342d359fb0d19273fc6c3b2a065e80db78ddd2b6f737a5a6cf822bfee4729ce55033a1c89d5a9563e933eb03074a9cb00d5d1ad7d3fd6063fc1ad12696dce95522b38e9a6b92c0c6ffb6da5faec4a3d256", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000ff8cf9a143b62631e6794624699d11e0f01c78c91f82e93c25f7e138d1"], 0x3}}, 0x4) ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, &(0x7f0000000100)=0x2b9) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40082404, &(0x7f0000000000)) 03:58:25 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xb0, r4, 0x4, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x24, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x101}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3fc1}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfffffffffffff000}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA={0x54, 0x5, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffe0}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}]}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x40}, 0x40b4) sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x801000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xc4, r4, 0x200, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x20, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x49f41f72}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8000}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x820}]}, @TIPC_NLA_SOCK={0x24, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7f}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xb37}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_BEARER={0x6c, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80800000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x1}, 0x20000020) [ 3327.137588] binder: 31117:31118 got transaction to invalid handle [ 3327.146615] binder: 31117:31118 transaction failed 29201/-22, size 96-416399908 line 3138 [ 3327.157841] binder: 31117:31118 ioctl c0306201 20000140 returned -14 [ 3327.165519] binder: undelivered TRANSACTION_ERROR: 29201 03:58:26 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2000000, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:26 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x4) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:26 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="0000000000cf600028000000000000000000000002000000"]], 0x0, 0x0, 0x0}) [ 3327.482812] binder: 31134:31138 got transaction with invalid offset (27249196671172608, min 0 max 96) or object. [ 3327.493315] binder: 31134:31138 transaction failed 29201/-22, size 96-24 line 3379 [ 3327.502161] binder: undelivered TRANSACTION_ERROR: 29201 03:58:26 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYRESHEX, @ANYPTR64=&(0x7f0000000240)=ANY=[@ANYRES16=r0, @ANYPTR64=&(0x7f0000000180)=ANY=[@ANYRES16], @ANYRES64, @ANYPTR, @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYRESOCT=r0, @ANYRES16, @ANYRES16=r2, @ANYRES64=r3, @ANYRES16=r0, @ANYPTR, @ANYPTR64, @ANYRES16=0x0, @ANYRES16=r0, @ANYPTR64], @ANYRES32=r0, @ANYRESDEC], @ANYRESDEC], 0x3}}, 0x40000d4) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) setsockopt$inet_int(r6, 0x0, 0x0, &(0x7f0000000080), 0x4) 03:58:26 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TCGETA(r4, 0x5405, &(0x7f0000000000)) r5 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:26 executing program 4: write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000840)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x7, 0x9, 0x4, 0x1, 0x3, 0x3e, 0x5, 0x2ae, 0x38, 0xc7, 0x7fff, 0x5, 0x20, 0x1, 0x8, 0x8}, [{0x3, 0x20, 0x2, 0xbb, 0x9, 0x40, 0x800, 0xffffffff}, {0x3, 0x17c, 0xf4, 0x0, 0x1, 0x8, 0x4, 0x6081}], "d436751d8439ce7838bf28d977fda8b629a6761f3abc2f4f73b961b8a8f8e430834d8b04de1c7a9d1a6c53db453673b521fd4dcb52a6e7d2f990faf68b09600963523810f52acad792b5c4c1f1017c3c517a3ed12e5e7317eaf0221d91fba9a8a257b940d3be840bfcaf10c3d9bd5f8685bebc359e4c7701e2d941afbe223656e49830e93401da3c2068c64c1bc6", [[], [], [], []]}, 0x506) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="30ffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r0, 0x20) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xb0, r2, 0x4, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x24, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x101}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3fc1}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfffffffffffff000}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA={0x54, 0x5, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffe0}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}]}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x40}, 0x40b4) sendmsg$TIPC_NL_SOCK_GET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="a50002008819a142120b195e63ff702d82ddcf4b2316e24a6cd17aa3a6e9baab4a9e382e7df348f7df73ef7d3f1fbedb322ed1eac84a6a7cbc2b67030564ee576175a3c7eac2fc6012d4842c48d49b3f32116880db07129896278741d7deabd46683ef4f966537e5ddf30113416b5eafa4f75ab028ff210b1eda96c99628b5fcd41b4da3c978c2290bf1a0d23269605e96", @ANYRES16=r2, @ANYBLOB="020028bd7000fbdbdf2506000000300004000c00010073797a31000000001400010062726f6164636173742d6c696e6b00000c00010073797a31000000000c0009000800010009000000040007005000070008000200050000000c000300f00000000000000008000100ff01000008000100ff0000000c0004004000000000000000080002000500000008000200010000000c000300ffff000000000000"], 0xa4}, 0x1, 0x0, 0x0, 0x4000001}, 0x48000) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$RTC_PLL_SET(0xffffffffffffffff, 0x40207012, &(0x7f0000000800)={0x8, 0xfffff800, 0x63, 0x19, 0x2, 0x6, 0x3}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80114}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0xf4, r7, 0x520, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'netdevsim0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x401}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1f}, @IPVS_DEST_ATTR_TUN_TYPE={0x8}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x5c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'hwsim0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x1f}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr="270b84b49d76281d741a312d4b2ef47b"}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x40000004}, 0x80) sendmsg$IPVS_CMD_NEW_DEST(r6, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x54000600}, 0xc, &(0x7f0000000780)={&(0x7f00000006c0)={0xc0, r7, 0x502, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x88}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syzkaller0\x00'}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x5}, @IPVS_DEST_ATTR_TUN_TYPE={0x8}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xb655}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}]}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x5}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e23}, @IPVS_DEST_ATTR_L_THRESH={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bridge_slave_1\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_STATE={0x8}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) read$char_usb(r4, &(0x7f0000000600)=""/76, 0x4c) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x7229c32bd184ee66}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)={0xf0, r2, 0x2, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0xa0, 0x4, [@TIPC_NLA_LINK_PROP={0x4c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3c5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe823}]}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4df}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}]}]}, @TIPC_NLA_MON={0x3c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7fff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x40}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2a}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x40084}, 0x4) 03:58:26 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) preadv(r1, &(0x7f0000000600)=[{&(0x7f00000000c0)=""/10, 0xa}, {&(0x7f0000000100)=""/100, 0x64}, {&(0x7f0000000180)=""/191, 0xbf}, {&(0x7f0000000240)}, {&(0x7f0000000280)=""/194, 0xc2}, {&(0x7f0000000380)=""/61, 0x3d}, {&(0x7f00000003c0)=""/130, 0x82}, {&(0x7f0000000480)=""/55, 0x37}, {&(0x7f00000004c0)=""/5, 0x5}, {&(0x7f0000000500)=""/249, 0xf9}], 0xa, 0x0) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000080)=0x2) 03:58:26 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCCONS(0xffffffffffffffff, 0x541d) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:26 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000300)=0x0) write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f0000000d00)={0x36, 0x37, 0x2, {0x1, 0x1, 0x0, r2, 0x18, '/selinux/avc/hash_stats\x00'}}, 0x36) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(r3, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r6}, 0x14) accept4$packet(0xffffffffffffffff, &(0x7f0000000a80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000ac0)=0x14, 0x800) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f0000000000)) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r8}, 0x14) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r9}, 0x14) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000b00)={'\x7f\x00\x00\x00\xaa)\xd6Cs\x00', r9}) sendmsg$inet(r5, &(0x7f0000000cc0)={&(0x7f0000000080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10, &(0x7f0000000a00)=[{&(0x7f0000000580)="c48d06e39c453c3745392d385632feac4a985e0fb81d325ee77ba9eae7f7bf4b78dadbce532a6b4188e7d79d01a76bace0ca2b57fffc67ee5d5c742181ade8db99a833466e03dcb01d919a45cb75c7cf5b431a7e117d1bfb5daf8c5d67fc50a32d55cd586017949c169c10f6159dccdee63d8bb9772c74662ddb822e86a64bbb2f8f33a7294d9928d18812e3", 0x8c}, {&(0x7f0000000640)="7f290b194c345effa64551c53bc3779cdb68bfcde27a78f4326c995931e95fb699a92d12f637ef5bc442394e40a8fabab1981f6542430f80eec5730a065168f3d9570d003b127cba251f27c9dc17de3f9241b09ad661b8aa2daca0c19173e064b7f6f952c8f49e452a65da1371681a433031f3ee25ecc096815264a5f19bcbfe5c74698cdb8ee32e5f6c2b5eb554f083b9973fefbeec373bc84761b9fc1a1919f1734272c50f027de37ef9bb2e305db5c31d71d0b6926ae35acc293144515f14d96952fd92e598d9ce36fbd717f78649f67f2118", 0xd4}, {&(0x7f0000000740)="9ed29e38d860c784fe6f452300f64ef6e7ef935560b24b7f6b353cdd282af3f426f751fdffd8562e8e0e90f5a214080a07d298f64d12c707b98abdcb90f58cc7c2822eebfffca62c316776932839fb7a8963b5c573151000dd44e3f79033148f1792c3c3e04bc686390792a621d4f5feeb97fa93ba7ff4a3a2530bfaba71435692384360dc59149712afc20ab0417df0dbeb0997dbd632a7", 0x98}, {&(0x7f00000000c0)="3c0d2e123cacae9d7ab04f6494211b055b9410f116270c42e8d6dd936ee99d8256c2f0636dd804ab2b82ce31d279b3827987f4fc1259a4352589ba3901c38e6000f959c6e742e9b579115aebde3481ce749bd29d6a28386c09a3e2b8b6ebd8666f36", 0x62}, {&(0x7f0000000240)="d01e0864342d4af533938fdd31d04c40f6864e4823bf5787d0764a21f15421b93770", 0x22}, {&(0x7f0000000800)="625ab62c4bff673527265be38354c51f81863f0a28b7c43b1017e4bb2563333b19878ed715cdd74aa273a8c32032ba4967f8f6cf5ebd43ec89509016a0ffc6bb89b3dddfc3816eb1076088f6456d46f267f112426996c64d4a218f27bc200d76a3f3c823cc5e2547eecf42fcd88a099c9fd1b1727a6e8fec2bba7123478563c8c536e9400f247533451e6d01efe7ebba584a1e45ba3b6a9dd71f7104ec804def2746874741aa8292d56d1e93f82b74079aad7065bb641d4fe9aca6400545f7b6fd9a9db8ba87b3c9edf80c12a8c4c8ea7a752e0e6574bc9a889333eb7b9c11fb3eadb7125f41f34ac57e06813c496619881ecd", 0xf3}, {&(0x7f0000000900)="7e9c1d0787093de707453dd9707943b9bce701569f9db66a929924c0107a49bccf1ec7920ab5afac850a70e09a18737bb55721a9f0b3f2203b4a339fd1845737e506583a117b62590b1a10ecf7661581bd3a3a7f387faaf6607907091e121ca1aa99a5fb868048426d1f49957f21d35e38db55552961bfb36e1f3dabad53e097ef1ad3b592c52bc38a0542cc0218e90e97c8e8a544d5d80df978d9c5132d2407b4a947d43500c5b2c83680df8325d8605c3f93d60a09ff803acde3cbe8da523c64f4d62cff57d65807cd1c31c01f27c5155ecd", 0xd3}, {&(0x7f0000001500)="4a9c20cde9a400951bf795e2db2aa4bab02274184f0f964a14c108cd8b9ebb3f2e6472ef8fad975494b604e4ae33560a2c68cc354a5b988131435b739830602c3f6271c17e3e9dfed944b216aee99988532f7cec8402f49249bd57a2bb32bb4221b95068c227cb737fe3b14f2f447a0fbb5654699429d264133568b652993197c9aa7dcb7197bc6eb03673125cf4b7a85615e9c3d4be356a1284d6d2bf00df0ad40e62eea5889fa7d8979a49f23a104ec5f3ef87a7cc83c220b8e2918d7c79b3f8e50df1fe399b61d52cfb201979bce5d59ec9822cb7a4d6af93b8bc09d0cb7a6d0ba52f289321edbc9faea66122fdc7290cf7ddc0acefb539788352c31929d7e1e0f4a79ecda43b8eb6b240193efccf18ad65e503d2e50fb9902ada00492b93a19cdccd626d5451857e5ee0ecfda3a7bf7c539a3516f4d8fe1749da51ccc64f36a17066e3bbc053e64e93441f3f70667136196e5c1cf758858c0d9f0ebafb414d1c1af762b31159060658e036ee1e36de33b48f1679392bb4732d77ce36c5b6592270dd8762d89d3892d186bddaa26e7fd0efbba5e110ff276c1e7468fb926d13e8af0e83e4387e27e1a29e64c9b68eb75a18d3ce40a013238eeebcf2e3ed026f003d22277851daf905bf3acc9ff7db0d04001eddf69fb1e3936636a051f967db3518d08b4bcac078592c5db8905014bcdb2beec5a7b4f44cf57a03fb8a84bd7b972c34896dffd04c2892570856df549b6ce53673a1e68d4a267f9be65d14d5dc11263eab16ff0a166d3971ae3549f0466ad25dace6932db1e1bef2b6f706a228f94936661ef14714620b1f0651239ca83e6f8c98a3dbe719fbad601ea7d2ba02920302135cb1124f1a6ee9cab374ab63c1356906f9fe251b0fd3e37ef12e4c9b5122433cadcecde1b957dcaa2541f21f2558bb3820e409e0930569b61e06e1d1f0926df943dfea44d983cc5d0283e69c8fd534107776813c7f845ed01f0cd74807c3dbfa9ab320f6d4de1d006cf3a959c369d14cfadd650f62bc12d4fd36c0858acf71b69a644fe856a6c22b57fa4f7cc5f8ec8ec0b5dc444e2bec5d979b25221fc9d077644f8d8be73e6d3e0bd949b06b1fd3010c301f892fba20d38109d73aa95de4700f02bcb945469814a242e974a59452f64fedaf9dcf2a43427aafb7fcec99fbf0cdd44fcc5f871f14b4bf30ae1fd709e256d32abf97b5cf382f29057d9ce60e593cde6a9ecb3cc69f1b76ea68677806d4f96c6aa379f46f32f5471647408e98d65a4a83a479f0bfe12298edc9eeec575a3085cce42a94a9a9707477948f8c3b77f873ca5874d825a927847818eb5fee89f19b6577527991865943d003b68638e721d17d87945fba4dee55eb0afc97d95533c56893234cac54c6234cccc9a0f134249715f7e0e879ed776cb69074457553c6998bbc06cb0ebdbdc50d382bd37bd1c73fdcbee7ec90b6132652803bf398111877721b7aa431502c0e484aed8d464c53e62a25486a87bfca5c16db3ac73bda0fc0e54f207ce7e90d091d1f8c75209dc0106508ca2ce2d3938e6c9227db5ea3a5c22144466383aa99713bc8da546177e226205351efbd251884c57163d359af3fc929901e662224b3f153fc8ea6231dd40382d8ddeba3a47ce68e801a9e3b7e6988fb65626ca6b7e7c4c1e7122553754b779a2fef4a9afbcc0d1cb6041b24de52e08cc605d5f7cd7be2860a1bee724b3a04ea80e63b4345fb05a792381f8c31e647ec8d5b78deab7b3bf13c2c40d3862301a722eb00f6d195b943722485d911182d78a9fd4a9f98f4593ea623e23fb833b1de653fd2281041a4619d0e60e3f348487b5b4246bcafc2eb6e5a4316ed33c4386d47f997a49e43d6670bb3bfd9412ab8f68ce15b3e84f68be2a1abab7dd53e5ea83cf5e3a73fe35d86e2177804e1529c55b434b68a796eb8b18b5bf852c3f3324e0883b3a28f83e221a6e7ae556ea801b04f0e72c23e2fefbe6ecf474369b2fb836ed7b67bc4669d65f891e09c730a83a15102202d1e5333e27a1a168f0953b9545bed82815a771872e0bf1c08a949763732e4bf83ca24d28ab99d127461bdbc7f5802cc741344654aee8222c26cb7a4a86475556e398c124de821d0f6e77b69eb667d1a5900446904df29849a040cefe6d2b694a967460d4ed2fe5ffcd184e285ec8223f3c61c6c712906116b3153982830dfd159815412a71823464705c4c5d010bafc93ab05adf66af11d6b21f82dcb9193a5ec6bc290a231aca4f3fed840b0d6745b48b5f1ac1b57e720ff446fca1aae0704a16504f196b2b6934acb202f5b3da0c46c9e9fc139ec7ef4096a3b654dc8acb404ce9dcb2d0f342efba855d227f9b995318d9b46cbf8360b225229974ba3eabea089ce84bcf26eb17d5d84708c6b7ee4f4c0acbfc5095679b934cb74fd9bbf702c1accb2e14d342094ead069c98821a1e49b4fe944ed8df6c1b42ae64d9dbf24f028049762d995a63f976f397d855018f9eb1f1a9268865c4f606f77ce4ed224d241c4055016057dfae57ca61ed61c5190767462c452ed233e4eb211a98bc179f16ea8a3778c17785ca6353e190e6c23165586fca5df38b0782d4cb0532b8899a80fe6f6ea23aac5a38e23a04fb7928a7781250502c6b685b60c2b51e9ae2013f33c0e2f533f3926d832f64e3059812f15e309668ea512998792149c8a9d835d742e8a0e1b7d026c27cea3a8ad4660515348a405d7e0cf0d7025614b5f0954f81a28187ee777a4b4e061b1d1d3418792fd84e75467d46b7292d0fad924c121085e63795e4b2102a83cac66197d814f61ffaffdee58c9fb8a8e3cec81b9d8fbe3e0148b0d581335d06073afae5524533ae957c56a8ff3b932194a1b118b7fa67e374d1f0194ad7e1565a319c4d3bcd1537e4a5937e610320d26435bb3d90295a01cb449ff1c61646284fc0b316aab58368d35d3f392faafdae4134adea28e64db5ca267d3e4c6b02e98f4973817d046e299ec78ead513a745cab07e0972064c3bf2bd8f73d70126b2573aefb13e6cd113da10a880585950a5572ccb1e7e0f2adbb16af5b07eb2eb5a9f4b57e4ad459a170879db80780d9a6e8e20fc6f3a41ec4cbd15d847368385c30c48651121d3649cad0cd534d5ce97a3f8502ccb80db4628f702757d061d68b53db3ff5517c5858da7fe24b34aca150b137712b3e22a36532f9d7a2afe8cf8f632e40f137a726e2d707c5a56068e1e5823890bfa5240e3f4c4b7db825cfda5378f9dbaa77c09649b3ee40ce40beb2637493117175f922cfd6d4bfc3b841a30c7f7f7ad253cfaa47a3b6b9e8deda9582616afe358cf29d0485f91cc36cc27a0ef71544dc763f3a75dc77bbcfa3b6a23ff8e086b6687e9f419235df2c901da90a12a46579cdf8f58dcb2672053c5c5256501094c983d00e6c28182b31f0c70d2ac4b8d6ae42deb32403038669a90b6626487ecfcab1035de4226ef6fc5a423d23efcb1c04c26cccc64cee21adb0eec093bcf379a4fbf42e758d8bc3b28730ff570d6ee9e5c25010a5b0b0168042219b7ef4751508af29a22f9bc310c3f304d373cdab720c0fa427c899bd4a2510acd9a681b942f6e1dce6b895588fa42cdab42ffb9d45bdf3cd9d3e178ab0c4256c87037078a77df689e11c2feb84258060d9362e4af4b9598aef32cac6a3955047fa4bf03e47866fe37de858ec679f7a0227ab89ac65e387d2364b9a024fc5c298659ba398d65d8470a71deaae67d51a7ba8088a2a7cc3f22583d73637d94d8d934e8b7e586fa309f752f7491fb663db42a28aa610c3bb644953673f85576451abc4ab7c0966b0d7291c78ee3980b4a6140e5fa581f25147b5717772f9fda45d94b689cee7bba33527208be225d56f2dd349f6176bee9d8bc9156c168813c9482c3b54d9ca10d1d6b50ddbcc601b2e7b60e73563b9f36fdd08db22b7397b2854ccbbbc55dd6265a01e78e399e741bd8d59091a6b081a55142816b19952abcd010654e3b4fe5a0dbba8202cae3ed29135fbe7dadeb07df8ea4ee2bb8c0226b8c231b19a7daf6632dbfce0223c9279437e1fc75d7a313f8f3d96d654f01e81d7f86bf7a9d42a6c1b079601728717ba7595acebde958f434e2e1aba5b0c3b7ca893ccdf1c9bababf2cd14f55abbe60b818f30afbe0af92ac372b44ef6bdf308953e60c513f5a44650ae014de9505c48c426dbaabbc0b0d5ecf001aef8e0a9f9247b584407303c486acfd70713bd52268db2069ed93e345189ac3aa4ebb2542b01cb8029aa06ac35726d8a253d8441ba14904557000da06853b099d910df42c9c429d1873fb43374a4733aecfd81be35c56a81f09b8761d224d27cd4b5c1cb94f29c5dfcb61de4bd165932ad944d5d05330e006d5252aee41c6ddc5de0ecc4bf14c2c16adc5ff3b91d229c7e8e7eacc629cda5a58f45ffab75d6f3c579ef76b799f057c64916bd28115c144f6bad8fc2aea2ac9be34729d85fd8a4c418fd47dbdfd21ca06c574cfd49d80f36da3680510d097d030d679054f57dac57b0215f8b5bc9797c9ffc428f8ab6f09c97d315827297660c5ec05b87de32e44cd7eba0221b5c9c774e44971e5a5da71f89a7487f13901350de21bcf03a8053be3d4b869fa410f0921d21ade75b80ff31fe0b78b7f6546e1acfbada6799bbb0e164c2ebb61bb054f0c30974613f8ccd02c74a50076fd838213cb1a684bc69e4b26fe77f52936a111bcf833305174bf2f8c6db972ac2c5e6540421fc7238df6eaeb41c51265d6f3955372c6370bad16ba81a40f7e32a85a9f6de8643539615fdbf35b7f9c51af68951fb5ca8654b844fe75f61213444f2f962315131124c3972d5d8be595cd3b5079040e191379407f8c17257cfd911dbb9f78f2cc535e798bacac2ec6d49233ecb0780acddd320f26dde8452aaa3097b90d6f6c12bc1bd118d459cb654ed8ade8f1fe0792c669f643456d3ff9615b7c8486b0ccd97e53c6517f21bb513f112d07f3ffc79ddafbd4f85be6a2347182ed4b0be9d065c715a1fcfe5eff1040df66719820074012b159af99a41b11bafece76b10b183ef6161312bc5e361338472c81c3f6178fa01549360f86fc21dfd04aa08fa5a03e4bca141f0eebb1af6a8e652ff805ab0577eefb2f4ac2305d675c692b63962e794b72154aa7c876d0abc1d0c1cd9ab020af7c6c102fb40e3fdcf2face724d95d3ecd37c86905a92b0623d0a2efbf70160e476b8ee7071335c39c5ad41269e2ffc5bd957065d9ae3716e49be346964772d5e268840749396fb28716c8d45a4d704843ba24b7e7be0b1a44a35131d9fdb3f93d2dd160e8e32c890390377a72570a418c4f34285d441bdb75f7c478b4c249cad1bd4babf238ac16210a8fd37c978ccec32d699745efc9ae92d1a85150aaef95e7284abc67b9057376955c6368425c0bdf5df9e7d175f1e326fc795ea965589249bf0850b56d3be047149618fa611e693491a8419e43f661b21e053c162bf7eb403d9073fefa23d2fcfd546dcf4b2527f12a90a4696f0ebbe2262b838942d748c443fe5771b6e7647a94453d599b5196c751bb7372e2b046812940b8b6a80c6246193ab13fd14055d8f9c706f3e17c983716ca2d9b23646c10fb942949864670808ef128802aa62a416a45da251c9ad67bf866434d013324cd8d901adfb6f5d593d7fa0c1748ef4f6f37acc3632b2ec6357690a739a74c895cb8a7c7bb53f841e5844805aab513f4ed41a1cbf7d1878fb26a78066edea5f5395fc5976419656fffc58b482b988a6ca80e728", 0x1000}], 0x8, &(0x7f0000000d40)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=r6, @ANYBLOB="ac1414290000000700000000d4000000000000001200000007000000864f0000b3fc9108d3147b5c5138000d8fdc2e3b991c9da6b3a6d200041f95000f5b6e8af268eb711516d8ee0b86060a791980602e1d1d11050ae17049836babd8aa070d0ab43a28c245607365c37b01000cef2d8e1ad147d7774def01442805937f000001fffffffe000000590000007fffffffff00000008000000000000058200000004443c0043e000000100020000ffffffff7f00000100000081000008000000000700000081ac1414aa0000006100000fff00000008ac1e0101fffff80100000000000000140000000000000000000000020000006735705f11ea9a641400000000000000000000000200000002000000000000001c000000000000000000000008000000", @ANYRES32=r10, @ANYBLOB="ac1414aaffffffff000000001c000000000000000000000008000000", @ANYRES32=r10, @ANYBLOB="ac141427ac1414bb00000000540000000000000000000000070000000102862d00000007050898da5699a835050de7344af5cbd64800d9012002126d36c027a566547733d5e67d8a9b03df831309ffffffffac1e010100000002ac14140a000000000000110000000000000000000000010000000400000000000000140000000000000000000000010000000100000000000000"], 0x1f0}, 0x8000000) r11 = socket$inet_udp(0x2, 0x2, 0x0) close(r11) r12 = socket(0x11, 0x800000003, 0x8) setsockopt$packet_buf(r12, 0x107, 0xf, &(0x7f00000014c0)="12cb96df", 0x4) bind(r12, &(0x7f0000000280)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r13 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r14 = dup(r13) ioctl$PERF_EVENT_IOC_ENABLE(r14, 0x8912, 0x400200) r15 = creat(&(0x7f0000000b40)='./file0\x00', 0x2) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000b80)={&(0x7f0000000000)='./file0\x00', r15}, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="300200001700000228bd7000fbdbdf257f000001000000000000000000000000000004d333000000e0000002000000000000000000000000fe800000000000000000000000000016ff0200000000000000000000000000014e20f6874e2300030a0020202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000002000000000000000000ffffe00000024e2300054e250000020080c288000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff7f0000000000000700000000000000c600000000000000000200000000000007000000000000000600000000000000010000000100000008000000000000007c060000000000000000000000000000ffff000000000000200000000000000005000000b06b6e0000a40101000000000400000007000000080000002dbd7000000102006c72772d73657270656e742d61767800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0050000b3e38c5e58abcd37527104e3bb95a89b3ae0010500c6313e7e49a62960e9961594fbdb8fc91c24c1db6111752f6806ebeb4d3d969c9e340db3c73497e86a62b52e867dc82c024e63e8b26da22bebe6a4e4c8a56e0c39d34e6d966f7c5c237a6bbddab8c0d67d33735b534a47c139ae41a0"], 0x7}}, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="00000000002300000000000000000000000000000000000008000000000000000529"], 0x22) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/avc/hash_stats\x00', 0x0, 0x0) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0xfffffe14) splice(r3, 0x0, r11, 0x0, 0x10005, 0x0) 03:58:26 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) pidfd_open(0x0, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$inet6_buf(r3, 0x29, 0x2f, &(0x7f00000000c0)=""/63, &(0x7f0000000100)=0x3f) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000000)=0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYRES16=0x0, @ANYRESDEC=r6, @ANYRESOCT, @ANYRESOCT=r4], 0x4}, 0x1, 0x0, 0x0, 0x48040}, 0x8000) syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') 03:58:26 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="30000000ffff42df00fffffff90000b45400000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r2, 0x6, 0x15, &(0x7f0000000000)=0x8001, 0x4) [ 3327.875217] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=31153 comm=syz-executor.4 [ 3327.890100] binder: 31148:31150 got transaction with out-of-order buffer fixup [ 3327.890141] binder: 31148:31150 transaction failed 29201/-22, size 96-24 line 3467 03:58:26 executing program 3: pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket(0x11, 0x800000003, 0x8) setsockopt$packet_buf(r3, 0x107, 0xf, &(0x7f00000014c0)="12cb96df", 0x4) bind(r3, &(0x7f0000000280)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[]}}, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="00000000002300000000000000000000000000000000000008000000000000000529"], 0x22) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/avc/hash_stats\x00', 0x0, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfffffe14) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 3327.890586] binder: undelivered TRANSACTION_ERROR: 29201 [ 3327.932623] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6536 sclass=netlink_route_socket pig=31162 comm=syz-executor.4 [ 3327.954814] binder: 31158:31161 got transaction with out-of-order buffer fixup [ 3327.954856] binder: 31158:31161 transaction failed 29201/-22, size 96-24 line 3467 [ 3327.955159] binder: undelivered TRANSACTION_ERROR: 29201 [ 3327.969955] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pig=31176 comm=syz-executor.0 [ 3327.970985] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pig=31176 comm=syz-executor.0 [ 3328.004090] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=31181 comm=syz-executor.4 03:58:27 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2000000, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:27 executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)) write$binfmt_aout(r0, &(0x7f0000000080)={{0xcc, 0x6, 0x0, 0x53, 0x16a, 0x8001, 0xd1, 0x1}, "b77a0d9c7853c8ba472f3bc62d6624ec6f306aa6fbe9f4394815e02ecc1b598d841dcd6e3007a3ac52b79df60e542cbcd1c79a9cf5edeae7d0cf0bd73f923db8c6a230073d4046c11220a17384095ee18ad8c9910bcdba5791d305", [[], [], [], [], [], [], [], [], [], []]}, 0xa7b) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) fcntl$getown(0xffffffffffffffff, 0x9) sendmsg$nl_route(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000edd0c0811b0f00000800140000000000"], 0x3}}, 0x0) 03:58:27 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket(0x11, 0x4, 0xf8) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r2, 0xc0505405, &(0x7f0000000000)={{0x7, 0x2, 0x1, 0x2, 0x5}, 0x4, 0x6, 0x38d}) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="000000e300"/24]], 0x0, 0x0, 0x0}) 03:58:27 executing program 2: openat$urandom(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x2a400, 0x0) r0 = socket$netlink(0x10, 0x3, 0x5) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:27 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYPTR64=&(0x7f0000000080)=ANY=[@ANYRESHEX=r1, @ANYBLOB="840423cfb5", @ANYRES64=r2], @ANYRESOCT=0x0], 0x3}}, 0x8040dc0) [ 3328.292617] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=83 sclass=netlink_route_socket pig=31188 comm=syz-executor.0 [ 3328.310684] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=83 sclass=netlink_route_socket pig=31188 comm=syz-executor.0 [ 3328.672451] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=6536 sclass=netlink_route_socket pig=31181 comm=syz-executor.4 03:58:27 executing program 4: socket$netlink(0x10, 0x3, 0x0) 03:58:27 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x3) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r2, 0xc0505405, &(0x7f0000000100)={{0x3, 0x2, 0x6, 0x4, 0x4}, 0x1, 0x4, 0x3}) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x2400, 0x0) ioctl$TIOCSLCKTRMIOS(r3, 0x5457, &(0x7f00000000c0)) 03:58:27 executing program 1: r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x102101, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000240)={0xa779, {{0xa, 0x4e23, 0x1, @rand_addr="a72ec55c19574fbadc8d32469e90fcba", 0x5}}, 0x0, 0x1, [{{0xa, 0x4e21, 0x1000, @ipv4={[], [], @empty}, 0x9}}]}, 0x110) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) fstat(r1, &(0x7f0000001500)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000001580)='./file0\x00', &(0x7f00000015c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = socket$inet6(0xa, 0x80001, 0x0) r6 = socket$inet6(0xa, 0x80e, 0x800000000002576) ioctl(r6, 0x8912, &(0x7f0000001140)="000000000034e026c9ef05cbcd1a8f8a8f8d77934621665e1cdd6d1591691a7e95229381fc6ed1d0cba27e019af0f8c47488389aeb55b07b19c295c605d6f6aba590f507085e29fd58197be111e510e3223a8e130e00fb265fe4b6a8e8ade875b8bde60976257b462f1e533437e2ac9b9ba82f00d4196025075b934e284aab778d287e39313b4314623efd1aca89344e9e2ff0c445c3284bc2a59ab02318c58c4543b9a4e18d0990102b11bfc3c85e887cf43b49cb8eea04ae0710393485b182033500ad49fab5cb4f12a5882836b34e252da44a1561") setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000d4b000)=ANY=[@ANYBLOB="0a00000000000000ff010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000005000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100"/776], 0x310) setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f00000018c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000fbff00010959158b9ac821b0050000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000004000000000020ffef0000000000000000000000000000cf0000000000000000000000007fb593c60000000000000000000000000000000092dfc8107ac7b075a58b501b8082b9a4dc307674d93199e766e3b9e1736003bc418ff8495f254848398cea23373ca80b77a2748307b62f6703160ac41bb3525155eb439b16cfcd86ee763e82564116b6303b8412d8557873ed89b548be7b94d580d2ab543ed1d62ac1b2691118501e8ed0e9d0dcfd4adad9d8d7e97cd25155f9c423edaebc8978c8fee669d5fb4b452ee3c37a68c9c2cc75b112ed174fb2e04456e0501938bf90900bae315376af11ec7260baa755038546c8857ee44088a19f0ec58f5c51a9a60fc71486a333321cf066211d3f556fceea7ff39b9f5b80725e66ed764692720c631fed7529e67c55a283a88f35368c3f5c023d48163a6d0900996227882fec5a77256fdb07ce69105c8904aff0a359e0eba663e5a5359e2a6c4cda44e30ba5a05e2dcba9d9720fb4348c1760471ec3339810432284372e855953fd52de2f09b18ce328921b62b92077d39025bac6086c73afa1ac31a4ad9cbac6a9672b95acdcc3f45e1201d05906176a83a0103e5a64d13fd5ff3877e28b6d9da915cb6718a4d813f6ffbc210d0db3bc27442e9e7ea3219a57915aaaa2671436905afa17448a388d6ae1324626aa794c137d1a91fbb49a5f577d01ae975dc63ad002587b6565194391e347c2a4a3c140b0a93c426dd3315db57c9bfb8e776047e095cb63684b69e2ef3f9e4fc30c5bc219a2fcd5ce918d1c349892bc66adf842d81179e8601325c136f00d00bd6a9762f6de89ee544a894c0814fba168545dcd86e31d6acddb63650489bfad31004dbb880c65f88b6890a49bcd12dea18b06b99429f80977af6d7410a0fc7b4e51ea1640302ef587ed94925aef4134eca31d1be02569807ddece6cd3633042b8f06fd0994e7a2f2e0e7c59db863a35e06429b4f8b982a08939a0d8ebf2b790125ff845a6e9d143e48d6b80a958125bdfef81c66512ceeeabcaab3b7e86564a08ae1a34909d027cf71a90d92324b572f3f1cc0b864217d3fcf7ab633701e5c90dae4c6fcbe7bb963b5ffd015cdb4b1752866f4de4ccbc23ee162e507b0f777f69a8a510e272e5387eabeefb1116db37f679982675ee5ece99a4163c75872eefb451e455734672db847872dae04a"], 0x1) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f0000001340)={{{@in=@multicast1, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}}}, &(0x7f0000000140)=0x1b7) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x2000000, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) mount(&(0x7f0000000280)=ANY=[@ANYRES64=r5, @ANYRESDEC=r7, @ANYRESOCT=r5], 0x0, 0x0, 0x80000, 0x0) r8 = socket$inet6(0xa, 0x80001, 0x0) r9 = socket$inet6(0xa, 0x80e, 0x800000000002576) ioctl(r9, 0x8912, &(0x7f0000001140)="000000000034e026c9ef05cbcd1a8f8a8f8d77934621665e1cdd6d1591691a7e95229381fc6ed1d0cba27e019af0f8c47488389aeb55b07b19c295c605d6f6aba590f507085e29fd58197be111e510e3223a8e130e00fb265fe4b6a8e8ade875b8bde60976257b462f1e533437e2ac9b9ba82f00d4196025075b934e284aab778d287e39313b4314623efd1aca89344e9e2ff0c445c3284bc2a59ab02318c58c4543b9a4e18d0990102b11bfc3c85e887cf43b49cb8eea04ae0710393485b182033500ad49fab5cb4f12a5882836b34e252da44a1561") setsockopt$inet6_MCAST_MSFILTER(r8, 0x29, 0x30, &(0x7f0000d4b000)=ANY=[@ANYBLOB="0a00000000000000ff010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000005000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100"/776], 0x310) setsockopt$inet6_MCAST_MSFILTER(r8, 0x29, 0x30, &(0x7f00000018c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000fbff00010959158b9ac821b0050000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000004000000000020ffef0000000000000000000000000000cf0000000000000000000000007fb593c60000000000000000000000000000000092dfc8107ac7b075a58b501b8082b9a4dc307674d93199e766e3b9e1736003bc418ff8495f254848398cea23373ca80b77a2748307b62f6703160ac41bb3525155eb439b16cfcd86ee763e82564116b6303b8412d8557873ed89b548be7b94d580d2ab543ed1d62ac1b2691118501e8ed0e9d0dcfd4adad9d8d7e97cd25155f9c423edaebc8978c8fee669d5fb4b452ee3c37a68c9c2cc75b112ed174fb2e04456e0501938bf90900bae315376af11ec7260baa755038546c8857ee44088a19f0ec58f5c51a9a60fc71486a333321cf066211d3f556fceea7ff39b9f5b80725e66ed764692720c631fed7529e67c55a283a88f35368c3f5c023d48163a6d0900996227882fec5a77256fdb07ce69105c8904aff0a359e0eba663e5a5359e2a6c4cda44e30ba5a05e2dcba9d9720fb4348c1760471ec3339810432284372e855953fd52de2f09b18ce328921b62b92077d39025bac6086c73afa1ac31a4ad9cbac6a9672b95acdcc3f45e1201d05906176a83a0103e5a64d13fd5ff3877e28b6d9da915cb6718a4d813f6ffbc210d0db3bc27442e9e7ea3219a57915aaaa2671436905afa17448a388d6ae1324626aa794c137d1a91fbb49a5f577d01ae975dc63ad002587b6565194391e347c2a4a3c140b0a93c426dd3315db57c9bfb8e776047e095cb63684b69e2ef3f9e4fc30c5bc219a2fcd5ce918d1c349892bc66adf842d81179e8601325c136f00d00bd6a9762f6de89ee544a894c0814fba168545dcd86e31d6acddb63650489bfad31004dbb880c65f88b6890a49bcd12dea18b06b99429f80977af6d7410a0fc7b4e51ea1640302ef587ed94925aef4134eca31d1be02569807ddece6cd3633042b8f06fd0994e7a2f2e0e7c59db863a35e06429b4f8b982a08939a0d8ebf2b790125ff845a6e9d143e48d6b80a958125bdfef81c66512ceeeabcaab3b7e86564a08ae1a34909d027cf71a90d92324b572f3f1cc0b864217d3fcf7ab633701e5c90dae4c6fcbe7bb963b5ffd015cdb4b1752866f4de4ccbc23ee162e507b0f777f69a8a510e272e5387eabeefb1116db37f679982675ee5ece99a4163c75872eefb451e455734672db847872dae04a"], 0x1) getsockopt$inet6_IPV6_IPSEC_POLICY(r9, 0x29, 0x22, &(0x7f0000001340)={{{@in=@multicast1, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}}}, &(0x7f0000000140)=0x1b7) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x2000000, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r10}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) mount(&(0x7f0000000280)=ANY=[@ANYRES64=r8, @ANYRESDEC=r10, @ANYRESOCT=r8], 0x0, 0x0, 0x80000, 0x0) syz_mount_image$msdos(&(0x7f0000000400)='msdos\x00', &(0x7f0000000440)='./file0\x00', 0x754, 0x2, &(0x7f00000014c0)=[{&(0x7f0000000480)="0fcafbc29e7f07d12661d8a5561056159e8b864a3ca07334833cffef1e10fcfaadc1bd55c0b74449fd4b3a5b79844b6c78657cca4a7eabcf7f86d9827c6c0375630b86167a805026ed11ad18b026c3be8651239eaa96cfed34d42c95754df0f13727618105fe198194f7b872524904e2d62e01c53d56f5c703f92ec57285cc37ae2ea593098281cc4c161e480d1c67e7009a06665439f627809db03d9168dcb5378e74089c6874d135fca09312ffd59bc5a53f1c4f56ea3c6d3eca380ff205832842e26e1d23f07ac504f9692ac59d4771046039de66fc06a99b4db7dfe604832a3565063aad26841da70a7aa67c6e2103128d3e8a7c7e393de707b1868ff79d1968190047e535bf7352c393db8e1f77d89065b477f8271097a88a6a04c50021d06e76d9d69e2cf58ec19d16c9839a354630036991565c7e8a9000c7e59df38c1cc91cbfa6924e137c607997e72c3728f4c69aec74b412f0dcbf73927b669075bd873acb2e00aa188fa17b2ef0086b01d76353c82f79aca87f282bf61efc39549f1586cdfe9d332d0701488f099c392646d984d0f8343e0b352afaddca3472232244113ced35586e25505a162210baf3b61cdcf1c64fdeaa66d506c90cfb9b9e586d5bc615138c9af0966bbd7fc1a029ecc4973bc8d687e0624b07e9b4f8945114437a2354e021457e77d172b60d6ba84083a52c47461be9cf145b0f123d86dcc832d7ea58e2cc3816ca1a4d50178bb1c41d2c4eef8c40685805eb624aaa7b8e6288c60def185e90d1e26527f4ed401c5de1a5e9fd441826460ec745f6f22261c32d0cd581b1b65429a83645984f3243675a89c934013be6a43009b54e318c46f2f088396b7b863852b565c9a2d27c2f0143d1766ba2352e548e909a3eed0319c395b9147f74c3aaf3ba83a57b6968b2b91bdfd04ca96cb3b4e183c5fc0c129d31ccf0ff50495a2c1de342ab048df3f97545e3bcd2bc228c4351e6d0631302f11b179ee2efdfd173a11e47591210dd72cc5a32981d0adb8f941f5cdd424cf94f589257a1bd4aa2d4f7819315061be094eb1aaace5c4b08a2e32eb562da93c3a237b48b4194bc1851e56fa76e0ee7d94c81084e2740421f3a77e1022940559ab4f3a78c4971df07056d516f1527e8f2ec92c3c2a573eb1f082c1f99450df8716b51c2e8df9623c836cd51886dc264142674506c975100ebf33c315abdd490ec4bab815bd1af69c1af3868c3e5446ea965d658a50031928b1de0dd1f698fa3f34d9d771da8159897c3f0f2a4591ed9224a49c6fe4a6adcf24d3af38169436ef6857cd5da86639abce9132d796af133350663ccb864b3623936eb9075be129403b080af1012bc7dd4b12dbf7fd6d9cf14d9556ee0ce5b9c88519bcd1465554c657c88522731365138e291ddaf657a7c733f28dc6250d5fc55d8fef15e5d49793f02d9fc569704b4ba2df33e44d873958679bf14a6529173667e26ec38b369aa8531b9ddcf633bccdd10d1e29e82ebe07e87798be2541ff9bf6950743a230ebb3906300ce6168595319d80fd91505379a1b1eef6ef3025b20d984b29609aab4841dc584c3bc5791e3901bd567eaad46042b168d8d04a5ef0d219b524ca0e8fbffc0bee9d65941990235c0046041457cfbf502f42611bec2ebeded1b7389a4c403be577569c80fc20311cf571391ab875b15ddf069f0e889f8061191ce2c79c7e7927f6ec0524e0399b8cec505918908fc404f451267bb4f1ac2940be59bec3dce8d86f0f825f421f477b0b1f7390cfbefe1e98672373daa204ecc414a2ab728c19a40b18dbb39a2f2872bb409d62eb3c72b448bdb929532641fd7ed90fa8eb7587a2905df6953263e6089d6e464bc4471d528bec76ed6d165c722f2dc0e1cfe42fd719d12ca09ec1ceb6ebe48a413fee502421dadb42618d3714cc35606ce3161cd9667a3883ec3d04f208f3976f818494c2e5a6737b089958b1e2c080bfff6f153558f521412a65f63f6a253af1f682ab8fceb042d9803899507b9a8b110cc83b11131722f73eb5648b2f5a25faff6066af36e4edee80e7136d4d4f2e0daba5c15ddf3ad74f78494eb9c9dd01263545e3507f9cec36b66b577c690cbae8bb84dc617b12fa3b144cb59c1ce4177897e626329f6e5aed3c356c816f8d88b6fec5447bf472ee870e978c17193d7f93dfa7937d71c47d8f16d366140231ffaff7eeedf36458cf75a628d86fbdfdb0e877004fdc11702c5232bab582d5b1d39c972ac4a5a5b31dac3ea5f9ed4fde923b5d422358b37c21019df49acca84941d3ba7ef129217871dff61bba2a53100dd4026a8fdbed0dcccaf753bc2adf41a6001a07b64ea0b409af47e6a9299381436ba07ef78ec13b49413beacf47b4a54848ad3089dc9cb4c6c76eb1d6194d0deadf8bae7a2908024747aa4c4db0b490f4d143403dbffb71a9660cbae9d1c4ccf9036eed562a36af85363f4a6204dd94eb91e53251d1ede53005c6d9c857c26d2011b87ad50ba4dc2de66ad22a8754547f64b8d2cb9e883bee560d6d5262f3a8a8402cb0222481938176268ef9a534fc051c1159ce896976e85ec8b16052645c498f3ebbf2e2458ad484675351192d17bc74c560d8beeb93d06f717936c1a14941a35a96495c0dc927f84f4292bd02f28a05c777e72e718f30bb31c667550d46ac2c102d3339e6daa1c5063819390462b8f849890c2039e3a2fe2ede5b5998258c6b473759413a16a177c6a458d95654631350d055115feddce80309a1ba2b3ee68837fd54abb677f72855a6c6a34fae7acdf5a787e1a341863485ae3e55a34b007656d80222656fedb100646bcc91448bf8728323ae1f57f0af9b358acd291886e21491c11f8130beb03e602a44f14e7f2cd9f38ce823c6d46c9bcf5d5ae17a4f7ec41f81028275296f3d20daa0b222b653e5ed0e025e59e3f9bf7548c38336233b61f4a94e2555ac9ec91f2dc95f1f4405141b1d6df53fc6e8d01cef6dfe458f535aec93782c45810ca5defba54e2aff40689e113dcefb50358fdb59abfb818569ac5af458f3ef1e468f98da69870cf6a41afe209791b65048eddfa7d737b44a30f899661d916636d5b8e360310b6cc123960bddfff557c3df1dbf91a8b8e98fc0567328088d81ee79dd9dd64a046d12a106282676232856ee4410d119b35c827c38858374ee6f0b7e8742d91d964a4c1a7e0c26a3d76f1e3597a98efe4dd5b02c766912e4ea69992c9a6b7c3e72726033139e6d5dd448f82d6215797752db2d0adb541c94eb6b0e7fb8e97f12ebd64b92be02df7c742cdc362927f19f6cac2525413c1844b1e48f2243227a26576fc8086db3c59733565a73789276f0377f30fc80e927c14a222530bafba344c27da94825268a1cb41b9c8e7af741ee4ef76a2bf08bc293d14f7177c488818ea8009d97c27be45dcfdb4de6f7f0eb3fc6d09c355f0de06521663ab79b3ff8d5eef3280f91d15852b161d5a74eeea4027a4d0f1cbadf68eac81c4f1222af7d949a42ee57383ea29a97bd3d204044f2e390b09a22cf3a620d50c4ee5c265d49d67c6c55cc0544a5bc58916d395ce29b724323b69352d84e60b979e6e4d9f083e553b0e800fccc7b71d1c6529c363b25a77d59fa9830684924d5cb704dd429b8c826cca923b26235c0d5729f942df73e225deb4da26ac12544ec61dedc9b94f383e4f8a598a964eb389ca2942b57cdf0a33edd51dc9a2fd247c8f20799d3a2d6683eb6ac0aef0cd24a881e8fc1ff185685be11fc6d67a7290d92dd8adaaf5597f411054b5019fe8d21edb44931ec0c4b04c4cb3cff8c6cc90ab37b79170625ba4a5e0ad5b0507c7ad6a4e84f0bd38badf61a7e4682fc24498598326e7a864a94f32c798d77bbcc1c36e61951dfed7c5b791620ac9bb22c979589b603cdb81aae79f08654b521efd1f4c3a00ddc3cce34818ac69d4e656c6236228e66261dbc13a7de04474c9f30d743b87c5904a46b983bcfe3713f7425d408f2c0402f390c852a158ffb01c157de6c4c2bb9b55da6426b25a848e2a835d72330e1f027d60715d56ca906cbae9164fcb40a9675862993405994241c02bb48d5a235ce2e96d40c63169e11657a088ca78fc01f6aae4d1a28446cc1875e0ca0bdb5979e48aa7e2a415b0aa4bb7046249d3a6e13b301a1f404a0372a8c8c31423e067dd68c546732a3738cd4a9b25204fd600eeff2a97d15f1c98f07559a783ec5f9ca18090677cf7074c3c66ca98741fea034c1e871c739e3ea97a47e037e60ee86589015676f0a037ab3b76f16968a6671d69dfbbda35a744a8cbbb4c20255f35afe58a81c34a32374b2d62f20bebe1398f836b515c1bf8df4ee20012b071b9f5f078e7bb321ff327ebd3aaa7d16bf6cc630e080742bef15dbafb2ca3b23652f313b88e012a77cbed87b754e264ef22fb49e1b4d09727958f9223d59a3fdf11e769bef7065090fe6f1429421e87d2c1a9cf4d1046abc7c89bc103742cdc42c6173000df493661640f5ed8f74ea93cd7630552ccb3fe9a1882da9ac0e7c958b10ff184bae47f424d8fc46cfd3f1776adfe09ba82e5a450a7080c5686fd88599ccef68a7c39580e553a87599f7626cc3c7e3888b18225cfc8e8170312d14d295d3db2a0e703d09bb4ae836e7be7c909f4da2d08a7d22b374ceceb6b343dbdfa13ee2eaeda32077edb97e203d0c313dd8fadba9092b34c92bbda1bb35d2536a4356460672bdffaab4eb078266dbcd483e02b9b0e67cf70e9b15532a58edd714ac4822cafd999b22a5e09c3064d3ba0d1728cf3f17c4ae4728068576cadbba898515be1bc438091d19585d406edd8a7a40aa9acf9f93dbfe45deca63810946bd861fdadc240a11efe79119b812f899ab30798d2db56b9ad6d23ce93dcf38a9c1b7fd57207c03d355bf0d3233745ba0e192401b958dd2d8db357e6c2162d28f394d0c14afc93f0366a8200f912ae377652d298c0fd25511afa929c06afdf803032a785f81d036974d9e5898252ba1743870cf42efde0f11310d5c8113c274efbfcfa6ca795cdfe45456e85aa35f6695e0dd024cd1dd97203569b7488676d8847002d1c5f4b310a303399f806728df5a9568e38b07efe485398d9f82ac0069592d36c55a4ac64eec011215c90a996f83627a1d1fbfc5ba3cf597f06c57e426d50f00712727e733f9516b9db95ca5ea99799c1d0df5d0dafac8ab0e477e419ae5a51aa0b1294b52b5db31c39b040dff1f052a4c4fbb5d98360005c241cb824d1bffda62b4160dc8131695aab75f8cf6879cf16c9b736e86754daeb830708d185892ff08db0a05f3dce7c126c001424b4fbb54e901e5b434fc7fef643147d3f7a7a4c7a0299a0365bc27f09e174fdee78cd1795ace8b4d101f38d5cb024534a83700496fe78d9e2603360a09a351e7b4ec5a9eaf4173a8b624efc5d7adc31238eb2fadcc6af49572170689112ce27dd9444738e65a500dd66da092bb10b2953cb1ef68440e99772cee418376d56a6a7dfaf97bd895e5c7e80260d0e1cb7d4e754f25a05d080d63e6322aaf1511aa641664ae0adc1b31531cfd240e0c59ef2ff954dcd0e32480b3d084aeb4b290ad590ee224a7d45198a6426150f184edf4f1e413cc4e4d174d55f8bbdce0a1f2a59f3d5b3327aaa1ccdbbc0f3c1c1a20823a477f0cb1b08860ab77a38fa50bf89f4d1793993c9ad87a9ee1f221c68b8a420a8809d6db2ec625efc523e311081d433f6da3d81d54cddf059d3c8e64dadce78888a943ced17b4a8e2166de4607fe76a1d48ac94064", 0x1000, 0xffffffff}, {&(0x7f0000001480)="052376ee3966b35f0bb2ab1dcc10d569d8a6899d195839db3d4aa622c02f497b2ada81dc6ec097682a87a4", 0x2b, 0xdf}], 0x4, &(0x7f0000001c80)={[{@dots='dots'}, {@nodots='nodots'}, {@nodots='nodots'}, {@fat=@uid={'uid', 0x3d, r10}}, {@dots='dots'}, {@dots='dots'}, {@fat=@errors_remount='errors=remount-ro'}, {@dots='v\xefts'}], [{@smackfsdef={'smackfsdef', 0x3d, '/selinux/enforce\x00'}}, {@euid_lt={'euid<', r3}}, {@smackfsroot={'smackfsroot', 0x3d, 'yselfwlan1!Lppp1'}}, {@dont_hash='dont_hash'}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@fowner_eq={'fowner', 0x3d, r4}}, {@smackfsfloor={'smackfsfloor', 0x3d, '/dev/net/tun\x00'}}, {@uid_gt={'uid>', r7}}]}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r11, 0x8903, &(0x7f0000000000)) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r11, 0x10e, 0x4, &(0x7f0000000000)=0x9e1, 0x4) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) socket$netlink(0x10, 0x3, 0x0) r12 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380)='/dev/net/tun\x00', 0x80000, 0x0) ioctl$TUNSETTXFILTER(r12, 0x400454d1, &(0x7f00000003c0)={0x1}) r13 = syz_open_dev$binderN(0x0, 0x0, 0x0) r14 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r15 = dup(r14) ioctl$PERF_EVENT_IOC_ENABLE(r15, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r13, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:27 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_inet_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000080)) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)=0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYRES32, @ANYPTR64=&(0x7f0000000280)=ANY=[@ANYBLOB="4a50d5308ee34e326b51910c62e6dee8eed23fa414bdab188ac31fcc285925f4aa3ec52d0f107627f8a15e4709214cba954de0d2167f638fb94b745fb24f5765c28a4346c3d70a2c9bd15b97e5b0a5381b81d9969cc54e566f324ae2bf8f7554e49a0990856e0c19faf222fb91ec665a6ebc1a249288f46c8ad04831e2fcd0742c2fd996f94201657d2fd115afb6616fe5f9c0ce0f4bb999e8e9c834d9e2e7ae546f4d12820ba612"], @ANYBLOB="81e94de026732924704e18838a8f1c6cd0ac13969955813fff1f7ba20e0a6b7c59411a1731bb65e1dc27f8c40c78a3db4430ba47e9b3fb51063162f0d16868748b38afe08a75298bcaca2e2d1e36e2aff6503a593c2a49b95392bbace5c6df5f3042921891e2c34333bc5015d2fe873f49bb3cf733d681843a00b4b5e0c74b8cdc3fa5973f00f1ca383e5e48047b76f2358a71716e038dbb345ef29b5b8512f3570fcff25320e15d4283559c378e05e0f0e4efea3e0a0722ea19298cfa7eda15", @ANYRES32=r5, @ANYRES16, @ANYRESDEC=r3, @ANYRESHEX=r4, @ANYRESDEC, @ANYRESOCT], 0x9}}, 0x4000) setsockopt$sock_int(r1, 0x1, 0x0, &(0x7f00000000c0)=0xffffffc1, 0x4) 03:58:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001018010800ffffffff00001000000000", @ANYRES32=0x0, @ANYRES64], 0x3}}, 0x70028801) 03:58:27 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000008001400000000007dff1c26bacf82074631883c59696fdd2abcb10e1f90faadfa46b6dd314996960297de7130c0f59999de3dd1ceb4d76aee9233db517b5a2353cba8122b44f348ed1c3d6f5e3cd3e4c4890c733741aab28521502aa88dbe8c4f731bf4a1f8d6d116cfdc9fd9366b4625366dce20"], 0x30}}, 0x0) [ 3328.772970] FAT-fs (loop1): Unrecognized mount option "vïts" or missing value 03:58:27 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$VT_GETSTATE(r7, 0x5603, &(0x7f00000000c0)={0x1, 0x9, 0x7}) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000000)) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r8, 0x8903, &(0x7f0000000000)=0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r10, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYRESOCT, @ANYPTR64=&(0x7f0000000080)=ANY=[@ANYRESOCT, @ANYRES32=r1, @ANYPTR=&(0x7f0000000200)=ANY=[@ANYPTR, @ANYBLOB="16a77aa4b6b45b2322c66b085f9bcb552bfa1fa5660a87d24960fde17a9a080f80762ff3443f3a3c76fe8522dd7261069e510440f792c72759d9c2a7630af25d0d15bf898bf58476b2c0ce54617643968513228a690c9b384d07e34bef9579c38e886c1b9b02c67c285b1348dbeccde7f612a21bf55e8ebbd418d40b0584dfe694a635503213dd680a6c2d63dd9de7148cde", @ANYRESOCT=r0, @ANYRESHEX=0x0, @ANYPTR], @ANYRES32, @ANYPTR=&(0x7f0000000400)=ANY=[@ANYRESHEX, @ANYRES32=r10, @ANYRESDEC, @ANYRES64=r3, @ANYPTR64=&(0x7f0000000540)=ANY=[@ANYRESDEC=r3, @ANYBLOB="7ab98cb166c1cdc563a659619fc06a80c928a470e737dcde1ae55d5e3b8818961f2fb910916d65074aeafd0f355ab1e2b02259ef4c9786a150235e2a97116b82f3a0be2252de4252982b3cdd9459de67d609c5213a587934cb19c7066614014283a04e9d217b0f31c85632dc92b64e21f414f5d790c87e1b6d00f48a24bd2034e162a932b95f90efbb305fded24b048582ec2c94c1b9bb338259bf64cdb3808d7cfed623a43a116fcb8f76df08a107083d6b9cc23adcb1ec4537de9d7191ff677b1cea3c810c986ba3e6cf6efcbf87f5aa5e0980081001aabb0faae69b88e615d971616067bb65f9078ae2faf12501", @ANYRESOCT], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="2f1797c73793a8df8d9d12276ea40ca545a067c7dcfb30c24bdeefd2553e88818a0fa4705cbe813e1d64b66174", @ANYRES64=r9]]], @ANYRESOCT], 0x3}}, 0x0) 03:58:27 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2000000, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:27 executing program 3: pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket(0x11, 0x800000003, 0x8) setsockopt$packet_buf(r3, 0x107, 0xf, &(0x7f00000014c0)="12cb96df", 0x4) bind(r3, &(0x7f0000000280)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$P9_RVERSION(r5, &(0x7f0000000300)={0x15, 0x65, 0xffff, 0x8, 0x8, '9P2000.u'}, 0x15) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="300200001700000228bd7000fbdbdf257f000001000000000000000000000000000004d333000000e0000002000000000000000000000000fe800000000000000000000000000016ff0200000000000000000000000000014e20f6874e2300030a0020202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000ffffe00000024e2300054e240000020080c288000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff7f0000000000000700000000000000c600000000000000000200000000000007000000000000000600000000000000010000000100000008000000000000007c060000000000000000000000000000ffff000000000000200000000000000005000000b06b6e0000a40101000000000400000007000000080000002dbd7000000102006c72772d73657270656e742d61767800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0050000b3e38c5e58abcd37527104e3bb95a89b3ae0010500c6313e7e49a62960e9961594fbdb8fc91c24c1db6111752f6806ebeb4d3d969c9e340db3c73497e86a62b52e867dc82c024e63e8b26da22bebe6a4e4c8a56e0c39d34e6d966f7c5c237a6bbddab8c0d67d33735b534a47c139ae41a0"], 0x7}}, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="00000000002300000000000000000000000000000000000008000000000000000529"], 0x22) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/avc/hash_stats\x00', 0x0, 0x0) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040)='nbd\x00') r9 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r10 = dup(r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x80, r8, 0x620, 0x70bd27, 0x25dfdbff, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0xfffffffffffffffe}, @NBD_ATTR_SOCKETS={0x2c, 0x7, [{0x8, 0x1, r7}, {0x8}, {0x8, 0x1, r1}, {0x8, 0x1, r10}, {0x8, 0x1, r3}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x7}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffffffffffffffff}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x8}]}, 0x80}, 0x1, 0x0, 0x0, 0x1}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfffffe14) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 03:58:27 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x11) ptrace$pokeuser(0x6, r1, 0x5, 0x9) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:27 executing program 2: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x4e320, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f00000000c0)={0x73, @multicast2, 0x4e21, 0x4, 'sh\x00', 0x24, 0x6, 0x39}, 0x2c) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:27 executing program 4: setxattr$security_smack_entry(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='security.SMACK64\x00', &(0x7f0000000100)='.\x00', 0x2, 0x2) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[]}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) write$binfmt_elf32(r3, &(0x7f00000000c0)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x2, 0x0, 0x8, 0x9, 0x3, 0x3e, 0x7, 0x2ee, 0x2b4, 0x1c6, 0x80, 0x40, 0x20, 0x2, 0x0, 0x74a0, 0x40}, [{0x4, 0x4, 0x685, 0x3, 0x9, 0x81, 0x1000, 0xc303}], "5b420825d36dd9c76c11c1f8a6c2e7088072cc04838b61d15140c4db672946c223085ab5644ad72048", [[], [], [], [], [], []]}, 0x681) socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x11, 0x0, 0x9) 03:58:28 executing program 0: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$binfmt_misc(r0, &(0x7f00000000c0)={'syz1', "875ca2f05f4648d48457abf39b58e96f95cc8f144986bcc00d5713a62c85c391c00780e05e84d9642be9e634bb22d29a6b6bfd8659255d9a03f5e09d6628f0521d6992bd76e801fc4dcf92298991ec7267769ca68b90966e48116441f4a023ed8fc4da804df12219df1eadaf8e58f397a8625b970e764c79da66d37ed29c90aa6e06a431063351579463bdac8d26e152ebc100c1ccad81d4600086aef840dce060e2dc54f39767a73f9d8562b1eaccb9bb20eaea6a979d9ea6991afa92ca7c82d5ff4ddc0abc61a8e35a34b0aa87edbb21b2e8db4a08fd57643e3eafa3a3c2dc72beee3cdb8652df01c494af5c7d"}, 0xf2) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r4}, 0x14) bind$packet(r3, &(0x7f00000001c0)={0x11, 0x0, r4, 0x1, 0x1}, 0x14) sendmsg$nl_route(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[]}, 0x1, 0x0, 0x0, 0x4000810}, 0x40) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r8, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x2c, r9, 0x8, 0x70bd2d, 0x25dfdbfc, {{}, 0x0, 0x4102, 0x0, {0x10, 0x13, @udp='udp:syz2\x00'}}, ["", "", "", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000d) sendmsg$unix(r6, &(0x7f0000000340)={&(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000300)=[{&(0x7f00000004c0)="c9feca5106317ddf6bd3ac09252bfeb6024bb3affad670c4e1cbe147576168bdb2371833598e1d2c81805f510d7a7f04f77b67e277da8f1d1e2b586a8e48e4a6a83d7242b8007397a3073ec5cb13e091d5c3c9", 0x53}], 0x1, 0x0, 0x0, 0x8189e81956620bb8}, 0x40) 03:58:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) accept4$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0xd, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r3}, 0x14) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0xed74a77e5e2d2bac, &(0x7f0000000380)={@dev, @local, 0x0}, &(0x7f00000003c0)=0xc) sendmsg$nl_route_sched(r2, &(0x7f00000004c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10010001}, 0xffffffffffffff25, &(0x7f0000000480)={&(0x7f0000000500)=@getqdisc={0x0, 0x26, 0x100, 0x70bd2b, 0x25dfdbfd, {0x0, r4, {0xf, 0xa}, {0xc, 0xa}, {0x7ff4, 0x4}}, [{}, {}, {}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'rose0\x00', 0x0}) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r6}, 0x14) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x2, &(0x7f0000000180)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5}], &(0x7f00000001c0)='GPL\x00', 0x1, 0x1f, &(0x7f0000000200)=""/31, 0x41100, 0x66b1d1cafc15a6cf, [], r6, 0xe, r8, 0x8, &(0x7f0000000240)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000280)={0x3, 0x3, 0x400, 0x8000000}, 0x10}, 0x70) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000000c0)={'team0\x00', r5}) 03:58:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') fcntl$F_GET_RW_HINT(r2, 0x40b, &(0x7f0000000080)) 03:58:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000bd68711fde2971"], 0x30}}, 0x0) 03:58:28 executing program 2: getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000140)={@multicast2, @initdev}, &(0x7f0000000180)=0xc) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="842a56d40f7a03000000230000400008001b00000001000800140000000000"], 0x30}}, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/user\x00', 0x2, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80114}, 0xc, &(0x7f0000000180)={&(0x7f0000000540)=ANY=[@ANYBLOB="f4000000", @ANYRES16=r3, @ANYBLOB="20053abd7000fddbdf250b0000003c000300080007004e240000080007004e210000140002006e65746465767369003000000000ff0014000600fe8000000000000000000000090000002c0002000800060001040000080000000100000d0000000000080002004e22000008000b00020000000500000200005c000300140000041cee000000000000000000000000000114000200687773696d300000000000000000000008000500ac14141f14000601000100000007001d741a312d4b2ef47b14000600ff0200000000000000000000000000010c00010008000600736564001abf2e851c4d191faadbc2c709785adf6b3c07eeae3e00b8ea67c931a20ecf7db86dea600df2981c4810e0b9f1b89fc46ae87b54a84b54abaceedb362bcc4d79ad2d978aef4c453cec31a650b74ca030970138c7c010da52cf962f6f5b4f620c5ba0c1c8363bec56591d4738f85d005781521c"], 0xf4}, 0x1, 0x0, 0x0, 0x40000004}, 0x80) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r6, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xb0, r7, 0x4, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x24, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x101}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3fc1}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfffffffffffff000}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA={0x54, 0x5, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffe0}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}]}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x40}, 0x40b4) sendmsg$TIPC_NL_MON_SET(r5, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x28001002}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x104, r7, 0x4, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x40}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}]}, @TIPC_NLA_NET={0x50, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x20}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x81}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80}]}, @TIPC_NLA_NODE={0x8, 0x6, [@TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NODE={0x18, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3f}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MON={0x34, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x200}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xa6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x81}]}, @TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3f}]}]}, 0x104}, 0x1, 0x0, 0x0, 0x40000}, 0x40) sendmsg$IPVS_CMD_NEW_DEST(r2, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, r3, 0x400, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000001) r8 = accept$inet6(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f0000000100)={@ipv4={[], [], @loopback}, 0x9, 0x2, 0x2, 0x1, 0x6}, 0x20) 03:58:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000088001b00000000000800140000000000"], 0x30}}, 0x0) [ 3329.531374] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3329.547422] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3329.585115] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. 03:58:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}}, 0x0) 03:58:28 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x4000, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x6, @empty, 0xfff}, 0x1c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000240)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x34, r3, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@SEG6_ATTR_SECRET={0x18, 0x4, [0x0, 0x1, 0x2, 0x8c, 0x1]}, @SEG6_ATTR_ALGID={0x8, 0x6, 0x3f}]}, 0x34}, 0x1, 0x0, 0x0, 0x20}, 0x0) sendmsg$SEG6_CMD_GET_TUNSRC(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x64, r3, 0xa00, 0x70bd27, 0x25dfdbff, {}, [@SEG6_ATTR_ALGID={0x8, 0x6, 0x3f}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x5}, @SEG6_ATTR_SECRET={0x18, 0x4, [0x1, 0x3ff, 0x3, 0x100, 0x7]}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xd1}, @SEG6_ATTR_ALGID={0x8, 0x6, 0xc1}, @SEG6_ATTR_ALGID={0x8, 0x6, 0x1}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x241}, @SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x3}]}, 0x64}, 0x1, 0x0, 0x0, 0x4046}, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:28 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x1d, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x1ff}, 0x1c) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001000010800ffffffff000010000000008be38a75d94648fc1cda8dc9736f6c325f62c83ec34eb0b0548fb73c3593de472a05acca9de584820b4730d60b846414b1f38373f485f2309180a4440440040e8a535acc3f03fdf4d3994dea5f6bc1779042a20161ef9182025288f3eed29f7f68b444b3ff81240e56c22aa50dc69ba779a47c7d63ef20937604811506c657afbd5dc9c9c92b6631ceedb4edb7d8048e61f268fa7fde9dd771c553717cfce77143bcd343b69ca408aa07118afbfba0943f358248", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYRESOCT=0x0], 0x3}}, 0x0) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfd, 0x100008}, 0xc) 03:58:28 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x11) fcntl$lock(r1, 0x7, &(0x7f0000000400)={0x1, 0x1, 0x0, 0x8, r4}) signalfd(r3, &(0x7f0000000240)={0x7ff}, 0x8) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x440000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x68, r5, 0x20, 0x70bd26, 0x25dfdbfb, {{}, 0x0, 0x4108, 0x0, {0x4c, 0x18, {0x581e, @link='broadcast-link\x00'}}}, ["", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x14000010) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open$cgroup(&(0x7f00000001c0)={0x5, 0x70, 0x3f, 0x20, 0x2, 0x1, 0x0, 0x8001, 0x10, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0xdb, 0x2, @perf_bp={&(0x7f0000000180), 0x1}, 0x440, 0x5, 0xffffffff, 0x9, 0x81, 0x400, 0x2}, r2, 0x9, r2, 0x0) write$selinux_load(r2, &(0x7f0000000080)={0xf97cff8c, 0x8, 'SE Linux', "50a864f43001c85a4bddfdfe9ca3d27e0f1a927c85d0581e9669e7662cb97abd8ac9bb27b27a814ff489fc8c9acd2ae61482e2c1650229bbb9d2bb471a73f441541cc9e82f0b1b1a5125d8797b838da230bcb0007dc608b99395da275ef211360ab44ce837ecdf1e9e41f8171992372865160a2d2ca0aac195f5ac790ff2f6967649a24520ee9a2b742605b17c910924367d783d787894b28151d4e913cbf1559fb8731a2e2c70c2963d6b85d887fd08b8ed8675b270ffd6d4"}, 0xc9) syslog(0x17, 0x0, 0x0) syz_open_dev$loop(&(0x7f0000000440)='/dev/loop#\x00', 0x100000001, 0x41500) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:28 executing program 4: r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/mls\x00', 0x0, 0x0) ioctl$EVIOCGREP(r0, 0x80084503, &(0x7f00000000c0)=""/37) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010800ffffffff00007eed289d00d38552f078a541567b0b8a657ad6b8937e164d9dbeb61b3be05927391f4bd49115fe134c888b0c02342e7d5ed91565ceee7b86b23a33c97a6d0039f9fc676716654af2470da2119f1818a2d0cb5eb5f521d5d0ab7e4b8c34f8acb6cae618ea972ef4af", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) [ 3330.013646] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3330.029458] binder: 31312:31319 got transaction with out-of-order buffer fixup [ 3330.048189] binder: 31312:31319 transaction failed 29201/-22, size 96-24 line 3467 03:58:28 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:28 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYRES64, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}}, 0x0) 03:58:28 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000080)=""/145, &(0x7f0000000140)=0x1a9) r1 = socket$netlink(0x10, 0x3, 0x2) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000000)) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r1, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[]}, 0x1, 0x0, 0x0, 0xcea501a757a7fb30}, 0xf184d9e9a9f6aa2a) socket$key(0xf, 0x3, 0x2) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) bind$inet6(r7, &(0x7f00000002c0)={0xa, 0x4e23, 0xf4, @loopback, 0x6b9}, 0x1c) bind$unix(r8, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) 03:58:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000e80f0001080074b801e97404d80bb1ffff", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x0) [ 3330.060263] binder: 31325:31329 got transaction with invalid offsets size, 13 [ 3330.060290] binder: 31325:31329 transaction failed 29201/-22, size 647-13 line 3338 [ 3330.060824] binder: undelivered TRANSACTION_ERROR: 29201 [ 3330.066512] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3330.139456] binder: 31343:31351 got transaction with invalid offsets size, 13 [ 3330.139487] binder: 31343:31351 transaction failed 29201/-22, size 647-13 line 3338 03:58:28 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e23, 0xfff, @local, 0x9}, 0x1c) socket$netlink(0x10, 0x3, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3330.139961] binder: undelivered TRANSACTION_ERROR: 29201 [ 3330.201568] binder: undelivered TRANSACTION_ERROR: 29201 03:58:29 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:29 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0xfffffffffffffdf4, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:29 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:29 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x4) r2 = openat$selinux_mls(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240)='TIPC\x00') sendmsg$TIPC_CMD_GET_REMOTE_MNG(r2, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4400a000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r3, 0x10, 0x70bd27, 0x25dfdbfd, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000010}, 0x1) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000888a}, 0xffffffffffffffaf, &(0x7f0000000140)={&(0x7f0000000340)={0xfffffe76, r3, 0x10, 0x70bd22, 0x25dfdbfd, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2c000005}, 0x40000) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) getsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f00000001c0), 0x10) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000001f00"/24], 0x30}}, 0x0) 03:58:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800e5e3eaa200001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}}, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) fsetxattr$trusted_overlay_nlink(r3, &(0x7f0000000200)='trusted.overlay.nlink\x00', &(0x7f0000000240)={'L-', 0x6}, 0x28, 0x1) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) r6 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r9, 0x1, 0x7, &(0x7f0000ac5000), 0x4) sendmmsg$unix(r9, &(0x7f00000bd000), 0x53, 0x0) r10 = memfd_create(&(0x7f0000000080)='dev ', 0x0) write(r10, &(0x7f00000001c0)="16", 0x1) sendfile(r9, r10, &(0x7f0000000000), 0xffff) r11 = dup2(r7, r8) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) tkill(r6, 0x1000000000013) r12 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r13 = dup(r12) ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(r13, 0x5607) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x200080, 0x20) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 03:58:29 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) symlink(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='./file0\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x1b) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000856164660000000000000000000000000976827b016517a3375ebf53779bde53114c0f7aafd13da46f975386000000000000"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:29 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x44000, 0x0) ioctl$KDGKBLED(r1, 0x4b64, &(0x7f00000000c0)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) [ 3330.829860] binder: 31367:31369 got transaction with invalid offsets size, 13 [ 3330.845309] binder: 31367:31369 transaction failed 29201/-22, size 647-13 line 3338 [ 3330.851406] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. 03:58:29 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$unix(0x1, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvfrom(r1, 0x0, 0x0, 0x0, 0x0, 0x0) shutdown(r1, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="30000000100001ea33ab3a2b5eed01ffff03001000"/35, @ANYRES32=0x0, @ANYBLOB="00000008001400"/24], 0x30}}, 0x0) 03:58:29 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sync() ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:29 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x6, 0x9b17, 0x80000000}}, 0x30) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRESOCT, @ANYRES32=0x0, @ANYRES16=r1], 0x3}, 0x1, 0x0, 0x0, 0x90a10c8865c400d8}, 0x0) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x11) sched_getscheduler(r4) [ 3330.859339] binder: 31370:31372 got transaction with invalid offset (40, min 40 max 96) or object. 03:58:29 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/ipx\x00') getdents64(r1, &(0x7f0000000100)=""/173, 0xad) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000080)=0x9, 0x4) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="959a9ed78d20ec3f4a6d75df5d4f7f4030000000001100", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) [ 3330.859376] binder: 31370:31372 transaction failed 29201/-22, size 96-24 line 3379 [ 3330.859668] binder: undelivered TRANSACTION_ERROR: 29201 [ 3330.934068] binder: 31392:31395 got transaction with out-of-order buffer fixup [ 3330.934122] binder: 31392:31395 transaction failed 29201/-22, size 96-24 line 3467 03:58:29 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x11) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f0000000000)={0x4}) capset(&(0x7f0000000040)={0x400e204c, r1}, &(0x7f00000002c0)={0x0, 0x100, 0x8, 0xce3, 0xfffffffb, 0x8}) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) mlock2(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00@\x00'/24]], 0x0, 0x0, 0x0}) setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0x5, &(0x7f0000000280)=0x8, 0x4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000000)) write$binfmt_aout(r5, &(0x7f0000000300)={{0x10b, 0x6, 0xb9, 0x2ed, 0x386, 0x4, 0x195, 0xfff}, "777806d3b14b523b7b26f8b7560d8c656a943531a2e4e15cb6e46d64001f61922574aea1a33d86ca5816659969f8b1c08978eb43616703069a68943a2219cfad8099681693d2c3d54288fdc8df06c7df055c37ed71a7e59e13a45be418bea6", [[], [], [], [], [], [], [], []]}, 0x87f) [ 3330.934633] binder: undelivered TRANSACTION_ERROR: 29201 [ 3330.985160] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3330.989989] binder: undelivered TRANSACTION_ERROR: 29201 [ 3331.006874] binder: 31406:31409 got transaction with invalid offset (4611686018427387904, min 0 max 96) or object. [ 3331.037710] binder: 31406:31409 transaction failed 29201/-22, size 96-24 line 3379 [ 3331.047364] binder: undelivered TRANSACTION_ERROR: 29201 03:58:30 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:30 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:30 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[]}}, 0x0) 03:58:30 executing program 4: socket$netlink(0x10, 0x3, 0x0) readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)=""/185, 0xb9) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000000)) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000000)) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f0000000000)) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r8, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002680)=ANY=[@ANYPTR=&(0x7f0000001600)=ANY=[], @ANYRESOCT, @ANYRESHEX], 0x3}, 0x1, 0x0, 0x0, 0x80c0}, 0x4004) 03:58:30 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r2, 0x29, 0xd3, &(0x7f00000000c0)={{0xa, 0x4e22, 0x4, @rand_addr="411c94d2ae896dc3f03d95bbc948f105", 0xfff}, {0xa, 0x4e20, 0x7fff, @rand_addr="f3f5a1dbb9e2fd2e91aae42efaf392d8", 0xfff}, 0x5, [0x1ff, 0x1, 0x3, 0xf, 0x5, 0x7, 0x80, 0x8]}, 0x5c) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) 03:58:30 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000000)={@fd={0x66642a85, 0x0, r1}, @fda={0x66646185, 0x7, 0x1, 0x29}, @flat=@weak_binder={0x77622a85, 0x101}}, &(0x7f0000000240)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 03:58:30 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="81000000100001080004000000000001a69130da", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:30 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3331.654188] binder: 31417:31420 got transaction with invalid offsets size, 13 [ 3331.673926] binder: 31417:31420 transaction failed 29201/-22, size 647-13 line 3338 [ 3331.694640] binder: undelivered TRANSACTION_ERROR: 29201 03:58:30 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000000)) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000000)) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f0000000000)) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r8, 0x8903, &(0x7f0000000000)) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r9, 0x8903, &(0x7f0000000000)) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r10, 0x8903, &(0x7f0000000000)) r11 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r11, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYPTR64=&(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=r0, @ANYRESHEX=r1, @ANYRESDEC=0x0, @ANYRES64, @ANYBLOB="05cacb0f5b09f70853ca2d13a7513822deb18ce5b9042c7a0437f8561fa1c5fd7a17d9691e907bcb0a54859ffe7f3e341fc755fef223d96005cda1737026c990043a55e6a7093012d6627162b4079960a8", @ANYPTR64=&(0x7f0000000080)=ANY=[@ANYRESDEC, @ANYRES32=r2, @ANYRES32=r3, @ANYRESOCT=r4, @ANYBLOB="2d5fb73ce8f35bf5033a7b09919dbac2e9e921fe771873263533bf0c409824a9c79baac1622da184624e69f4", @ANYRESHEX, @ANYPTR64], @ANYBLOB="a0337ea4cdbfa635d06680964b0e3fdb654ae9af81761c78bf92b12fbc01702358fae5ba87c38f3690dc601a2af31526caff862117119a8d1479720cf09622776762ea1b5112276505c3e6"], @ANYRES32=0x0, @ANYPTR64=&(0x7f0000000380)=ANY=[@ANYRESDEC=r5, @ANYRES16, @ANYPTR64=&(0x7f0000000600)=ANY=[@ANYRESOCT, @ANYPTR=&(0x7f0000000480)=ANY=[@ANYRES64=r9, @ANYBLOB="5a0431ccb721a9dab4369ad007b4d7a1b2853facd37f638b4298ae4670f890fd04a9dbdbc8f2033ceb0df79975b51a5b3596d6fd8ed5fed3dc8988aa8ffd9c13a2aa2599f64a3d0552746dbf75dd59a55ea9a195416321dca3da1bda7657efc1160f7d6fb4193eeb6e77bd137eea5b5bf66c1bb85b9753f6b898117e50b3c5aeadd5d90edf43f22af222f72a064ffeab787aa6ce6afc8480b941ac569b02938a1544ee60d93a218733f8e62649816b963898a20719e550b322c382e4b096c92f181123c4ff7a3da64e233e126220acc3", @ANYRESHEX, @ANYRES16=0x0], @ANYPTR=&(0x7f0000000580)=ANY=[@ANYRES32=r10, @ANYPTR, @ANYRESHEX=r0, @ANYRESOCT=r0, @ANYPTR64, @ANYRESHEX=0x0, @ANYPTR64, @ANYRES64=r11, @ANYPTR], @ANYRES64=r0], @ANYRESDEC, @ANYRESOCT=r7, @ANYRESHEX=r0, @ANYPTR=&(0x7f0000000200)=ANY=[@ANYRES16=r0, @ANYRES64, @ANYRES64, @ANYPTR64, @ANYRESOCT=r8, @ANYBLOB="b5ed4c3c900bb2d18692ac21bdf654666d88422b7e87893499aa17de766bf1867a9a35ed4889068e066d46ba09b822ffc9e7d5172a404d1fd8c246d2431556453f9aa9dfdfe7b56897a4b7b0fc5e83e0bfe835a3962fa55b03201d365d63ed41939aa7ddbc419b01406ec927d37fc21099fa22c499be1224690b5cd2a8e0e6f5828d3aa39f0af5466c76ce6f9e9820faa7e38d622b4dc0c8fc4104b2086209a59e37610214da263c194345151e4cb5b3f9d8191685c88756229f0814db50c5b143948fd73b96b1189251cbfd6f7b2f8649c943c42940b5ac919cc12f5ebdbd78bcfe701f6c", @ANYRESDEC=0x0, @ANYRES64, @ANYPTR, @ANYRESHEX=r0], @ANYRESOCT, @ANYRES64]], 0x3}}, 0x0) 03:58:30 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0x80, 0x0) getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:30 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="5a9ddfee362cf0d800ffffffff000010f6ffffffcd873d6188eb9ad1c4fc05dcddc9be54139bb923614484669d2807c8d51d638bf9bc584b7f6ce0004a2403e220ffb414ee8e07b8f8a2dcbaf7b6d353a79f89ccd367d8c73604bf094efeaa723509ff32a7baa633dd119e23b8f2ce601803ab7b5e25de05c930a27e3704", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) fcntl$getownex(r2, 0x10, &(0x7f0000000240)={0x0, 0x0}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000180)='([em0-#systemeth1security\x00') syz_open_procfs(r3, &(0x7f0000000280)='setgroups\x00') ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') sendmsg$FOU_CMD_GET(r2, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x42000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1638fbabc67756ee5725dadda0bc3c40702f", @ANYRESDEC=r0, @ANYBLOB="907025bd7000fbdbdf2503000000080001004e230000080001004e2000000400050008000600e0000001080006000000000004000500"], 0x3}, 0x1, 0x0, 0x0, 0x80}, 0x4) 03:58:30 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000100)={&(0x7f0000000080)='./file0\x00', r1}, 0x10) [ 3331.729077] binder: 31429:31435 got reply transaction with no transaction stack [ 3331.750092] binder: 31439:31444 got transaction with invalid offsets size, 13 [ 3331.750117] binder: 31439:31444 transaction failed 29201/-22, size 647-13 line 3338 [ 3331.750325] binder: undelivered TRANSACTION_ERROR: 29201 [ 3331.823616] selinux_nlmsg_perm: 6 callbacks suppressed [ 3331.823625] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=11318 sclass=netlink_route_socket pig=31456 comm=syz-executor.2 [ 3331.843574] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=11318 sclass=netlink_route_socket pig=31456 comm=syz-executor.2 [ 3331.862384] binder: 31429:31435 transaction failed 29201/-71, size 80-24 line 3046 [ 3331.873131] binder: undelivered TRANSACTION_ERROR: 29201 03:58:31 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sysinfo(&(0x7f0000000080)=""/232) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$key(0xf, 0x3, 0x2) getpeername(r1, &(0x7f0000000200)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000280)=0x80) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) getsockopt$IP_VS_SO_GET_SERVICE(r3, 0x0, 0x483, &(0x7f0000000340), &(0x7f0000000180)=0x68) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = accept$packet(r5, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f00000001c0)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYRES16=r1, @ANYRES32=0x0, @ANYBLOB="004000010200000008060000000000000003cc0000000000"], 0x3}}, 0x0) 03:58:31 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:31 executing program 4: prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x991149c4948a176e) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4000, 0x40) connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast2}, 0x10) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000041062cbe10fcf730f48000010000800007be323758fbd3943a6a3bdec1622e63ce9d0bda34a53efdc2d9c225bf12d873080f7b9b1db2f9aa598b396464a00000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}}, 0x0) 03:58:31 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0xac, "109d853185b0df2fc08703ee66174bc410a6af48a795f4f9fb6f074ed28a99c46b29aeacf366fbd7eba2f185a72228cabafc405a58fa2ec912b2c56fa91497448a987260ed0436314cb39e4e49cc95e8e5f8d2a91de7f8403c9e3e6c9df194f690f33337cdf4d2881e42af269415a992245f9572e790abadf6ddcdf884867cb44858b28d6168d9a7e2f7e16a1bd9640056b34e91e29202c7f8b8cd7d239661bb996617b7fb67a4021030e3c9"}, &(0x7f0000000180)=0xd0) r1 = socket$netlink(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000240)={0x0, r2, 0x1, 0x10001, 0x3fc1, 0x6}) sendmsg$nl_route(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:31 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, 0x0) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:31 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) prctl$PR_SET_FP_MODE(0x2d, 0x3) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$EVIOCSABS20(r5, 0x401845e0, &(0x7f0000000000)={0x18, 0x69300380, 0x4, 0x101, 0x5, 0x1}) 03:58:31 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = eventfd2(0x8001, 0x40801) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000080)={{0x1, 0x0, @identifier="c86835206f3491a9c768a46351992fac"}, 0x28, [], "32b8e320d759001741af977874bb12445b94aafb47dcf1f1499bfbb733f71099c71f6346f9617b52"}) 03:58:31 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3332.321879] binder: 31467:31475 got transaction with invalid offsets size, 13 [ 3332.337306] binder: 31467:31475 transaction failed 29201/-22, size 647-13 line 3338 03:58:31 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x16) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:31 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet6_MRT6_DEL_MFC(r2, 0x29, 0xcd, &(0x7f0000000180)={{0xa, 0x4e21, 0x5fc, @ipv4={[], [], @local}, 0xd6}, {0xa, 0x4e21, 0x3, @remote, 0x7}, 0x2, [0xfffffffc, 0x9, 0xfffff800, 0x6eb7, 0x4b, 0x10001, 0x4, 0x6]}, 0x5c) r3 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat(r3, &(0x7f0000000000)='./file0\x00', 0x200, 0x184) setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000080)={@remote, @local}, 0xc) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000001300)={0x0, 0xfffffffffffffdb9, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010800ffffffff000010001a0000b14bc48dd36b0957a2537de45d8638d89c8fb9c5ba0f25a6a303114ed5fc4c2f2b103d8a2220a89bc0873ab33f8b874ae70ebce6065a583554cae6d1649b38dc3742c6a20c281012b8bba2a5f4a6e04b9c54d4cc1bcfb92fce384d0c605df3d78fe811252b784f53b9285e8ea0d7561391fa48af0e03722133", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:31 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) sendto(r1, &(0x7f00000000c0)="94105ce68b75a9fd9bd6dc12d01b5f72d717156da8f728e623a89b1fe00a95854c76c18507d4e88942fe6766", 0x2c, 0x4008025, &(0x7f0000000100)=@llc={0x1a, 0x620, 0x27, 0x7, 0x6, 0x5, @local}, 0x80) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x38bca7f1cea15d06}, 0xc, &(0x7f0000000340)={&(0x7f0000000200)={0x140, r3, 0x20, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x28, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x10001}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}]}, @TIPC_NLA_BEARER={0x10, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff70}]}]}, @TIPC_NLA_BEARER={0x44, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'ib', 0x3a, 'gre0\x00'}}]}, @TIPC_NLA_SOCK={0x44, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x200}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x63}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x200}]}, @TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff8}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x534}]}, @TIPC_NLA_MEDIA={0x18, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x54d4e12e}]}, @TIPC_NLA_MEDIA={0x20, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}]}, 0x140}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000004) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000080)={@multicast1, @dev={0xac, 0x14, 0x14, 0x24}, 0x3, 0x5, [@initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @multicast1, @broadcast, @remote]}, 0x24) 03:58:31 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3332.356433] binder: 31471:31477 got transaction with out-of-order buffer fixup [ 3332.356472] binder: 31471:31477 transaction failed 29201/-22, size 96-24 line 3467 03:58:31 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) getsockopt$netlink(r2, 0x10e, 0x7, &(0x7f0000000500)=""/178, &(0x7f00000005c0)=0xb2) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x7df68406f68ce012, &(0x7f0000000600)=0x204, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) bind$unix(r5, &(0x7f0000000440)=@file={0x1, './bus\x00'}, 0x6e) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xb0, r6, 0x4, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x24, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x101}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3fc1}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfffffffffffff000}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA={0x54, 0x5, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffe0}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}]}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x40}, 0x40b4) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xa00800}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0xa8, r6, 0x4, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}]}, @TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0xd93d}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA={0x70, 0x5, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x418}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x43, 0x2, 0x45ec}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7f}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x8800}, 0x1) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="ff12b54cf2f85c9b640a5f088b6c0a8974", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r7 = syz_open_dev$evdev(&(0x7f00000003c0)='/dev/input/event#\x00', 0x8001, 0x204600) r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$EVIOCSABS20(r5, 0x401845e0, &(0x7f00000004c0)={0xff, 0xa3c, 0x100, 0x0, 0x101, 0x2c6}) r9 = dup(r8) write$P9_RVERSION(r9, &(0x7f0000000400)={0x15, 0x65, 0xffff, 0x10001, 0x8, '9P2000.u'}, 0x15) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r10, 0x8903, &(0x7f0000000000)) write$binfmt_elf32(r10, &(0x7f0000000640)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x7, 0x2, 0x0, 0x2, 0x2, 0x3, 0x9, 0x18, 0x38, 0x2c7, 0xc622, 0x4, 0x20, 0x1, 0x9, 0x3, 0xf3a8}, [{0x70000000, 0xfffff800, 0x9, 0x1, 0x6, 0xd0, 0x9b, 0x9}, {0x6, 0x80000001, 0x6, 0x100, 0x6, 0x5, 0x3, 0x3ff}], "eb54", [[]]}, 0x17a) readahead(r7, 0x7ff, 0x1) [ 3332.358410] binder: undelivered TRANSACTION_ERROR: 29201 [ 3332.403140] binder: 31489:31492 got transaction with out-of-order buffer fixup [ 3332.403176] binder: 31489:31492 transaction failed 29201/-22, size 96-24 line 3467 [ 3332.403505] binder: undelivered TRANSACTION_ERROR: 29201 [ 3332.477910] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3332.479210] binder: 31504:31509 got transaction with out-of-order buffer fixup [ 3332.479243] binder: 31504:31509 transaction failed 29201/-22, size 96-24 line 3467 [ 3332.479498] binder: undelivered TRANSACTION_ERROR: 29201 03:58:31 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:31 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r2}, 0x14) sendmsg$nl_route(r1, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="60000000160000022abd7000fddbdf25021891ff", @ANYRES32=r2, @ANYBLOB="080008000400000014000600010f0080ff7f00000000014004000000140006000004000006000000080000008d56ff0008000800000000000800080060002754f6870000088b6300ac1e0101"], 0x60}, 0x1, 0x0, 0x0, 0x4802}, 0x11) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x207800, 0x0) ioctl$TCSETXW(r3, 0x5435, &(0x7f0000000240)={0x5, 0x40, [0x8, 0x3, 0x8, 0x37, 0xf02e], 0x81}) 03:58:31 executing program 2: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)) accept4$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14, 0x800) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'ip6_vti0\x00', r0}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) getsockopt$inet_mreq(r2, 0x0, 0x24a782b9548e7985, &(0x7f0000000140)={@broadcast, @initdev}, &(0x7f0000000180)=0x8) [ 3332.530062] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=63730 sclass=netlink_route_socket pig=31517 comm=syz-executor.4 [ 3332.581559] binder: undelivered TRANSACTION_ERROR: 29201 [ 3332.610528] binder: 31526:31529 got transaction with invalid offsets size, 13 [ 3332.622526] binder: 31526:31529 transaction failed 29201/-22, size 647-13 line 3338 [ 3332.637744] binder: undelivered TRANSACTION_ERROR: 29201 03:58:31 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, 0x0) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:31 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, &(0x7f0000000340)={{0xa, 0x4e22, 0x7, @remote}, {0xa, 0x4e23, 0x2182, @rand_addr="e1e91188c70c8a9967797d1bfbd696b4", 0x8}, 0x6, [0x8, 0x0, 0x401, 0x6, 0x101, 0x6, 0x1, 0x1]}, 0x5c) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000006000000000000cddd64d1411e5ba000000000000000800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a6277000000000000000000000000000000000000000085616466000000000000000000000000000000000000000000000000000000004c4c4b2c1aeaefc0e5af1d76fb28e31eaaa5dcf2f93175a3e696abb10bfb5d536463cd161f020d06a0d0db3871e9f21f705998717d6d92a3631b6cdc64db23000eefe821d88c2ab04af15dcf514e925962ed9e3c41e547456067ef632f757f0341a54fb9c37bcf9b5b6fd1bd3292"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="000023150000000028000000000000004000001c00000000"]], 0x0, 0x0, 0x0}) r4 = getpgid(0xffffffffffffffff) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x20, 0x5, 0x1, 0x40, 0x0, 0x6c, 0x10410, 0xc, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x434b, 0x4, @perf_config_ext={0x1}, 0x902, 0x6, 0xffff8001, 0x0, 0x7, 0x3}, r4, 0x1, r6, 0x0) mount(&(0x7f0000000000)=ANY=[@ANYBLOB='/deV/nullb0\x00'], &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='cgroup\x00', 0x6fb8ade3facf0a39, 0x0) 03:58:31 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000001400000000000000000000000000000000000008"], 0x30}}, 0x0) 03:58:31 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r4) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:31 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f00000000c0)='/selinux\x00') 03:58:31 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:31 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:31 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3333.155007] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3333.165694] binder: 31540:31543 got transaction with invalid offsets size, 13 [ 3333.165725] binder: 31540:31543 transaction failed 29201/-22, size 647-13 line 3338 [ 3333.166148] binder: undelivered TRANSACTION_ERROR: 29201 [ 3333.194235] binder: 31549:31550 got transaction with invalid offsets size, 13 03:58:31 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3333.194262] binder: 31549:31550 transaction failed 29201/-22, size 647-13 line 3338 [ 3333.194485] binder: undelivered TRANSACTION_ERROR: 29201 [ 3333.215763] binder: 31538:31556 got transaction with invalid offset (354615296, min 0 max 186) or object. [ 3333.215791] binder: 31538:31556 transaction failed 29201/-22, size 186-8 line 3379 [ 3333.221958] binder: 31551:31555 got transaction with invalid offsets size, 13 [ 3333.221982] binder: 31551:31555 transaction failed 29201/-22, size 647-13 line 3338 03:58:31 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:32 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3333.222278] binder: undelivered TRANSACTION_ERROR: 29201 [ 3333.248747] binder: 31559:31560 got transaction with invalid offsets size, 13 [ 3333.248774] binder: 31559:31560 transaction failed 29201/-22, size 647-13 line 3338 [ 3333.249070] binder: undelivered TRANSACTION_ERROR: 29201 [ 3333.281277] binder: 31563:31567 got transaction with invalid offsets size, 13 03:58:32 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3333.281306] binder: 31563:31567 transaction failed 29201/-22, size 647-13 line 3338 [ 3333.282003] binder: undelivered TRANSACTION_ERROR: 29201 [ 3333.328463] binder: undelivered TRANSACTION_ERROR: 29201 03:58:32 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, 0x0) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:32 executing program 2: r0 = socket(0x8, 0x3, 0x80) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r0, &(0x7f0000000440)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x810040c0}, 0xc, &(0x7f0000000400)={&(0x7f0000000100)={0x2d8, r1, 0x300, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x44, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_SOCK={0x18, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}, @TIPC_NLA_SOCK_ADDR={0x8}]}, @TIPC_NLA_MEDIA={0x60, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x40}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}]}, @TIPC_NLA_NET={0x48, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x13}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5b}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xffffcced}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffffffffffd}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}]}, @TIPC_NLA_MEDIA={0xc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_BEARER={0x16c, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x9, @loopback, 0x4}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x5, @remote, 0x6}}}}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffbff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x97b4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd5fc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xdbe}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0xffff, @mcast1, 0x1ff}}, {0x14, 0x2, @in={0x2, 0x4e24, @multicast1}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x4, @empty, 0x3f}}, {0x14, 0x2, @in={0x2, 0x4e20, @multicast2}}}}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MEDIA={0x30, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}]}]}, 0x2d8}, 0x1, 0x0, 0x0, 0x20000000}, 0x80) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000920000000000000006227500140000000000"], 0x30}}, 0x0) 03:58:32 executing program 0: r0 = socket$netlink(0x10, 0x3, 0xc) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000000)=ANY=[]}}, 0x4890) 03:58:32 executing program 4: socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000080)=0x4, 0x4) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="300000cd1000010800ff1af647b11f45ffffff0000100000000100010000000000cbb8c332fcf8997256bb75cd2db9e312df935e9a4095c4c066aef86eb6a30da7ddae50845dabf074f1690b07cce839b41ec97fb84b7e3fd032de3dad3c7729c21369fe0b7d94ec5185b4b0fc6427325fae52ddef0c2891dab569c86418e9d61460fec74c724d513d31e9a0efb7cc05b023c4c78c9b42b5ad9fce7a6f4b37a734a05123585c75716ae70b80323cd29e2459c3972ce13ccf8706c61883999422371bb4", @ANYRES32=0x0, @ANYRESHEX=0x0], 0x3}, 0x1, 0x0, 0x0, 0x10}, 0x0) r1 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x20200) ioctl$EVIOCGABS0(r1, 0x80184540, &(0x7f0000000100)=""/97) 03:58:32 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:32 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x220}, 0xc, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="000000001d240bb0d8514c7ee009cf2bfe64d6c01ce1fd52cc8c8b22fa48c573e924048ce9ba6c539de5970f98dda7fdc378b2ba2aa9a7a5c5a017e02ad03fe2df1be349daa5b7de1221f186b633adc810836cb9e4f237b0cc16474d48e4ce90418a76b9638b186f08c8bc08", @ANYRES16=r2, @ANYBLOB="20002abd7000ffdbdf25140000005c00050008000100657468003c000200080004005e000000080003000600000008000100170000000800010020000000080001000900000008000200f8ffffff08000400060e00000c00020008000300030000000800010075647000"], 0x70}, 0x1, 0x0, 0x0, 0x20004000}, 0x40080020) r3 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r4 = syz_open_dev$binderN(0x0, 0x0, 0x0) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$VT_GETMODE(r8, 0x5601, &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x3ad, 0x0, 0x0}) r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80114}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0xf4, r9, 0x520, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'netdevsim0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x401}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1f}, @IPVS_DEST_ATTR_TUN_TYPE={0x8}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x5c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'hwsim0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x1f}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr="270b84b49d76281d741a312d4b2ef47b"}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x40000004}, 0x80) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0xc0}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x5c, r9, 0x8, 0x70bd2a, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x2}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x4}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xd8a}, @IPVS_DEST_ATTR_TUN_TYPE={0x8, 0xd, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4c}, 0x80) 03:58:32 executing program 0: getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) r0 = socket$netlink(0x10, 0x3, 0x0) exit_group(0xf8e) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=r0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}}, 0x0) 03:58:32 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:32 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000001e001400000000006cc2e534dc445f49f9388028343c2ae56e8ffe2c14abea4177df47ad29301f0b6fac9c01ac086bfbfd4487fa87b3fd97d94d3dd7fcdba7a3a407de4067fb0876e2405be42cf1417d5111f19469253baa81e4ded82ecb7227114df343fa24f67f3a42067601893cd6f1411af6d6c76da50d74610cb5fa7c5a7d296eb3a9481cb01f85a4b41a2c0b6f8e2aef6aedee29a790df345fcd614f92110b8d04c9cdec07e2263de2e2f15494b9796369746e1ed7a5f0dfa69a33a6d8a9010ec4c746b847c6d699e35fd011a3fc2c212069638a0ca6ef5e5a8568adfa118796bf4ca42a42c75f67453dde9b673cb05e75e52055dad312451a3920b50faf31522ab8442e"], 0x30}}, 0x0) 03:58:32 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) exit(0x400) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3334.037283] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3334.047682] binder: 31597:31601 got transaction with invalid offsets size, 13 [ 3334.067296] binder: 31597:31601 transaction failed 29201/-22, size 647-13 line 3338 03:58:32 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 03:58:32 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = socket$inet6(0xa, 0x80001, 0x0) r2 = socket$inet6(0xa, 0x80e, 0x800000000002576) ioctl(r2, 0x8912, &(0x7f0000001140)="000000000034e026c9ef05cbcd1a8f8a8f8d77934621665e1cdd6d1591691a7e95229381fc6ed1d0cba27e019af0f8c47488389aeb55b07b19c295c605d6f6aba590f507085e29fd58197be111e510e3223a8e130e00fb265fe4b6a8e8ade875b8bde60976257b462f1e533437e2ac9b9ba82f00d4196025075b934e284aab778d287e39313b4314623efd1aca89344e9e2ff0c445c3284bc2a59ab02318c58c4543b9a4e18d0990102b11bfc3c85e887cf43b49cb8eea04ae0710393485b182033500ad49fab5cb4f12a5882836b34e252da44a1561") setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000d4b000)=ANY=[@ANYBLOB="0a00000000000000ff010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000005000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100"/776], 0x310) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f00000018c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000fbff00010959158b9ac821b0050000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000004000000000020ffef0000000000000000000000000000cf0000000000000000000000007fb593c60000000000000000000000000000000092dfc8107ac7b075a58b501b8082b9a4dc307674d93199e766e3b9e1736003bc418ff8495f254848398cea23373ca80b77a2748307b62f6703160ac41bb3525155eb439b16cfcd86ee763e82564116b6303b8412d8557873ed89b548be7b94d580d2ab543ed1d62ac1b2691118501e8ed0e9d0dcfd4adad9d8d7e97cd25155f9c423edaebc8978c8fee669d5fb4b452ee3c37a68c9c2cc75b112ed174fb2e04456e0501938bf90900bae315376af11ec7260baa755038546c8857ee44088a19f0ec58f5c51a9a60fc71486a333321cf066211d3f556fceea7ff39b9f5b80725e66ed764692720c631fed7529e67c55a283a88f35368c3f5c023d48163a6d0900996227882fec5a77256fdb07ce69105c8904aff0a359e0eba663e5a5359e2a6c4cda44e30ba5a05e2dcba9d9720fb4348c1760471ec3339810432284372e855953fd52de2f09b18ce328921b62b92077d39025bac6086c73afa1ac31a4ad9cbac6a9672b95acdcc3f45e1201d05906176a83a0103e5a64d13fd5ff3877e28b6d9da915cb6718a4d813f6ffbc210d0db3bc27442e9e7ea3219a57915aaaa2671436905afa17448a388d6ae1324626aa794c137d1a91fbb49a5f577d01ae975dc63ad002587b6565194391e347c2a4a3c140b0a93c426dd3315db57c9bfb8e776047e095cb63684b69e2ef3f9e4fc30c5bc219a2fcd5ce918d1c349892bc66adf842d81179e8601325c136f00d00bd6a9762f6de89ee544a894c0814fba168545dcd86e31d6acddb63650489bfad31004dbb880c65f88b6890a49bcd12dea18b06b99429f80977af6d7410a0fc7b4e51ea1640302ef587ed94925aef4134eca31d1be02569807ddece6cd3633042b8f06fd0994e7a2f2e0e7c59db863a35e06429b4f8b982a08939a0d8ebf2b790125ff845a6e9d143e48d6b80a958125bdfef81c66512ceeeabcaab3b7e86564a08ae1a34909d027cf71a90d92324b572f3f1cc0b864217d3fcf7ab633701e5c90dae4c6fcbe7bb963b5ffd015cdb4b1752866f4de4ccbc23ee162e507b0f777f69a8a510e272e5387eabeefb1116db37f679982675ee5ece99a4163c75872eefb451e455734672db847872dae04a"], 0x1) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000001340)={{{@in=@multicast1, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}}}, &(0x7f0000000140)=0x1b7) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x2000000, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) mount(&(0x7f0000000280)=ANY=[@ANYRES64=r1, @ANYRESDEC=r3, @ANYRESOCT=r1], 0x0, 0x0, 0x80000, 0x0) ioprio_set$uid(0xb49868126276152d, r3, 0x800) [ 3334.075286] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3334.084220] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3334.124436] binder: undelivered TRANSACTION_ERROR: 29201 03:58:33 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:33 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:33 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x158e28ad887e21f3}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self\x00', 0x10000, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x802, 0x0) ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x15) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/policy\x00', 0x0, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r3 = socket$nl_route(0x10, 0x3, 0x0) epoll_create(0x4) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYRESOCT, @ANYRES16=r3, @ANYPTR=&(0x7f0000000180)=ANY=[]], 0x3}}, 0x8000) 03:58:33 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYRESDEC=0x0, @ANYRES16, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) socket$netlink(0x10, 0x3, 0x1a) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$eventfd(r2, &(0x7f0000000080), 0x8) 03:58:33 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0xb06aa94e8e9c5639) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="812a74700000000000000000000000e47c0000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000856164660000000000000000000000000000000000000000000011000000000038e00fc5da1f01c4f51be12352cf8cb3ce90e691647a2a3c6d088e5f187ded7e2d0d9f80c1bc2fc4408539a99fe6b0333e0472f18f81345f28e99de22f787ba9539d76f660bc5c31b346cb7d4e0e1b312ec2344e1649ae813f359338e0554aca7e6db9022034e7c729da348176d0aa603900c5196fbea2fc134459474addceb3e0f24fb2bdf63f74b23cd3bf20447275a7c8b2ec732d3e7fcfde26028bd87ab8c8fcd44556f8ddd26eec33e3214711235a32a19d3f23ca062c7d6d9cefbd05d313dfbea7f6b02b85c98b9fc6a31ff4d77b6372e4d594ce6597882ad5457ed36fd00dbac457caa0062737dcf95c0657ceef24"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="00000000bcf70e61661deac500001a00"]], 0x0, 0x0, 0x0}) [ 3334.838529] binder: 31630:31634 got transaction with invalid offsets size, 13 [ 3334.861051] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=31636 comm=syz-executor.2 03:58:33 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000006b1f3c8f5b32101fff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000005c00"], 0x30}}, 0x0) 03:58:33 executing program 1: openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000380)='/selinux/avc/cache_stats\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000340)='/selinux/checkreqprot\x00', 0x101580, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2040, 0x80) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000300)={r2, &(0x7f0000000040)="2fbf6d4e5633f9074d3a23df3afb0b3e48f3d2259884be6e356645956ae97b28299fe5713720a308ccd70edf3be0d207d0", &(0x7f0000000240)=""/168}, 0x20) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3334.863449] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=31636 comm=syz-executor.2 03:58:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$IOC_PR_RELEASE(r2, 0x401070ca, &(0x7f0000000080)={0x7f800000000, 0x21, 0x1}) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:33 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) socketpair(0x1, 0x81005, 0x40, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f00000006c0)={&(0x7f0000000240)=@sco, 0x80, &(0x7f0000000540)=[{&(0x7f00000002c0)=""/167, 0xa7}, {&(0x7f0000000000)=""/27, 0x1b}, {&(0x7f0000000380)=""/195, 0xc3}, {&(0x7f00000000c0)=""/64, 0x40}, {&(0x7f0000000480)=""/157, 0x9d}], 0x5, &(0x7f00000005c0)=""/236, 0xec}, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0xffffffffffffffd7, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001000010800ffff010000000000000000de809e002f47d2490553b13be8ccc513dc355ccbb3a9341c7a05ed192549e301368fe3d9a587e8cc21c5f490db93c38b478895a55566912d8d821589092d785575a3ab08beca28212c3e57b36574b83996575f1602d18889bc9e9dfc841c0f68a71c92c0c957305d5e2df4ab72a956e1aece7a63f04e6c452832f70494614bf26fd6720db15803a57ed310728fd0afe4c9147ef0f2562c2aa005eb23d6b72807767936a541edd15437d583f0b3f8efe70ef5dd872ef50ac35531bd5413e0b5f073858cf7be25a1eefdc270846bfbfb61d0e2a612dd6acf000000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000840)) recvfrom$unix(0xffffffffffffffff, &(0x7f0000000700)=""/177, 0xb1, 0x20, &(0x7f00000007c0)=@abs={0x2, 0x0, 0x4e24}, 0x6e) [ 3334.919989] binder: 31647:31649 got transaction with invalid offset (6993799658178871296, min 0 max 96) or object. 03:58:33 executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = dup(0xffffffffffffffff) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80114}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0xf4, r1, 0x520, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'netdevsim0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x401}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1f}, @IPVS_DEST_ATTR_TUN_TYPE={0x8}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x5c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'hwsim0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x1f}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr="270b84b49d76281d741a312d4b2ef47b"}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x40000004}, 0x80) sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x94, r1, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DAEMON={0x64, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x20}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x800}, 0x2400400c) 03:58:33 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800ffffffff00d07cbf023489bd7fffcfa177393905b8bf757ac867a73dcb805aa5286a148c99f05c3886ed22d9651269321f783e6f590ed2d3178b90519a1927", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x20580, 0xd9) ioctl$GIO_FONT(r1, 0x4b60, &(0x7f0000000100)=""/247) [ 3334.920018] binder: 31647:31649 transaction failed 29201/-22, size 96-24 line 3379 [ 3334.920191] binder: undelivered TRANSACTION_ERROR: 29201 [ 3334.959029] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8043 sclass=netlink_route_socket pig=31658 comm=syz-executor.2 [ 3334.994850] binder: 31661:31664 got transaction with out-of-order buffer fixup [ 3334.994888] binder: 31661:31664 transaction failed 29201/-22, size 96-24 line 3467 [ 3334.995290] binder: undelivered TRANSACTION_ERROR: 29201 [ 3335.026269] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3335.038506] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3335.111359] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3335.113143] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. 03:58:33 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3335.171223] binder: 31630:31634 transaction failed 29201/-22, size 647-13 line 3338 [ 3335.180746] binder: undelivered TRANSACTION_ERROR: 29201 [ 3335.227533] binder: 31686:31687 transaction failed 29189/-22, size 647-13 line 3138 [ 3335.247441] binder: undelivered TRANSACTION_ERROR: 29189 03:58:34 executing program 2: io_setup(0xc0b, &(0x7f0000000080)=0x0) clock_gettime(0x0, &(0x7f0000000180)) io_getevents(r0, 0x1000002, 0x2, &(0x7f0000000000)=[{}, {}], &(0x7f0000000140)={0x0, 0x1c9c380}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYPTR=&(0x7f0000000200)=ANY=[], @ANYRES32=0x0, @ANYBLOB="00005ac51b50e5000000007ca75fba2f8aab3000000800140000000000feb1e049e345d2d910482201a8f544bf5cd60a3414984135434bc56d52e2e0c9a17b6b20ccbb66eef55960ca69551d5b5979fe21c4aa529aa146e548df6fbf24"], 0x3}}, 0x0) 03:58:34 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:34 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:34 executing program 0: socket$netlink(0x10, 0x3, 0x14) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x32cd, 0x1, @local, 0x20}, 0x1c) 03:58:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x98576196331170ab, 0x10) ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000140)=0xfffffffffffffff7) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PPPIOCGIDLE(r3, 0x8010743f, &(0x7f0000000180)) syz_mount_image$vfat(&(0x7f00000024c0)='vfat\x00', &(0x7f00000000c0)='./file1\x00', 0x100000002, 0x5, &(0x7f0000001280)=[{&(0x7f0000002500)="26b1ff5886960ad3a5ef2090e8c94c74eb06f2200ce778aa6102ef99a8cf49131f576c47549203d811b73f42f43faa14a993dd1e81f2e29bee294d3927d7e647e822a1f42ac20433850559daa780010f20454d80b2e12e28cf99d9c2a30f68bfb09d2b242e8e7016dcee73c03f228d182607564985138c0a983df5b95a3d68113831ed20415c2b44aa4b764a8fc03d4dd847110ddd6e5744eecb02de788120af", 0xfffffffffffffd82}, {&(0x7f00000001c0)="ee803fbff53f62a6d657190bd4fdf6516db84ba219a65f0bbf569f63b2d7ab7e42be3377ee5e56978fa52e4885619ee29e191716bb8c47a1b2852cbba0b9eccd5b274d8e15326772d5578fdc4618805d67ddd1e48e868ae896820fb4d0ed85f0961750f8b21bcb63393b09569e57b7e01c82485ea40334e3ab4de035fca978cadb18f6ee840678d380b1b63be77ae9b7cef167dc25af5db8ad831a3e01c33d131e1d873214ee33c1ee5b01a9299a82893914c27490220eb9440e3b0bb1d8dfb654fd022f3743761888829eea33c1274d70d3d9b7d63e5cdeb21874aa26bf36d544204ea63b37400c921d90ef21b00956e04c9daa8a9a2edfd3ae0aca98e61ee775ed2ee8bf1a3a31b2b9cf40164a9265a82a63a705e410e777ef4caed413fa527bb80afe77854c5fdb61ced89cb8906bf4bd879b1e2b2ad6f234ce995d12fb8e3fd7a0053994f1590be5a5a5fa0f12fba02f3ed81f66cd8199db9196b47af29849fa3fa7740b5db22c8d6af3921a0d319658c3283270f75093b41a01b5fea3f5ea27147d79804c416b3a9b4cb5ed7fbb8c2f67425dd6c5bc9a0333ff09cf92ecaedbdf8b3356e65b2800f1e2930fe780b77e18b19cbd5ed3e8a05b592fc0a4562f2835525c596e82a44b015b1799518a1757ed9cd7078d8938dfefe63ec6c4ff5e28121bab15e9708745f6932c19a1d1c36d6d88ce131e88f5b4bf841ae3b43ddce6a578510a9b3e0018fb8b7c7a1547b60ec6f18bcf83fae24fe5f36ea4baa842969d24e62772280e7e469533e8a005eab9aec358b4ee5e980d4fee1af9e4d4153f33d12adf6977af3a45db76cb6a3f7d0ad97e7dbab5a1343ea8c38ece15017cdfee3417810ca4d9b2e76694aacb5f50949d584ed3161d09cbf11cca3e994fefcad0b186890886f6c1fda06253e0420e023ed00ac021ffc698f53b05a2bbdae2dabd7c74c5489b1329e07918892dfac980bf6d11bd3e7dde37b5c2d018007d980776cbcd6721970ef1f7fab0e7a0c1d87787d956913d1acf8581fe0590642da20e4571a34fdb0d3aee1bd760277e92f0c60437cb08ce96f3a284f756692cc0ef4a9f817601d50de4f75ee81e9c6dee519f5a369a60c4e04d3b23ad635c306a44b93efe3401e70b7d813a18b596f12a7c1b4d74624305254183296d5569bde425395feafb99c1807b28fc709e2350c421b3e9bd6b58bf3c25ba04dec295b3df2dabf39899b8ec675a047ebf0d2133bd2bdf86f318286983942561bb798ffd46185b9214de9a32f27ed7a38dd45aa98d0c7765eeddb160fabac45a5ab25de11f19ae077765fc1a2ce46c3ef04b189e5b0921b3dce24146e276a5c094f30a2276f4082733786f706a0b482a47dddd4997d65c2fa93cc4b8b44c28f2acf854dc8be8edf5005aa3d2a9546bd137ec844bf05c0950a347680b75116eee24a6f3132d6ed051388db164f697e58517073deae33e08fb3c3fd4d5bdad40508ea8c3f29d1787f2b69009e2682c4e963b47b5e648c131561505c28b20eb6c6878de7a9650538e37f98a4bb38d6b37165586f73b815293c12efe1a21b7353aac165453602dabc72b3bc80797bf5421468158d7dc6aeef49c7f671cb3ceb73ff7ed63c8ca7654c9046d1a8b507802dabb94a41a94e7ffc61febc9ccf8caffcec5bd87b82fbfcc3f488fce4628103400a0d1261d9d5f2af22d85321a9d4f6b8d30ccbe60191a3bf755cb5eefe51f955e0b543fbf69730a926175078f8c7936fc65f586762d3961a60eb632444aae7649c85500d896eb8d27bdffc17ca299414aa6d7d9a75f2ecb1a85c56890041f9ff1e806add3eeddad2d3d62f6cc2f422d4ca7552f07ba82ebb4d3c8a3606ce3afa43a01764884cb149f614847cd23b2edad4d9ccbabe2885607a3f965e0d0c50e0643c9a05c0d871658c5020258e2a72fef2f6cbeb3b72accf114382fd32706ae9322cbb3c242b2cc05fdc59b8ce8e4fa78cea9dd884221232cf2d1804f28304ff157ad8455f34691a13d66b020b091fb2b4710fe61feb9215fb11a858b4c74f3fb3e64e1d77d5072b6fdb4e88d824dcb39de6266dafdcb0a1e8ac63d1e81f753ea4d3eedf21d45fac2eb6ef3c8737945f61984e33c0581ce9da63f103a810b51d989394f2f033ab1c695ec67923f0572d1a47bb3e2f8af9a959e23fbdca987057f3af1f07803684f7ef66706af737ac45f86dc10cf4ae3e6d561b6d167373a8b58948533799f91df1a5e108d5c14b90ca251325553d46db80aa0bbeb1976781dbee43920179c3f91a7aaeb627156e134fc2aeabcb4897b57679153b4664e798db50736aaa897f632c82d540c0591d546fe22cb8ea55f5939bebc8dcf7ef5143391b3165fc4d003537942f8940b6f139db86936271aa646d4c99bc7b264ae1cc91181ce073ae3504ce28eaf35a64281ae9f1292b7420428179df1c6bc7f4cd76f11bb36394344ecbfa79df2e3f0ed39364bd8b106b768710efe2f05f944407554008bbe9e77240548ed89700b090580d9169710f27eefd07afa5563338fa2740512a2ca99514123a2c71ad13d982c1415364cf9510a933f60a44a5557eccf09d8cfb3c59b79435475474b68465ee16d36f04d1afb61b30037edd09054d70a8a02d5f7520beb3e6194760962388eb3b8c3c496bee080456859166c137b6690f5d31c03d8beab9137a895ca871fe3a97bc5350a373e652b82ab0690d1b479e8417a80009814137174f99b07045af230e2c2802e7fc1414c270af673a7d964d17e19e1810a9234a1bc9e99cc9d1f940bdd0bf87e3f82bf64af42611abd835cadf115d16ac555f9f4d02e15638c53a464474f3dba99bf7c646818b2781e410b213d2a8ef85c06f9fdfa134c65df26aad53ca19c108a1f9d314565f9080efb587df87c177b78e870cf618778ae3ef0b6dd6dade47509a5961c4c412d8e57f0bf907fff62743aeb6f4f8d014b123d1dca651400f2549601a1fb11f21c875ba2c7693247bf2a9d4aff9b64c6ccda382394dc7d5ca651ab34039bd8f7339a053fe116b838feb68636e4e894e6507e73c3efe1555459f813a8088e780c0a4b9bef561d34d45aba3eb1ddf60b9d09161e2dc832f4e3cbb355ebe8802a7e9a56f31ed16b4ea1a6b94f965e81ddcfb5e1d5182f45057b44cb3ebe1caff8232fed80046e0e9992132f28e819b597776fb527c31531f3f0379cf96bb4532e8feaa2320b49b997d903541a5d907fb8e25baa0c2ab11ebef594c42076ad3fd2c3ae131743d4c69f4d226a18c403ee7e27f3a93db53ed92b978faa32baec98e7ff783f6bbd3d8d4c7f691baf4de982dcf3de1f7148ddf8c7cbd7137af253e05d8c30510b815e3fba148cb0f30e25a643fe7c8c9264a7484249ded01c1c39cf165e1c2f0dc8c608e28fff71eafd76273da01104d79e6bf52bee84f70890ca23493831a5d65f92f8ba25081e948deb5d04bf587291f9d0c453252174b59f64dd2df96e996bf5385335cadb1ebe41294a15a187fd8e82d1892f1337659acfdbc6daf43cc95d3ca92518227e1d89e95054588deeb70c64adead4ce9d4a6d8d149b609d08416aa0ab56ac74f0cfb00cdd284dc996eefd253b2b7b180782155ca9b88aaf55038371fb2f389f769e57541869de6c8f4c33ac4fb2d297cc62ecd729b230e042b12c9a622feefc0255002cafbdc6fc620593102185dd8a3a02da2bb2529b8e6bfd617c691a2356c4331a73f04ef3a9f21078b6579be0562516d0913f6b0c3c078a88ebe29fc45ac457b88ceb9a578e0d5a20c3a634b6c60408168019c2686a2e69f5972eebf58e62bee277df5824954a6ec3a0c5a6f9ad799e203589fc4f2047b3145963020b134fbebeb53bc9a4fad3a6bdffd1b5afdc1b8652c2dc0241493b8c3c70988ac22dc9bd9c7eb86fad2a73af8c4d1dfe79721b92c59278c86062d989a66381e2be2e89dcfb4a831f386ab4266f32d3a039772745bb988d07a6e820890cce918acd22d1571874dd878740902b1cb3b601aa7d6bb45d7404118d0d591051a1bbe845e5c6f44a068cc12aa096697442cb561f2699fcc1b480de4cb19e9411dcc9b95fe0df54606baa6a34f7387827129b2810b71be4aac7b2c212a2bd0a534c7cf7e803c13ddbd47fbe92ffe54440c6c40d375305f712a525d299d0cd78185e50f2b31fe1b3550003f5b5478a9fb1d28ff6b6cca2dcb136583de555e656f022e07fbb855e6dad46dcccfbccadda18bba1a64be9e46cdaf8855128c02ae06e8307b344af4d0583c9e91aa3524e122ba766c4784624d24e66a201a8ded04a0e1f46d7238190af20b1ef7c88b8d56b837627d507e0a23e7b6028b118a6031f1ba786086a1496e587e5e2a3a82ee5af0bde58c09d05876c26f43ab77cc309ee67c5d8cf24299af59eadc85d9e7bc56574fe8b8fb7e32f34815ea2ed5e32e1000a1f9878ca0ff649089eddcda8e3a09cba4c0745d26763f4b0092335198afabce92242d4c886567339c231912ea2eff1b6a3ff4e8eb565ae140586af9ed4b012dea2f5b30a39a90523c262eccffcd660893ae42e7ded22bcde07529e842144eb1c1bedb34c7affbd50a1844be7d7655f0c48bdc1d6e09b2fffedb1e809035635c5fb5b660110419df9c692dcdf361b4aa414b7be7a49b764869d8b5285d1bb43a959935b53db05074a2dbec696f34d94ead4c63f859d20b1e5a9ae3f9dcf6ce9c4e77932e9579e61f4b629cdabeb4dc11eed5c36e4859be8a864e724ece3bb211fa4681aed67c323ebde64e8e2f073963c84c452413fbb6087167529c078056bc8f6e14abd40bf2b7f057edb5713595133dec0d2eff155b1e296a583b5c96dad6a4bd7d567a3be7c698d91aa75aab51670a024ed52333bb3e73ed3be9e87b24093728c443355a9afb4a1c6b04f343e2555aaf814daa4366abaa4a0af9e6e90e73c53f4430e5c41822789728796bd996bfeb843fd6b685eaa84036396eea4e1b8ac893fa6c4971e77037eab44e7ef4796fb8a0892ba060753421e992cacadaf33a9f5076add5cfd0d648993409a0f716d1539504927f5b8b63da26aa31c7d4a3eb6cb5381c4e30bcef8c175a90b4aa985a5668dc51ccdc379597908528dd5ccbc4426a1a1e5328b1fb1917f8b763af6e6c98668e161113911898ddf0cc6b33a82b5825ce7d4d2efdc117793fde295e389e2f0cce82a607f3a8ba7b696825b3274f8b9e62ae786d7dc96c5394eb29b78798bc30b74daef10e470a3450d6e7e991cdc496f4816ed28d961b09b723a63ed273f1f014327638a2b0e568f25e331344945ed22c224d0ed3f08977249933e0a4b334498c6aa7251f18c4abe8b119079838e408d0b84c1db976cb6949139dd96985cabd7ce5b2945337c892e4a1998012639f03d13cc630c2b15a50b6828820e386e8d2385570018dc15b7281761dffa8e8903ec9dc427b20957c1ee517b81dd5687738c296260120abba9a97ead627f6e8001cc8ed65d6abc40ec55e788a92070d0fbe51ceb9d9611bc3de4045c327da0405ce1bbbc6718833f485476ff144724567bc2e185f584d485bfb630cc4f7fa8705c22b53fc9c273f1b5756182cf1c516254f0cbb0826e7f417ee925326dbc981df3ddf8dc9d12fbc2d48c28fee115d5a1a09bb188d24db0f0d6d95ceb3fcfb61e2069bf84e68e09308d31e7383c82682705c012b47982cfd5ae1b281200ec75960a1a006a69eebb7f1ef53435c6a7ea23b32ddf3fc075c2d640743319eb1e2a0ae8f00b2404d9fad5423a7d7f58bd56d1320518b702cdc6cfb655a9d7", 0xfffffcf6, 0x1}, {&(0x7f00000011c0)="e299834066873ebed4fb4bf947cd01580523d1370cbb58dcf65c3a89e0c61950c181d7158967ee916df5f97af989938695dd", 0x32, 0x3}, {&(0x7f0000001340)="37dcc965d865c278e8abfb9b4f7d7e13cea093da90a608b1751d5626a9ec70f44952fdf0aafd86c590c37c95fb69c27a76d5250efe213e8303431bedf90702374e8b607804f6d6fe3ca12011c0095f602854861e86d53f0a15af9c89a2e152db3863ca58fe886f8477ae5f2783d3bcf2cec8b2a6ea08941f032119b1e723b4436ab17b210e30a7988c5618950efccdc38a797738a17ff4ef7a4d5f5fc42c64b2cfe3833393fb44cc6899d67371b2af9606135d490c2b176eae30e85064671eafb4a10344f4f52ae8a541d55e42ffe8e8e1049d9023287ca4348a108b24134f4f4e7fd939d4d8851ae0bb3eeda04d91ba8df59634b795757a06b4539fb7b1072a6f1b326b369d60eaa209c653e7424184a36f4b57895dbdc391c5c0b2c467df5d0e5d2996c72e6a30637e751814fb67f1d1a0d9707cd460e6d79b7f263f7a1624fae55626da8cf79beec0830842e190ac57bf5c5c5d20e173954d5e5df5c46692ddc894e2004291a62399eee5dd19e167225dba461ae00d65084c341edeb3a00b7177390ec89f485de17713cf2649a58360bc13d012d9e12a070b98977e342e3b7f23976b169a5b9202761034ebec2a45c8a48524cf4584161a1889ad4cce9dee66bc317db3cbb0fefdb86075824ca05a311cc8080506a9a46a751784796a12e9d4569ba8aa2492e593ef092e80584916f638a38c67b318468fa3917e62d3667dd8b7007e24c2b97a54018996da353060e8c6ed64714f5463b769d97da89119faeeeefbad28bb405646d12b48f1833cdba808a4f6981f338e019b8a3071f1f2c42c5a80a08acd95e1bded24e614d0e70b1d74dedfba6122d54c9b9c5c214576c789212534c12099ca1e90e9aedb74d8353271a2258909f307c47abf98d14e0d2aba1f4d6443a0a59e2884e12f88a12d17e09685373007234ba0fd640cd62980f40fc13418c6e8d81dcb281d58a1de94578f05411e4055a571419effb3163ec763a992fd84ac3fc9fbc5793f0c8109c06cb718631b8647eab32017694899368f0b0bac3dd638ac9f35fb830a2680472d9c624c8f3d289f130c33f34ece5ae40b18fa7a6c3788ac8080df66160231116a6d9135010caa3c3168aa3d51eefef8e4e401eb0be15a9b38faa58dc71b7d9079faff8c7e1ed5a56074e0565c505b40d28a5b824178cf1e3913493f882b7e03ab80bac28f3836ff489c95118ddc981cfa572750e0157d1b4bc4df13ee839f62ca1937d479ae927ee32a8fdf43ae15bbd1e7925c086953f43957853992d4933840dfcb9490c938a4877d39a7aa21a99fc528fc36bd60c327a2110c2306a7ed67d5d8b36b1d9238a75c6d6b2986121d0770722023e84260d2fbc90b2f83ddccf7a5e9c063d91764baa4d147f9981ec0211431e3f0272bbbcfa4cc2b33e690913fbaefc71f7d50b01ad6a741931b885aaf82acc0fab7a5d78331158343283abb852ad3bd7f9f3b7c0cc29a98691463d1ceffd12ac2b3b4d75a3a2e210bb2d43b9e521601c9f310e8033fa26fbc1141858f794d519a342942678af464ea85dda9a456c9c3fe0fa92ce764c9b7dabdeaffe4808437ba41b3fbef799c9d1fa76711c97ce31e14b55264d27e032db8919714b85db8083281a26ad3d52afcba28343151977aef3752a08986823af2106a03c586fd6c3a4c341b97cd85456a5e8ebff291abe39cda1677c1e6fdefada88027ec642e5ffad9a0dfb2d1717bfe54d76287f53da3e4c349714b54d9bf43cbc7542cda225f090ec71db80958cc56292820bfee38f5c869275732de1b45ca8f3fbdba1133c9b0fc3743398837a2cf5eebbc66ef0711b20218f8fa7df473b482f73e7882e8d466ba034c7a46088813d876956c913bb7ea8dde39fbc20e5a468b534c0bcba95ec33ea02cbc87393b2679e29288b22cdc99e0d75cc85674bde8b3b9dfc1b4bd50442f359855ad684430cdddeefb6a5212ba38c7ebf02d5824daef0ea65ff6ae7ece29f60fed9ccc2390f5d40f288db35c4487515647ca47b581590a837504dcf2fd31b021bec29acb7a7a3ce8067107b72fc9846a1bdf6a1b56f73a26dcede9d2347df093920daadc039b2b1f89b77e66337387335d96fc015b4103ed1e59ddd0ffec2d9c6584ac5ff9d59f5b8d6cb9edf39ad800c140869274014ad2bf8516352b85c9eb7fd5f02768d0372d2490eae735ce8e70eb95f6a2cb567108c4d76227349a4478caf64600a33760c3351d6ca8373fd268061e185081acf736b780c21fa811b99a09a08f398d2c1be48bc6ba717e408f5046932e7bce41013c420a5fecd75185afe0fa6bf70110ed7464ec887ad0e36bb2a5184800ad4431aebdfb3b7cd46ded9f462a5b792f8cc34a44b20daf47c13ade132d3f3bdfa236599ea2db04f779b094bed1bfaca00636b328cbce9ff00cdbdd09238b51a538653ccd87f63e71707d805a957c073bfe5e4cef59d007e7e9cf54661110d895953340d7e66f8698b415f10632c0f8bc8376343eb5d3cc07518db623e7bf9e7064d965e28ad9f43928b56fcd4685f1f003c13c636a69b31042fd8bd17cc59dcfe8f7249253efe4c0d6ad41425d11f4f7a3b8f8fe017a46ea7e0c8fcda4b689cb6a8c8c9d577d76b7ff5c8b715feb6e7aaaccb625ef768b89d069eb7924e559c9cdead5f6be906b6eb684c8d97e35fedab9fe682c491b11efef49802cd56d1f7af84e65f74cc0ef34d430e5f8ada05cd924d99d3ff9b3250ab3a7e8615485a10482d8cf15ee11d0eee8eef6654d6866b4c234be0ccb7e75e5ced579ea328fa75f59e6f868e51c12ce26a4308a7167bc1f832761a61f99b077395c6dadb3b956f64aa4be429dd79e31ddf9bdf13234a0cd69a45bce8a43b40ee90b5dbc4ee84252c707eb391aa8d1feb7734c79beb33a19ad4cdfd7e94109bdbe93d04e3762dce82b299d294c3d9d3000d690987c59c839fb0881db10b9225748090bd73e5e6c36fa91d652dbd17a33181a71147904af5f6ac61af9574571108fff1ecbf8f26070c57c8c3c3b25a11052bbe8c1694b4d2900fb0e66e0a6c53afd266f5ed02101544cc2c23f8e7050ac3368147773d51157dabc848363f5f82f073c370410fe2208d05b901e02195b37c34eb088f08e13ce20676495d0608f117d38358a94c837a8b6fe77c96bb856c66b7db573562990b74cce4ae4f160edf63ad84a49d27215005032e55ce19c6e1e64d8a298092ce8e3ba94e971504c1f606bbb0deb316d144303c343fda98f3a2dbe7dc92e7bfa8948887b2fb707ba99ddd9947c6f040f59727fe91a67cd28b3793b3eed65cb3f9dda477719f7fa53248700553ca1a854ef5e6c3bdf674a9751d76d3a0f3d98371af0ac2fd08c26a7d8cbc0ce3e59d318751439d0a9a4d34c7f99c5fecd6451e9e3633102dff7a5ee35e40ede8d6586071b3621248d6155c4669ce73e68cd70c418a50c45c0c3bad45bcfb8c236b82dfda07be4675adc00daacf88c92ae97ef7f79ccd5878080948da22ba0afc7d56d4a57e1b8f65e22253ccf45964612b3c093a3f0a61f2bc0e57da74510ebaa8ae176a38906b2c597a5e095c1271fd1f8ea2e4b39daee71de0f07a722c64d39f71eaa316bbc8aa9d783213a074e62215a549722d678c2cf0e7c1f7408033768fbbe225ae32f81e315d31a89bf820a1feed7c02fdc99e0903a017ea0ecd5a9eba01f2136e77f06bab6ce98840280be466ed649215802c7096aabffa53be3caf65e26db8ae2f79769eb34f7a6903f0d47fc0c0d31226119a792e6dc0a3d2c964d05c62dd20e8cce2c2b35421f35bb9e770abe4f40163ea2ff9e1b781cafa5f216a72bddfb1336e3979c94340773e92ad6afbddd5c0a42fe61b12172ea3bf7aa5ea68950ef3e4861c3bca5369ef5e788703120bb7358dcc75c3ec8eb76cc6c05a4e2d4c1e7efb3685eb930362adaae24621d5ff2ce7e458a35298d9d0f9cfd5e23e2f60c371c956a0d74f76b3e6a7077d62a86317952d3201f7a381232b84083ecb6238b3fd9d5ef8b3bc7d2e5e086b9abbf254fdaa7b17965d575c111c398cd53f160ecc1800e7f3c71d66f9c04c57842f4cd0804f07b68770a03eef8efbe8eaa77dceb8c251c45c4b3fae52d64b9acf97258b024125d274e70a5cdd57f24bc7c4c0c6580b00c7b8074bb9a56457c1afc184464081986a6c6267f5aca208af740205eadadac521e094a356c4f8ae9b530afdf46cda743066fbd446d00c8422883aac732f195daeba334fea00bb03ac50eaf906cb32041275968aada1badd374eef7383cf2947d6a28b1032f875d0bd5d215a7ed66f434742b198e8c05e29de4dd901a006eb2e59f66360339959c2facf5136170d80ca315eba2029996df1a374c4474de123148314245b60758c8fe5337ac49c67ce5f800af70b96e18f5cb31438d35c8d8e15977110bb60b8238e269c53d20ac269b6e805d4c797d916352ff70609fff74c07a253ffa2b3ef54751dfe8ff0fffc105e7eb5440d26fee309c22a8b895b3935393403c228b2e8c588943aa540d3c421a909cb581f25b872cef68bb1b3a7a4b871f405c94be045c4bded16616698006af745b89b54adba83255e013578a6928c43facf1a3b4eafd3fd5892490b8f95552ae817e8a1108de384788cbd5dd637a40ef6d538eabca10d64c4a7fac46785231377c08442a20de2d4f217cfef2a2019dd8cb10c04d9500ef0d74939a6d770ab1b1465188a9ed758d468d527e6351ae206d67d290d9a08f7d678a686dffe836eff8a5700b302cd3c4cea3360c6d31b6304e57bae0a6e349c61a2e4ea37f03471e6b8fa09ea9c5a78096064bbc4958c9bb067cf455b7b8e801da2829f691195147e09a9f780d5ef636ca3e960c8b4ed897f472271b13b84f74e947e1cd07705a45cdf916b2e49cf22525dd350b40cebc5199cd0e8cf18f604ca5315d89233e6bc7ef974b6083b7f41ad989494301f6a522f5390f849a773f61df4f526c07ae7c85ec8e1d9670896922fc52d631f638a961ce2ff63925684d5b5243a10f39e57c00e6b593d3e875ea9bce8c6ade5af325a45041c73eb079aac8e280d15c45c04a45a34788542e4e5e4217901e5bcd5f0de59c557b5028b49eb053553de3eb1671f048c6cf7c6bf44e62f25581a0a9f27db3592157733bb88adf9aa1b8ddf9d426eaa47a70486cacc6e6abf7bf69a3eeb62cbed2c6a3d83e62d62c8c19ad2c22646cd1f11ef6ef4e970239276c9ed5a44a9a7923e0567f6627f58902eae0d30734d197a3e3e18a2bae1ba62dd41696e051b3bcde05ccbd66d4d48eea1b56b7666a2ad1f71a880a82f2b24b1591fd8897ffe6ed2f92779e78fe46fac2885842c3fb8c0e4a7ae2f388a7dc838707e81f9b0210c628b1a8c5fde2f366a6a6e46d39523afe83b0e995ac943dc30e5fdb8a856c9c41434a52d844c1c96c34a3d45e61a39900d9f6111959acffa8f5d75cc66e8589f195eb3d3e2c8d34cc3c21d65422b2bc671bdf8d5807ede5381e2b1a466557615d9b547b477bca9aad7102c819fc23b430616581931ae5da0117a0aa7ffb72feb6b43bbedd6c9bd35b3e922de1ae9f6873105b6f914dcca8647f0a7cfedb42d2d4a382f7977ecbff8da2956c870c93433fe92f1183532bf698bf0e58118938822851838ac4d3f1c94af5d0541addffbd435d7dae9265e76bdbdaa665af812270a7c64cd240f384cddb750c2316dadfdf818ca7a0d695afc98490ce13a71a5aefff36668d9b43fd912465550f5879e1cf0adddb9545b72207d19cb2e7b2298aeb080c10a278f5f8", 0x1000, 0x1000}, {&(0x7f0000002680)="348da3cd09cc5f9a52b577a5cb048499d2105d908859bb8b4efb62de0b42f403170f2c5bc7a84f8a86a26d180ffe8380eb5e5504f5a6624028d92e64ffc3663d16f16f3df132179826174f5dbb3ea173f5f7a016fb3ee2c75ad2736174580361e32606fe8a39cb6f70a21bdbecf293e217f0b8495ea3bef87cecefaa2d9eae0fa998fc1a8cb1f1ecf36a4e1d545ce223941a246ba8444fff1e201a19dd398bc705424608135a5cda0dba69c79193e34cf2511830353f1356e3817a0d52ba99c9b8f159a99bb5312d86da51613981049c47ebb189e3254e88b5b9ea6c60a8", 0x5b, 0x2}], 0x80000, &(0x7f0000002780)={[{@utf8='utf8=1'}, {@shortname_mixed='shortname=mixed'}, {@uni_xlateno='uni_xlate=0'}, {@shortname_mixed='shortname=mixed'}, {@shortname_winnt='shortname=winnt'}, {@nonumtail='nnonumtail=1'}], [{@permit_directio='permit_directio'}, {@subj_role={'subj_role', 0x3d, 'smackfsroot'}}, {@dont_hash='dont_hash'}, {@smackfshat={'smackfshat', 0x3d, 'nnonumtail=1'}}]}) prctl$PR_GET_TSC(0x19, &(0x7f0000000080)) 03:58:34 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r5) getsockopt$IPT_SO_GET_INFO(r5, 0x0, 0x40, &(0x7f0000000240)={'security\x00'}, &(0x7f0000000040)=0x54) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) prctl$PR_CAPBSET_DROP(0x18, 0x1b) pwrite64(r4, &(0x7f0000000000)="e880ae5b87", 0x5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0xffffffffffffffff}, @flat=@weak_binder, @fda={0x66646185, 0x0, 0x0, 0x3}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:34 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3335.389989] binder: 31691:31695 transaction failed 29189/-22, size 647-13 line 3138 [ 3335.398701] binder: undelivered TRANSACTION_ERROR: 29189 [ 3335.408151] binder: 31692:31699 got transaction with out-of-order buffer fixup [ 3335.426470] binder: 31692:31699 transaction failed 29201/-22, size 96-24 line 3467 03:58:34 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRESOCT, @ANYPTR64=&(0x7f0000000100)=ANY=[@ANYRES32]], 0x3}, 0x1, 0x0, 0x0, 0x44000181}, 0x0) 03:58:34 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TUNGETFILTER(r2, 0x801054db, &(0x7f0000000440)=""/238) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYPTR=&(0x7f00000002c0)=ANY=[@ANYRESHEX, @ANYRESHEX, @ANYRES32=r4, @ANYRESDEC=r0, @ANYPTR=&(0x7f0000000280)=ANY=[@ANYRES64, @ANYRESDEC, @ANYRES32, @ANYRES64=r1], @ANYRESDEC=r0]], 0x3}}, 0x0) r5 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x2000) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r6) accept$inet(r6, &(0x7f0000000100)={0x2, 0x0, @remote}, &(0x7f0000000140)=0x10) ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f00000000c0)={0x401, 0x9, 0x5, 0x2, 0x7ff, 0xdf3}) 03:58:34 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:34 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x6, 0xffffffffffffffff, 0xa) socket$netlink(0x10, 0x3, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x1c03) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) write$uinput_user_dev(r1, &(0x7f0000000240)={'syz1\x00', {0x91, 0x3f, 0x6, 0x8}, 0x18, [0x7fffffff, 0x5, 0x8, 0xe99, 0x8, 0x80, 0x46d0, 0x54, 0xfff, 0x81, 0x4, 0x0, 0x0, 0xff, 0x100, 0x1, 0x20, 0x2, 0x9, 0x4, 0xed5c, 0x32, 0x6, 0x3ff, 0x5, 0x1f, 0x3, 0x3, 0x80, 0x9, 0xa82f, 0x9, 0x5, 0x7fff, 0x40, 0x6, 0x9, 0xc8c0, 0x3f, 0x55, 0x9a, 0x7, 0x1f, 0x1, 0x1, 0x6, 0x80, 0x1, 0x2, 0xffff93ca, 0x2, 0x0, 0x20, 0xfffffff8, 0x9, 0x400, 0x3, 0x4, 0xfffffff8, 0x34d, 0xa8c, 0x100, 0x5, 0x97b], [0x5, 0x2, 0x80000001, 0x5, 0x5, 0x2, 0x0, 0x10356282, 0x1, 0x9, 0x8c0, 0x1, 0x74, 0x6, 0x3ff, 0x0, 0x3b, 0x4, 0x4, 0x7, 0x5, 0x9d1, 0x5, 0x20, 0x2, 0x3, 0x1f, 0x3, 0x4, 0xbb8a, 0xb2e, 0x8, 0xfffffffe, 0x963, 0x0, 0xd9e1, 0x8ef, 0x642, 0x9, 0x220c, 0x7f, 0x5, 0x5, 0x3, 0x4, 0x101, 0x9, 0x3, 0x3, 0x10001, 0xffff, 0x7, 0x101, 0xfff, 0x400, 0x4, 0x5, 0x8, 0x8001, 0x8, 0x1f7, 0x9a, 0x2, 0xb9], [0x400, 0x10000, 0x1, 0x140000, 0x4, 0x1, 0x0, 0x7ff, 0xa07, 0x1, 0x101, 0x0, 0x8, 0x60, 0x8001, 0x6, 0x64b, 0x1000, 0x0, 0x1, 0xb0ad, 0x5c20, 0x2, 0x0, 0xfffffff7, 0x1, 0x0, 0x2, 0x1, 0x650, 0x2, 0x100, 0x2, 0x2, 0x3, 0x8001, 0x6, 0x4, 0x8001, 0x6, 0x3169, 0x7, 0x1020000, 0xffffffff, 0x3, 0x16e3, 0xfffffffc, 0x8000, 0x1f, 0x20f2, 0x6, 0x7f, 0x80, 0x0, 0x2, 0xbb, 0x0, 0x81, 0x4, 0x5, 0x6, 0x0, 0x5f9, 0x1], [0x8, 0x3ff, 0x43ee, 0x66bb06b2, 0x2, 0x6, 0x6, 0x800, 0x7, 0x7f, 0x7b67, 0x1ba2, 0x7, 0x8, 0x80000001, 0x3ff, 0x8, 0x4, 0x4ed6, 0xd77, 0x3, 0x40, 0x3, 0xbbe3, 0x6, 0xfff, 0x5b2c, 0x3, 0x3, 0x400, 0x7b7, 0x9, 0x20, 0x4, 0x401, 0x0, 0xfc6, 0x3, 0x0, 0x4, 0xb02f, 0x6, 0xffff, 0xfffffff8, 0x9, 0xffffffff, 0x3, 0x92, 0x7fff, 0x4, 0xcb, 0x8, 0x0, 0x9d3, 0x65282db1, 0x8, 0x20004000, 0x3, 0x7, 0x6, 0x2, 0x8001, 0x10000, 0x1ff]}, 0x45c) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000000000000000000000000000bba1e21dcef33cd7a25b3b094c438600852a627700000000000000000000000000000000000000008561646600000000000000000000000000072942809567283d03f00c942add8d784cff1e0ed0f0b4407b6a2200f6f6bb06433f0e615847a035f006521a0c903ad413de08fb4b1ba1c5ee4b92b6087d2b2044b3155a73af8a4b9bcadd6ed6db3d9cba3333a9b2289388dd33c763bc6a7c2232f2dd0515832b81d6de881e5bc984e1f82a4406ea3cc263"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) [ 3335.440610] binder: 31704:31705 transaction failed 29189/-22, size 647-13 line 3138 [ 3335.440912] binder: undelivered TRANSACTION_ERROR: 29189 [ 3335.476732] binder: undelivered TRANSACTION_ERROR: 29201 03:58:34 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRESHEX=r1, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}}, 0x0) 03:58:34 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x7) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) [ 3335.540371] binder_alloc: 31719: binder_alloc_buf, no vma [ 3335.560902] binder: 31721:31724 got transaction with invalid offset (40, min 40 max 96) or object. [ 3335.560933] binder: 31721:31724 transaction failed 29201/-22, size 96-24 line 3379 [ 3335.561263] binder: undelivered TRANSACTION_ERROR: 29201 [ 3335.627747] binder: 31719:31723 transaction failed 29189/-3, size 647-13 line 3284 [ 3335.640228] binder: undelivered TRANSACTION_ERROR: 29189 03:58:34 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:34 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x1, 0x0}, @flat=@weak_binder, @fda={0x66646185, 0x3}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:34 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000e20f0f9cd801ffffff3f041f", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x100202, 0x0) write$P9_RSTATFS(r1, &(0x7f00000000c0)={0x43, 0x9, 0x2, {0xffff, 0x80, 0x2, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x1ff, 0x0, 0x7fffffff, 0x1}}, 0x43) 03:58:34 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000280)=r5, 0x4) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r7, 0xc004743e, &(0x7f0000000140)=""/246) ioctl$PPPIOCSMAXCID(r7, 0x40047451, &(0x7f0000000100)=0x80007c) ioctl$PPPIOCSMRU1(r7, 0x40047452, &(0x7f00000002c0)) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000000)) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r8, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYRESHEX, @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRES16=r1, @ANYPTR=&(0x7f0000000080)=ANY=[@ANYPTR, @ANYRESDEC=r2, @ANYBLOB="4f91e62c4cf901d57b", @ANYPTR], @ANYRESDEC, @ANYRES16=r0, @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="32e7cb01bd6fecba629f248efd0fa1904673d6104771a35cce4d60499ae5cf662f4468b468622baff73c781e2f47f0d5d1e2f67fecd565da0d041412c4ded5c430c5ab99597858a089cab72c0a0f70cc24b6742495548240b9a16e1be23218a6362137de4f6c019dcf7826cb411ef99e1203ee3c2ee91a29", @ANYRES32, @ANYRES32=r6], @ANYBLOB="2593b1377906f8c9b140b2b1d0181c88a15c012dca833589eeed50db6f940efc786527b873dca8ed7386d5aa3b82bac6f06a0ca7b06a0e125fa79fd2fd5a745067a6c9dfb69bfe", @ANYRESOCT=r8, @ANYRESOCT=r0, @ANYRESOCT, @ANYRESDEC], @ANYBLOB="00000046a64ea9a415d93500000000000800140000000000"], 0x3}}, 0x0) 03:58:34 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:34 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000a624b65c5607daeeba583f894df348466d6936cd842fc250cb940d259368726ef7fc37b7619a75c4f5afb6b24135c9212ce86b33bf6ba3f6cd7c012af4ad1d9cd5e58f9c9071ddb89e40d103d7b1dad7c091e8e3bd92502fae106002bf56e26c065e9a5d513c1d6ecbd1a7730c134bc098588d6f8b2acba23fc85c366c2d76237e52eae33794629b2226fcbaa5a96b08d501400910e7a67211"], 0x3}}, 0x0) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) 03:58:34 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:34 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x14, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="05630420e40000000b630000e5b02d7247d70c9a8e0463044000000000"], 0x32, 0x0, &(0x7f0000000280)="c5c67abce57dbcc8a942e0317cceb2d731473322c9bad01dcdb478343c8b4762dc8fd24e4cf125fdb73816a43d27bbc0fe5f"}) syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1}, @flat=@weak_binder={0x77622a85, 0x1000}, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3336.209627] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3855 sclass=netlink_route_socket pig=31752 comm=syz-executor.0 [ 3336.223601] binder_alloc: 31750: binder_alloc_buf, no vma [ 3336.223622] binder: 31750:31753 transaction failed 29189/-3, size 647-13 line 3284 03:58:35 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:35 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3336.224001] binder: undelivered TRANSACTION_ERROR: 29189 [ 3336.232132] binder: 31746:31755 got transaction to invalid handle [ 3336.232141] binder: 31746:31755 transaction failed 29201/-22, size 96-24 line 3138 03:58:35 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r1, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, 0x0, 0x8, 0x70bd26, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x4008095) perf_event_open(0x0, 0x0, 0x0, r1, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r2 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)={'ty\xec\xff\xff\x8c\xb3\x00@\x00\x00\x04\x00'}, &(0x7f0000000240)=0x54) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r6) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x7) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:35 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) pipe2(&(0x7f0000000080), 0x4000) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) [ 3336.232380] binder: undelivered TRANSACTION_ERROR: 29201 [ 3336.270265] binder_alloc: 31761: binder_alloc_buf, no vma [ 3336.270285] binder: 31761:31764 transaction failed 29189/-3, size 647-13 line 3284 [ 3336.270738] binder: undelivered TRANSACTION_ERROR: 29189 [ 3336.299154] binder: 31766:31770 unknown command 537158405 [ 3336.299162] binder: 31766:31770 ioctl c0306201 200002c0 returned -22 [ 3336.307915] binder: 31766:31770 got transaction with out-of-order buffer fixup [ 3336.307950] binder: 31766:31770 transaction failed 29201/-22, size 96-24 line 3467 [ 3336.308255] binder: undelivered TRANSACTION_ERROR: 29201 [ 3336.463697] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3855 sclass=netlink_route_socket pig=31752 comm=syz-executor.0 03:58:35 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:35 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:35 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:35 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)=0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000000)) waitid$P_PIDFD(0x3, r1, &(0x7f0000000080), 0x1000000, &(0x7f0000000100)) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000000)) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f0000000000)) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r8, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r1, &(0x7f0000001300)={0x0, 0xfffffffffffffddd, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYRESDEC=r2, @ANYRES16, @ANYPTR64, @ANYRES16, @ANYRESDEC=r3, @ANYPTR64=&(0x7f0000000240)=ANY=[@ANYPTR64, @ANYRESDEC=r4, @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYPTR64, @ANYRESHEX=0x0, @ANYRESOCT=r5, @ANYRESOCT, @ANYPTR, @ANYRES32], @ANYRES16=r6, @ANYRES32=r0, @ANYPTR], @ANYRESOCT=r7, @ANYRESDEC=0x0, @ANYRES32, @ANYPTR64=&(0x7f0000000280)=ANY=[@ANYRESHEX, @ANYBLOB="49ad6f26530c4ec4bf9d7027da8ce05a35f12bd11fba21e4b1d55a9717a7ec63f11087bd0a7c6db7212933a365d58994faa9d14329b928bcf8", @ANYPTR, @ANYRES16, @ANYRES32=r8]], 0x3}}, 0x2be05f0bf0891fe0) setsockopt$sock_timeval(r1, 0x1, 0x14, &(0x7f0000000380), 0x10) mlockall(0x0) 03:58:35 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000000c0)={0x0}, &(0x7f0000000100)=0xc) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) fstat(r4, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) r6 = socket$inet_udplite(0x2, 0x2, 0x88) fstat(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r7, 0x0) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000001c0)={r2, r5, r7}, 0xc) r8 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$TIOCMGET(r8, 0x5415, &(0x7f0000000080)) 03:58:35 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r1, &(0x7f0000000080)="3259ba4eea58aa80d871a55a262a3ea92ac62b1dc6a625b54dcc0a7739c72375c27ac1bc97e51ce15863e15fa854ecba1e4a5276d1f1694cab1516ecb841faa499b1", &(0x7f0000000100)=""/154}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0}}, 0xfffffde4) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={r2, 0xffff, 0x10}, 0xc) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={r2, 0xfffd}, 0x84) r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000240)={r2, 0x7, 0x8}, 0xc) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000280)={&(0x7f0000000200)='./file0\x00', r3}, 0x10) r4 = getpgid(0x0) ioprio_get$pid(0x2, r4) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYRESOCT=r4], 0x3}}, 0x40045) 03:58:35 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:35 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:35 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x3) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:35 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="3000000010000108e960823b0200000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}}, 0x0) 03:58:35 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3337.058920] binder: 31791:31800 got transaction with out-of-order buffer fixup 03:58:35 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$netlink(r0, 0x10e, 0x2, &(0x7f0000000080)=""/192, &(0x7f0000000140)=0xc0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioperm(0x1f52, 0x5, 0x20) syz_genetlink_get_family_id$team(&(0x7f0000000800)='team\x00') r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xc, 0x10, r7, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_RESET_STATS(r5, &(0x7f00000007c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40120020}, 0xc, &(0x7f0000000780)={&(0x7f0000000340)={0x418, r8, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x5c, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x81}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xcf3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xec4}]}, @TIPC_NLA_MEDIA={0x30, 0x5, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_LINK={0xf4, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffc00}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x400}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x499}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_MEDIA={0x74, 0x5, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xda}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}]}, @TIPC_NLA_LINK={0x98, 0x4, [@TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x18}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_NODE={0x8, 0x6, [@TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_BEARER={0x110, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x100, @remote, 0xcfc}}, {0x14, 0x2, @in={0x2, 0x4e24, @remote}}}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfff}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x2, @mcast1, 0x20}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @remote}}, {0x14, 0x2, @in={0x2, 0x4e23, @local}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7f}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}]}]}, @TIPC_NLA_MON={0x3c, 0x9, [@TIPC_NLA_MON_REF={0x28c, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x13dc}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x91}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}]}]}, 0x418}, 0x1, 0x0, 0x0, 0x40}, 0x4) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, r3, 0x200, 0x70bd29, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x14, 0x18, {0x401, @bearer=@udp='udp:syz1\x00'}}}}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x80) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="9c471b"], 0x30}}, 0x0) [ 3337.064671] binder: 31804:31807 got transaction with invalid offsets size, 13 [ 3337.064712] binder: 31804:31807 transaction failed 29201/-22, size 647-13 line 3338 [ 3337.065019] binder: undelivered TRANSACTION_ERROR: 29201 [ 3337.102169] binder: 31808:31816 got transaction with invalid offsets size, 13 [ 3337.102197] binder: 31808:31816 transaction failed 29201/-22, size 647-13 line 3338 [ 3337.102532] binder: undelivered TRANSACTION_ERROR: 29201 [ 3337.202771] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3337.227058] binder: 31791:31800 transaction failed 29201/-22, size 96-24 line 3467 [ 3337.237248] binder: undelivered TRANSACTION_ERROR: 29201 03:58:36 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:36 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x510, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) io_setup(0x2, &(0x7f0000001140)) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, 0x0}}], 0x0, 0x0, 0x0}) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:36 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:36 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x891b, &(0x7f0000000080)={'ip6erspan0\x00', {0x2, 0x4e20, @broadcast}}) 03:58:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000cf0008001b00000000000800140000000000f1262db417238d8ae21ee9e356958ae64f2b0c13fe6e60c727362b9405549cd4cc5c37045ae0f82b7a1224efd9614d2f1becf6cc64028ca9a2ed706c9a1c04a55cdd768228b06956ceee970d9a8797fa44b4e0e38c138a17f255ffbfde861ac28b5eddb61f0c21fd66933d1b296611da3afba25769ec132718678e25cc44b32058d347b25a3804551bcd7d8da2f3a7ff406ce6e5c1d5d96ed995eb4e9a802658a2a78a163ba60b02f51926983489fe70628305ffa238fa54b0ae"], 0x30}}, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x100, 0x0) openat$cgroup_subtree(r1, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) 03:58:36 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:36 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:36 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff6a4065db7b4bf40ff4ec8c5600001000040000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}}, 0x0) getxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=@random={'osx.', 'user\x00'}, &(0x7f0000000100)=""/20, 0x14) 03:58:36 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3337.886112] binder: 31846:31850 got transaction with out-of-order buffer fixup [ 3337.907132] binder: 31846:31850 transaction failed 29201/-22, size 96-24 line 3467 03:58:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000020000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000080)={0x1, 0x1}, 0x8) 03:58:36 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000040)='y\x00', 0x2, 0xe156bb7d845ea577) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0000040000000000000000000000000000000000000000000000000000600000000000000018000000000000000000000000f90062230f417f8dff078b51811edc37d687dbff57d03dc46aa5bded82b91504e6613c85bcd3eb795f7101e5ccf7ee6080cffa2622a99cc3c8b7a2799a96b9c8d193789b186489ca83ba5385bd8677f5613bb721d94852fd3fe6b7a3c0c45200252132367e619f3fd0feb8a6cf8bba9d9c4125bc9abdccc4ac4f9d53a5717324865e65c24244206855e03c3264282c25363dde745b2c84ec3157da60d6e2f060162986d722948289753b9d7cf595e18ecf073406f89d90882342042bd0877c22deb13eabff14e2dc1fe521b392670c2cbb989d83174089cdaf8c", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) [ 3337.937994] binder: undelivered TRANSACTION_ERROR: 29201 03:58:36 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x48, r1, 0x900, 0x70bd2a, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x4}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0xfff}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xfffffffa}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4800}, 0x10) [ 3337.984711] binder: 31863:31872 got transaction with invalid offsets size, 13 [ 3338.020073] binder: 31874:31879 unknown command 262144 [ 3338.020082] binder: 31874:31879 ioctl c0306201 20000140 returned -22 [ 3338.059857] binder: 31863:31872 transaction failed 29201/-22, size 647-13 line 3338 [ 3338.060057] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=31882 comm=syz-executor.4 [ 3338.084013] binder: undelivered TRANSACTION_ERROR: 29201 [ 3338.096146] binder: release 31845:31852 transaction 2532 out, still active [ 3338.098568] binder: BINDER_SET_CONTEXT_MGR already set [ 3338.098592] binder: 31845:31881 ioctl 40046207 0 returned -16 [ 3338.115964] binder: undelivered TRANSACTION_COMPLETE [ 3338.121163] binder: send failed reply for transaction 2532, target dead 03:58:37 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r1, 0x29, 0x34, &(0x7f0000000080), &(0x7f00000000c0)=0x4) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:37 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) ioctl$EXT4_IOC_GROUP_EXTEND(r4, 0x40086607, &(0x7f0000000000)=0x8) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000016001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000016f179fbcb89003ad700000400000000000000000000000000000085616466000000001d0000000000000000000000000000000000000000000000000000000000800000000000553ccaa715ed0493cf158a060000239e460f490e7d3384712e75560deebf36aa111756ae9f6cd9dd49d44574e62a98a78dd8d216b83abd6bf16f3d30c67ea40b"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:37 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/checkreqprot\x00', 0x2, 0x0) write$P9_RSYMLINK(r1, &(0x7f00000000c0)={0x14, 0x11, 0x2, {0xfbc5f89b05c3b98a, 0x1, 0x3}}, 0x14) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001000010800ffff54f3ffe11e86354d25231ac400001000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:37 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:37 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$KDGKBTYPE(r1, 0x4b33, &(0x7f0000000080)) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:37 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x101000, 0x0) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f00000000c0)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}}, 0x8044040) 03:58:37 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = getpid() getpgrp(r2) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) ioctl$sock_proto_private(r1, 0x89e2, &(0x7f0000000240)="94f51ae49c45e12be376b43aba93000fed5f797d4bc7aa110177ff4b7f38a065c5ce6e4da6935188e1f36f841564831b2edce6dd51a7e53a929b96849f93b86e6cd71dd68e5005e453dd026c1bcf416dfb149b3100cacd46c9087a7084afb4341f1e619329a9391b2f824eb778bbff07e3270a0e40d42d9e5ba9906d18d4543380b30da5a4bee2f85d87238695275f00fbb95ca0248778559a21030d780893a6b28c1ce95e86e3995a41df1794ea09b815c0b833deb40c750a34fccfe6") perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setrlimit(0x9b6e9cd40c6ecd16, &(0x7f0000000000)={0x1, 0x20}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0063404000000000ff59f88cb8bed902eea0d074948f0000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:37 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$BLKIOOPT(r1, 0x1279, &(0x7f0000000000)) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="300043519268a5d4cc88a0d52a7853f2ff0000d20e9d0210027b11eed05dfff4e4bb58c23f1b9b4e0a88a75a3f7324d089b4f794bc9bfcb02af6f345af34fffb1a1882f8a247ea3c34c77f980910fab2441cdb6cac97193a396500e0a5d046150f10547dd2b4a5460fc5e628439d3894576d21e22c8d477cd3dfdf55766064f3fc2bb0acde49e6d278739c3109a84566afba9baed33e794e91b1b2a36b18469ed6f67be798a0ab07bd8613a89fe23f6ea3316c58d57c353a4d6b3f89c1eb03e77b3bffd02685410b575a8bafc375519f0a11312127bc68", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400000000000000000000000000000000000000ac9be512776abb1a8931717ff9cf2312aed478f6e336b52e2069ccbc47dc5b89fa654dce8b2b60955ee0cd39cc9a79fca19b6e3f5cf98986492fa245f398a1cb4a32a8ef822d953fdef0"], 0x30}}, 0x0) [ 3338.509293] nla_parse: 1 callbacks suppressed [ 3338.509299] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3338.523503] binder_alloc: 31897: binder_alloc_buf, no vma [ 3338.528858] binder_alloc: 31893: binder_alloc_buf size 6192449487634552 failed, no address space 03:58:37 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x7) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="0000000064c173a5009ac4139ef6f5b6"], 0x30}}, 0x0) [ 3338.528864] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3338.528883] binder: 31893:31902 transaction failed 29201/-28, size 6192449487634528-24 line 3284 [ 3338.529191] binder: undelivered TRANSACTION_ERROR: 29201 [ 3338.590467] binder_alloc: 31911: binder_alloc_buf size 27021597764222976 failed, no address space [ 3338.590474] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3338.590494] binder: 31911:31914 transaction failed 29201/-28, size 0-27021597764222976 line 3284 [ 3338.590777] binder: undelivered TRANSACTION_ERROR: 29201 [ 3338.597284] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3338.599416] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26770 sclass=netlink_route_socket pig=31923 comm=syz-executor.2 [ 3338.650746] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3338.654782] binder: 31927:31935 got transaction with out-of-order buffer fixup [ 3338.654822] binder: 31927:31935 transaction failed 29201/-22, size 96-24 line 3467 [ 3338.655075] binder: undelivered TRANSACTION_ERROR: 29201 [ 3338.766765] binder: 31897:31903 transaction failed 29189/-3, size 647-13 line 3284 [ 3338.776901] binder: undelivered TRANSACTION_ERROR: 29189 03:58:38 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x5) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="3000000026f1d8c7b7e040efff00001000000000", @ANYRES32=0x0, @ANYRESDEC], 0x3}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendto$inet6(r2, &(0x7f0000000080)="8e3a6a63062b2c48", 0x8, 0x4000, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @mcast1, 0x3911}, 0x1c) write(r2, &(0x7f0000000200)="35309b878fb72268cd07b26e124ec76442adf1917d216046d365e658e14c67f8ad220d1247506ec5ffb439f026336470db8174fbdf3d887ff9250016ff7b805ee85dd375fb75331e7df1453c1071e12c7e36382b33a2f9e831097fb31d433098a7ae6206976ae090dcb1948c8859dd27f3fa41c61c1e34d2969abe61f1524c5bb4da2e500b89892d4df9c1e7c3e148f76d0c65171771422975f9d65f1538cf8a0b12ca7577d3beae2cefded79df91b15a09c8a6fce44c72d6485a918aa7d6b52483e7ed49cd13a4f9ab964a847df43b3b5803ca894bc616fba2545fe98e107849cd87b98d654ca945d320c2b303eeeb147f8625ae6e5b16cf59f60dcf43df6", 0xff) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000000140)={'broute\x00', 0x0, 0x4, 0x1000, [], 0x1, &(0x7f0000000000)=[{}], &(0x7f0000000300)=""/4096}, &(0x7f00000001c0)=0x78) 03:58:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) utime(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x2, 0x2}) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$LOOP_SET_FD(r2, 0x4c00, 0xffffffffffffffff) 03:58:38 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) getsockname(r1, &(0x7f0000000080)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @initdev}}, &(0x7f0000000100)=0x80) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:38 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x40000, 0x0) r4 = getegid() r5 = socket$inet_udplite(0x2, 0x2, 0x88) fstat(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r6, 0x0) stat(&(0x7f0000000040)='.\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(r4, r6, r7) mmap$perf(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9, 0x2010, r3, 0x0) r8 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:38 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:38 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYPTR64=&(0x7f0000000100)=ANY=[@ANYPTR=&(0x7f0000000080)=ANY=[@ANYPTR64, @ANYRES32=r1, @ANYRES64=r0, @ANYPTR, @ANYRESDEC, @ANYRESDEC=r2, @ANYRES16, @ANYPTR, @ANYRES16=r3, @ANYPTR64]], @ANYBLOB="4aa2433ef43052d06bbc1f3705b5349e4b178c5f29a8a8a58e2efbcd2dde868beb5d4a4ead1d59ab533e5f3b7eb2f70a649373f8ff1f6dc2b99b56ab199e2b4332eaf1ce8c72edb6bcf9f9820a64c99434e0f6ee14ab009b7243e3f29e4eed29d0a2feea404335adfb185ceb2ef4df6f29928e4ede89e54c90e58741285232d4a199e5235cea80e92ad0350b775032d1f3ee96da32f371d6843b0e2454f12d76c68396d54e2211652c71941aad870acc0db8a3a59862cfb20b21d1210a7f87d0cf1c5268db5c484ef5643e9a241708dafab4f633806b46a9", @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}}, 0x0) 03:58:38 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000010c0)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYPTR64=&(0x7f0000001080)=ANY=[@ANYRES64=r0], @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$inet6_opts(r4, 0x29, 0x3b, &(0x7f0000001340)=""/4096, &(0x7f0000000000)=0x1000) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PIO_FONTX(r2, 0x4b6c, &(0x7f0000000080)="5ca5377f29a99ebaf75c1f859e4a4d56e9945b381b498caede5d316e73d235913a9fc7954d9ce6e68a79f3473cc6003f69a8f9bca5ae84a42e3ff983898a308aaca8a9fc90a90a395d934fbb82fe00b0ec9e1a204b7b4a3f2843c5a2eb165165e869b01fbfc2d6a34b43424da9ac41b9debb6eaf8d4cc1fdc0a3266e2ae81bbbabf971f26cf78b9eef8c67589289b14490c3761ca956a8c242dc64a6dbbd682b41885141a484e7e30c41229ad343aa6aa03f8967c066a5caef5eb50d118d0bbc13be3c3873567fb4f76d20b01d91cd6718f579ca55e0c490cb3a3d0e5b71731c9f679b11e81c892c74493a7dae9058eaab0773db8a755f6dce9a646ddd44d4e4acf544c2976e449d41613d6833a064f24f925610221ade703b67cdfb8fcb97beda2d7e1f6ee3f38b0b003dda3964ac0877266d654a2559ddb4cf9a7db7eb369a110d83c43660e19e9092ab11612101191423e220cf8387cc009a98f9aa6fdef8973940c4e8dcc627b450a14806ca8913ccff6270fce33c3c397d83637b49c77a2cbc8866e110195dc38241e7ce4832b800d34a85c072837ceec62f820fd7dd0814ab59865650311019c284d17000083ef60ceb38397a206d20ec8ce14c5be9bd56d889bef63bc243b2e7730dffc58719f89cba986716ee71f18151f08419f999181c3d663ec87684a0811e2718b4d7168624a309a1a9beb21b9b6eff38fd89274fa6bf286b269e19e5f6f4e299de9bb7ab3fbdf30a19c423f47800965ff05dfa31d5e986731ea542043ae1155ed41e5cf48e966ee9e2dd651f87601e6098ddcbd9db7032c5135d26b7b809f124e27473de0a4dfa7cd0224bcd5642b3db9ddc5ebe4ca20cca6d3e7f281f203644f7c6c88df2725b0d748aa485e6be141a3b5cc3b29394af0ce2c9c6b52dc5c0297b89312226792e1565b4489cbc05cb71ffd3df60aacfda2ecaace10f3d82b2800f88c9a62fcca501a08f5a54df646fe7c266f0a7a72babfa101d6bb06239368d8e15c878c587160ab73983e6d9569df51a8033136a8e2790f2b4defd58dae379355e8a5c8e39e7bce78ab8600527fae481df189fd766488e898dcaf33d354142e2672966d90e7f8f11f18e789b030570a49baf75e87731498acdbc9015291d272c5776efab9f3f6738ae707c41493c86d2f1bdc38fa07e8b720e52ae59050faeb88289d34cb7faa824802cc11c26e636f8c6206922cde469c06d63ad0bbf75533f902bf0145cc427a8de79e6f51baf02dbb6a1f50c12e03f000096a4c2c1f878c644d3e920f9ded466bf7e954fab7dac60169a3ea6eaaf8ef70345da47ce67ed7318e80243ca9f5eb596ac7ca8372c225f082003e6f3b481c7c844aaf5276a3a70d532f00a18278f374c57e934c6b47f54094285012c68272414fc0527c024e627d281065def4f99146fa2a42ddbe9bb563d7235b6158f37eef8a47be5d698faedc0d6248b109fc2aef6adb6801e829d2c9fbe02ef9704ba5255a476eca802cbf8be944b2f80df4738fcbf3ee105ad3621c66f932d11de07ddbd4ef29b6862f05ee978e16798422849252aed1c583d0c37e0d23092742321473e6622b6ffc0c5d1b072602716d8fd2ee462dcada11e65b13ac201d99bd0e3ccebe3b4c70b79842038aa308c7afcc31d66201e05e0219156921daf5953bef2328d76379f41cf5f20d4f5a58ca06680b043d09b1cfbaa05c9d1d735a54f950d9d34becc9cdf7b24e9279513754201290c6c4d2a690942a6973488c684b9250a59fe0285aff5ef3008862c68fe2f41cedc6cb1b90bf23224b907332bd6381d1945f67ee027df5bf84420e4a2025b1730c7484c83df55bd5b61de687d50360aafe01aa710f0b6ac10b3f518848a06a2bcf4d53b7dcc899e1d4b2bd1feda5711d1fc16f91718c57fe295ab22fecc14cec592961e541a954ce3d077885048af27cbb5141868225e9b20746146ab3e11043512d6b70125bc6f646081255ad8586062cbea747705cac94bbd282a6da0190208913d6724fe04924b76defc3ad00a066ed16f147924148fda14df666a6754fbe3725e4f935e8677c826413e1873710927ed14f0dc5b924ee995f5c2ec916a763dec161bb4e74ce157da8a1ca1255681022aa21110eb628209ea6b1ea8c0638e8cc9d79352302ca15047a3c4d253aebe38d12146f88772dfa63ca20977f67697d3b0f27226175302bb006423ca95b7dddef80cf342ab498f2e3093ce729578c641fc3804dcd6a536011af57a1ab0f32dc6d1f0db623ef170c6f0cc322fee29f125409ebb27f30181d62008e1d9135b4cbdbe3611032ab3903aa4a69c1460e771d5c263ca9986a5fbc7c03364364343cc568ab64ca3aa28876823f5cc55dbb79f985e8a28567db201ea112cbb577f7e20e0c6e02f038c60f5f034efc063d312334f94fc5c31d26121c6bae610f8de8a754222d88005921e4b497898a1652f4b6f370b4ff09d7d79f7002458f69c87624d4328cfcbe2bf61d0028f85baa81c22199f684ac016f10cf4d89b081a77fc7e56c019400e3393ff8cc1243d485172ba2e6e7ba2bd62f43178a87813d7afc68b8334086fbe0e059377ebe29677990d96e1e94b46365d4cedef2763b95a532bbb821f3fffbdb3d1c6d53e87465e784af1c1093282a9e65471152acd24f808680c43361bbf7fe2064efac5f704aae3342a8b14060bb9f058e80ef1180c24ec4b6b9752f06a73bb5033b6aebcd9b7ee3ce5ffc02bc534192d4845d294f5f3a7adec899baf58a2411cfc959696332b876c4e44b376e4354a99d944c568bd3f0812fadee963ac647f8f6d82962801924e0ae2c08819d9daa6c10283acca9ef37abd8fae3a2180c7f66747c4b5294ec696b58a6bdf8090f3c9e651ac47e08bbf8bb32291eb0e7cc4e42b80e708b8017281ccf762c81e69d36cb90bc7b2036255bcc27be11b826b7e18f4431b0d9d3aff69193dc9704b2323a55ae7ea5275ff389df08f980b8b5c5722bfcef7da9281621ab7b9474bf7d351ede073161de24c18b226092a932a797b3159341751ccd79bee7effdff3298ee69635090afa291acf3f9b12098420fa4d643ae8163e85e67eba6511ac948af4474a608634d0a436f467e169acd1b00628720a9d0e369fc625e2d09e12ca3a6a7f95439ed3b59f770c3ee3b90c02e988e85ffd2913e86c04d2a0f084cfa14c2e46eb248b3542c98c37d592d7384a3e657d84ce486aa6a297f4ce315c270dc54ad744a96932d6e2e4a64515d66a31c0b0948029dc42e136a1ef929de77225e76aae96464d47a1efc9fa510c413a84a19e6f658b0554404aa4c7850731b3ed6b7309fc92ec43406694d687cc6680f2401606e3062be97ad830a855bf092e00564c73492fb4a792e2adf95e990d79618c0506e4ec6c353b5a2a9d8b6c5477a635e7dc6f63d1dd8f65a486617a0233e862e79cec2aadf4ec91a1b4dcd67cfb54cb575799522a0f7af8df39a975e730ec9347a8191135c5bb1603af3f59a373df535aed7de31fc7db5a98cf8dee14d52e89b94c86e43d63caba495b41696ecd120da37941470b1b2cf490f11d0b88d6c00cc0e9971eda3af21c807a74ba92986410737eabcc141bfe9c963fa1bbbaf8d766678bf4413e00c80a0d6c12945989e116f5fa2d5a6ea1aa9f76a9018c7cd0d6d24ce93d03c8e36fa281180533ccc9535e7b4431680eb21fde3d1e8514b66cd56d326a714457a16c8e2c2b8c123745018234dfed35b373c90598bb5b7750f53c7d1a309ec916bc6094542fc556fbd698ca5f72c0f0b41e389eb0e760074d70fa11b400d0b27edf7aca650da09f43737e0b868cf7d314006aebc93ea46b6f8887b1227a17684904a2fb5afaf163bc3327c0e434888c2853a7072fb6d54884369d58cf8b47b1fb7194b3f5874e8cce07febc7050828fee388de58989f75373f3ee0c5b08b32a5e4aa013734a562eb81c60b4530a491d52aade2910e85cde6763496b38e68848da4abbc5c1780f3fce853241e5fdce9214f49f40174c4fcca05c736aff54f7576e570dae71169a865c1d1c0418370ec8390bacfbda56aadd6c1708b9dc00137ad3b554b7d20c50e23cc33120447613da762d8351347240627c6906b117b409c97795a96bf42b5843ea75dda62bb077ec11b7ac298fa53b079080773639c5fec545f469dc6635ee91ba3adb6e1ab192bdf6be450fa1edd9061f36b39511699323bc8fd89a941efeae9a70dfd3246ba9cb10dce64ff5b993fedd1dc02dc7c921f5c163add2a5ba222ac02a6c85353fee198e8bd73839570150c0b66ae5595c7a3084dbc92e99665f744fc8be4564f55add3ad842804d1dc03e5fa5b0a75c6d1b7fe30dc0e2d84f42ff5147b7a358b6c9a810b6a553944e662414fd0fec8e6ce20cf5dfaee99c58b6be99b36a16e3419c02729a4c9e9f8e21225d1c29ddeeaf55e8022b272d764e113c75d1287b3787cc2795d151eaf674c80bda132999ac39b851da3f3791bd47079aec5e7ffbab440e786a22341f14f6b7d513c047299069b440cf815a2d4195d908d0e4dff37b6a2e0c7864d3a7fbeb4aa5fd90a80dd88cf5e95e634d723a2dff114c20b9e774fe9f469686947055f0964fa3d6edf904c335c08871713b7eba0f8fd475e81fa087bad514f9025eba05c1709aba3c208505f16df809563c46d9f645c33ec1f17151308f30eec7936d3ed2cffcd679e0bf7b5da4e2dcd49d7a3e807c71876595dce5f943d38b15f098ad97c635eea0862ea067c51aa4699adbe2db352b12b97f3d11fcd14483c4387293ac29b187bfc51e976bfa4c13adbfe9f6bdd93fbdd17de738cda793e1543815d22c78a0be3c6162c0d0a7725197136206b396900d550f977bcbcc467a804edd0d13a7f75fc87f50a39b7ccf78d0a536af7d14f230c560609e31ed4b7c7d3483ec724620d99dbbf38ee401c1cc1ba5b34cce86692fb0ed84eb666c16e2b482e57a907c7a52d2d09c7ec716db3ff1899bae3381c4817d19aa7caf4778349b01e1b9c1a00f4cac22e59e4dffca7dd66894a8977cab752957d217c3e82c3e18f72a20e0167b77d4d35a0574ed1e09885bb26bec6c3fdcaa9e4c69476e80c82bc9560e3c5e9a31b52c5efddabba7805ebbaabbd758f0a273d5c61db9f650f1dda3f2dc339beb96f713dcb84180ac0eb15e9ed207fbf16fcd24ba7875a6d38f93fbdca9341d7eef652dea03b7b1b554c42c8757d27ebf576195172b69e05d18a52b61c92ac8939ffae47b7987c1abf5631ca793cbad5b6175acc0eca60e171b16703457d1da311c0db310b687341973a9f3839529e7174855d443c0b67ad313b6121a7b57a99a92c85c263c3d41ab4e7372caec157cdbfa4e7e15aaf63238105f0680538346410cab0e825ebc7fc8d262dd96bac29284ef40278d13abc5649d24d254de4e940c538301e3c701224b79b1532429312d37355e48d2fa4c0a74b37ade4b49ba90432dd5af628129cfdff204aa84659d11d4835156b418d3eeb4aadf18c06c2c72132dc3f9dab78ab100a72e237de822f7daad8769650d47726e73a11e9c71a104d26a508d9f181d5783a82c0e395d26a6a4e4844213e4478a3ccb445dda1f1d086c5fde90357ef18385c7b2800e3dfe56da4d1f37f5774acc44702ed6af54bc7c351b2694432ce7f321c5daff67f2311198029af5ebdd5e1a156dabbec6b00ec9a553a9b795136729cc6a261918cd12e8b6efa25fd7f10983bb2b9d517fde930cdca4799e21b027c6ab09b695b6fd687677076d0cadb44c08fb4507e6c908") [ 3339.331416] binder: 31943:31945 got transaction with out-of-order buffer fixup [ 3339.339292] binder_alloc: 31944: binder_alloc_buf, no vma [ 3339.339313] binder: 31944:31950 transaction failed 29189/-3, size 647-13 line 3284 03:58:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x1b0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="00000008001b00000000000046ac032d2bcaf17358d84b3d442100"/38], 0x30}}, 0x0) 03:58:38 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000804140000000000"], 0x30}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@can_newroute={0x34, 0x18, 0x400, 0x70bd29, 0x25dfdbfe, {0x1d, 0x1, 0x5}, [@CGW_CS_XOR={0x8, 0x5, {0xfffffffffffffffd, 0xfffffffffffffff7, 0x0, 0x3}}, @CGW_MOD_AND={0x18, 0x1, {{{0x1, 0x0, 0x1}, 0x5, 0x3, 0x0, 0x0, "22e7d8fabed1792b"}, 0x2}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4884}, 0x20004811) 03:58:38 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3339.339772] binder: undelivered TRANSACTION_ERROR: 29189 [ 3339.405918] binder: 31943:31945 transaction failed 29201/-22, size 96-24 line 3467 [ 3339.423643] binder: undelivered TRANSACTION_ERROR: 29201 [ 3339.425919] binder_alloc: 31961: binder_alloc_buf, no vma [ 3339.425938] binder: 31961:31968 transaction failed 29189/-3, size 647-13 line 3284 [ 3339.461667] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3339.491374] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3339.493028] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3339.497461] binder_alloc: 31961: binder_alloc_buf, no vma [ 3339.497482] binder: 31975:31981 transaction failed 29189/-3, size 647-13 line 3284 [ 3339.549753] binder: undelivered TRANSACTION_ERROR: 29189 [ 3339.555255] binder: undelivered TRANSACTION_ERROR: 29189 03:58:38 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:38 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder={0x77622a85, 0xa8555320edfca06a}, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='lo\x00', r2}, 0x10) ioctl$FIBMAP(r3, 0x1, &(0x7f0000000100)=0x7) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[]}, 0x1, 0x0, 0x0, 0x44811}, 0x800) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) socket$netlink(0x10, 0x3, 0x7) r2 = dup(r1) ioctl$sock_inet_tcp_SIOCINQ(r2, 0x541b, &(0x7f0000000000)) 03:58:38 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:38 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000300)={0x0, {0x2, 0x4e22, @local}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xc}}, {0x2, 0x4e22, @broadcast}, 0x2ce, 0x0, 0x0, 0x0, 0x200, &(0x7f00000002c0)='veth1_to_bond\x00', 0x1, 0x1, 0x3}) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0xbf2ff714add0f68f, 0x0) ioctl$GIO_FONTX(0xffffffffffffffff, 0x4b6b, &(0x7f0000000140)=""/189) write$FUSE_WRITE(r1, &(0x7f0000000100)={0xfffffffffffffd80, 0xffffffffffffffda, 0x1, {0x200000}}, 0x18) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TUNSETPERSIST(r4, 0x400454cb, 0x0) r5 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) write$P9_RXATTRWALK(r5, &(0x7f0000000280)={0xf, 0x1f, 0x1, 0x80000001}, 0xf) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000200), &(0x7f0000000240)=0x4) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000000)) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = gettid() ptrace$setopts(0x4206, r8, 0x0, 0x0) tkill(r8, 0x2e) sched_getaffinity(r8, 0x8, &(0x7f0000000380)) ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f0000000000)) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r9, 0x8903, &(0x7f0000000000)) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r10, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r2, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYRESHEX, @ANYRESOCT=r10, @ANYRES16=r5, @ANYRES16=r7, @ANYRESDEC=r9, @ANYBLOB="0c7941092e4ad0141c43a2ad86d33c1d8d451ddd8cead34bd9b867aa39926d84c1524854f3401a93acf7161259203bf4e2b2c735abc3c1e5", @ANYBLOB="a929625be44641a3aeda210fc7f4842776a88ed6b16602fd94b0125b331e1bc83743caed4b8748e05b8f9aaed6648c2e82454e72e5408b19cb3379132bc2a981b51f4dc1f1bc8e3b4f8053adf9acfae3f2d6d7459fc770bec00c73135e3288dbd0312d816c82252c82150a125adaa628787fc248209fece48859f74bafd93fc9c292b9000fc6e5bb3fbfeff34322756916541882b6d0c8d90188844efce69a05d58bbb8d7ca13521e0d6b365b7f505da2d5422e8ce3c556cae533f7822ee839b9aa8384fb2be975a813c4127bb0a282a68c2f92d4d058ae03e92cea61ccbf037de2336ff29350952dc6cd481f9132b14316e7ca1e793c50ea1faea7c", @ANYRES32=0x0, @ANYBLOB="1fbbad7c0810b8843556bfd34f2a5c7363c29204fc092b2f34257b913fb07a16a23ed4b00c7892b0b3c9e4377406f8aba9da2a3292c58d692c330be157e2cd003d363aa6878c77fe12a40549f9bcbb12c9760f7977c67ad944a8fa95ea52f233f7cee07fe2cbddef22910acd7c8999b341fd2187b6bc492e48e6ec6e7039d4d623a6093657f089ad91c89aad285476fae139f907150748d359a83f841addc66890f52746feeed586688e3df8ba6ddc386f99b2632855a759f11b34742b07e332d3704a20764e0b2949f39f4298a93c1cf57f"], 0x9}, 0x1, 0x0, 0x0, 0x14044c8b}, 0x0) ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000080)=0x2) 03:58:38 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) symlink(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00') sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:38 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x7) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:38 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3340.168654] binder: 31987:31995 got transaction with out-of-order buffer fixup [ 3340.173612] binder: 31990:31998 transaction failed 29189/-22, size 647-13 line 3138 [ 3340.173753] binder: undelivered TRANSACTION_ERROR: 29189 03:58:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xd) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:38 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3340.221586] binder: 31987:31995 transaction failed 29201/-22, size 96-24 line 3467 03:58:39 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0x1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x510, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0x0) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) io_setup(0x2, &(0x7f0000001140)) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, 0x0}}], 0x0, 0x0, 0x0}) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) [ 3340.232494] binder: 32004:32009 transaction failed 29189/-22, size 647-13 line 3138 [ 3340.232644] binder: undelivered TRANSACTION_ERROR: 29189 [ 3340.252308] binder: 32003:32007 got transaction with out-of-order buffer fixup [ 3340.252348] binder: 32003:32007 transaction failed 29201/-22, size 96-24 line 3467 [ 3340.252821] binder: undelivered TRANSACTION_ERROR: 29201 [ 3340.301816] binder: 32015:32022 got transaction with invalid offsets size, 13 [ 3340.301842] binder: 32015:32022 transaction failed 29201/-22, size 647-13 line 3338 [ 3340.302028] binder: undelivered TRANSACTION_ERROR: 29201 [ 3340.383256] binder: undelivered TRANSACTION_ERROR: 29201 [ 3340.415847] binder: release 32021:32023 transaction 2565 out, still active [ 3340.422978] binder: undelivered TRANSACTION_COMPLETE [ 3340.498672] binder: send failed reply for transaction 2565, target dead 03:58:39 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) getresgid(&(0x7f0000000040), &(0x7f0000000080)=0x0, &(0x7f0000000100)) setfsgid(r2) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TUNGETVNETHDRSZ(r4, 0x800454d7, &(0x7f0000000200)) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) accept$packet(r6, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000001c0)=0x14) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000000)) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f0000000000)) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r8, 0x8903, &(0x7f0000000000)) ioctl$TIOCLINUX3(0xffffffffffffffff, 0x541c, &(0x7f0000000240)) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000001300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001340)=ANY=[@ANYRES16, @ANYRESHEX=r0, @ANYRESDEC=r7, @ANYRESOCT, @ANYRES64=r5, @ANYBLOB="72a8bfe52607ea9866610c7eae28c48226f68f5afad1bfbb50a53a6c89d150506112e2a5eb3d7aaf378eca50a8a99929648af94d9aea3ed6fa06a54fd2bf8ac03cfaa58ea3cdf37b8e7303faa788b0011a8a861841530f45180636687ff7c1a40645974c1be061a632fbc2015011bf7310d24273f75cdb9351a5ddb104dacefaedb2147ea8d4d54cce5e551abf67038c006be8f2eb2426a464e2691ab24deabc51e8417485de976fa6f8899b23ff1e86203fea989bd6385606d0affe57ee61668159d5cb4b7982abedfd19dfd1a7bc8e1bbdf6c4ef1fcf4919e353b8d9d6ea28605a12ae98d7a36a7add78251f41c95b5ff7ee204456e3228db27524cf218505a5c83a8d94c0a8a8e4d20e2386d06b182495a1e628383c9b399424ce0e999c9cce03958c7c096d67a55dd4ba51becfa8e2e60f5ac32aed23f93e279e3dfe8e1ea664b8795ea43ade39d3fe072d35200a3001a63c577438b02534b1490779b0135d556fa2687b164c37b52677fea246c8f7b763f854ed54105b091b1aebb7e28d314c34c22f5b195ab78a004b0611fdeef18bacb9eeb0814871c6274a6c4f00ade55d77f07627690c6831dfb981b0f8cdda29556fd604b7818dabc45831fa978b6df2ce5d17f924151d0abb515c3dac611f19caa3b2e2ee68203c037360dde8cf97306bbb6a70a828c135eac68c837bba568defd3833aa664c799477c3a6dfc05b4024d7f6d747a4ff8617471024756c79c4b83ef63d775abb09f2c3e310e458b55e90b1f49d79d80031d0456d5e2a4185ecb318f6ad399f1420ce79aa7eb0b9ef6ac3ed3a32983930fe22dcba699fb7641e4f3fce79ca768f122831198310b92b3efe7cc43420c9e1232b36071cbfbd709ecaf6973273766f27122b0484ef2a8dbda5c4f36ce9d8c9f2559c4c484e147172b9acfac6e3214605cd9d20a90d13ae8961a5087e12c0fbb74c0cfd21c501b376c75b844866c81129f9a5eb04255fe137175704f38aaea7c4fad156af06ea75daf65c5b9f28d75bafabbc02b2b379a1433977378872ebcc67656c3db646ae83a7f2257df91150c0b2b4f9c137740cda3980175b21baa4d5d50346a7c58f31c449e9ae856a5cb8020a85fcc5f64aed8217116ce68e58363a8ca7ffde5ee9c61484baefa3f1821b76456d6de2cc00a0572707aca670e3d13cebb3107db71476b95e5cc8329864c11468506fcec2c9fa13e7c7188bc8f448b3a004509e104492f2854d5100580dd46323600c1f90e68c9db9e792c73e18fdcc3c62c736e17f7d48feb341f7923f197cac7c497c352a287abd0a5f873e64d6ce75f6407072b9b023b8ed371c4bf9251446dbdc8488330ae70a70ede345ad2a33738169800f60b4cb67769c95da44905f3986a98cc4d7ea0f492719520d34c4400bb46c2d129192926c1ed8524f9cf9f82eec0c213db115046b26f997e489d7e3deae4d14d0b441af7f807d7796a9c37f822a9656513e4610e12fbb1e27abbe88adcf9bc090cc5cdf1ec15c9b0574ea39fac3edfdbcdbd3392b406196be741e3ec4f1d6362a87a61926244fe040d7304ac16376b74d876fc6de3653af8a4d64473bbf6084443f43becc26bd55f323af52b663e7618278f9e1933741fe7a301e063378dd6a39e26c6950c2ee4ff0dd2d2e9ab61d35f7ab5ee80cebed749fdb70179f7926a31bfc8e46b9fcc8d941a4e3e8e6b70fd3813be4ff1225b17b3d05da483f7cd2f94445b399a201182056cc0c41559e95fe7f39ee72612c79f98fa30e92b4d5c2f1dad9495cb8f621e0453e7ada1da8d5153a36301c04011746750098b1343be93df64f749bcbb6bb31febcaaf1dd8499514a20a588c6c68571023541987a6371456d3bb421174d7b5a470f075e3469c25e741a7d901895f8d51df141419f670194446b6f8b2b40be5aa80f34c0e3ceb30daa2761ef993d8f619ae5ad155e181b3c468f4ba9a07ccbcdfc324f6ecd387566cf21b15ad0390d4bbe295e3bfab642365b488d7e9c82eb337095a66373a15ba96aea3993610d795f23c21a18d1ab33d44a7e54bd44d51e85d950efd8680f47f96d0600760dd27891cd8a6893fd37451018242e6a4c7326098911790da84b8c63dfc0e36d8134c85649549848b41cd5776dfc72dd25b3241c38a91fbb0f0e42082bf3540657187d50451bfcf0c06e1957cefa59f9093b1d534f9a14df8d00c06170f1267f1cb99a00ef28e01e834704a8b20eec1d0f536c5fb592948b1f23f0361d473b0d5830af888f1b5f03129096e4e006bcd9aee0f8487217e9603dab983f55696fcab224e8a2d48fe3137f30e383c1fbd6d16016b5160b6e653f3fe46e6c7a9ca02cd96b9af379aabafd2e68f906232c00d01c2cd412b0986358ffe8b40f023e81a8bf0e1999a79ec46b5549d7763110f35fc7b0edba26641cdb7c4862715baa3532f3987498c33da82b87c8938c38a0c4dc9cbb287bc57cdd2f07d4a8c7890205b1a18e61a0499727bc7685a5b6564c3a44306f84b923767322fed152dd22ccd48fb91327c3f7a8c0bf3435b16df4ba3a0df32fe1cf053904d3a7c031aa93b3e97c2ebab65a6919d2545c500a14a7249ad87024d9f0cceb6a45bd194583e2a0815d39895cfc02c4255960e225cb1f5693f3f37a10e4c709e56cbbf7b5c11b2022b0dab6376d491ac91dac16d99e7ec9f52b817d66e75f7f81c09818823db477849da7e597b75b5cf6ef92a129cba83ebdb77a44c5e1f27108ff56e0b76d2090bc19760501e203f1ea02c0017cf86a71c9acf97d58c1a8dc5fb83a185771ad92f09c8d472288afd3796af39784b900a753e5bfbf6670cb02ac7553fd2f52bdfa0b9515a9f6d6a523b8d7d55a0b04101670a2348cb1d245e00a9b5dd22f10908fdfab41a9bea88b3d8f54de22a5ad4b778a2964d7990114d78128be7c3f1e64052037d07bb1bf597ddcf21afce049ceb21e25ef44c43f7bd2278a9fd8c3d9d59a921c1d488b135555242e529290a370558da7006d9585a5227f3457a2fa41ce635cfb0c70ca65f0b3fab5dac54f74bb75193bfbf80977076dfa462e7c885a8f954911d52b7e46004f9e0517acc1443c908483f114454d59efe8160382e74702e34c05f819dd44fd51841b9fedc5a773ed6a6b0a6e5d83f9ed6227ae5830d251ca3c7bd1e2103d419befdef91d9c296d746450a3425d3de70502a95f51f40f45a0c42d414aa2d01b860fcade4d03528ebeca17c1e9bcb76f087cb8b089591d3291bf3fa05e2669610a5b5fe52548502193dfa75c3f63e51c98190bad30a4015770ba7db1d9606c4ecd0308f141f867cf28d1ccf308e7873c369ce4c6c3b4694bc473cfa440f50dd6938eae00459f2a261fdec28b9201ae89d87822ffb56fb37054e546ba38218d3e65d1a36a0910eefbf871501afe4fdfaef59792861c7fe32894e137e6a2427280d9b246a628813f7f2a7db946bf2c3b317a954b2e5d20a3f4bdfdce0d5e0058118f494908295e069da6d74f7018fe945ee2ce400345bee0d7a69e452131db96aeb30b1e4e87f6bf9c56f5bde948c97fbcc36c87e78b4b5090e2021c464b09b88adde4a55a892dac3df3684e72073ca551247556bb95ba33f34ad8302cd3cbc0a9591b4cba3d81c38efc4eb8ad091fdf45c0c285683ca6e5f322206cee8eb803b896030c9321e9a4a8ab566a2d284a3b7eeb32570620a4a651cacdf766f9df8caae50e723ec1c7d47fcc76b85c66233aedd12edc703f563fa9f5bb106c3a3a8cec192d46459552ab3afa7e4a1e53494664bf8e801f992774e42c3051dbdcad994d8be7a28f66563e9546cac08cbad1be44b854522f7a0266ca01368b01c1d2719065a8f7edbf00a1097264fe2ba2e3a57a80b3a0fbf26b1c79faa1e3b04a8eff5849a8991552ca7a55e0d29a3d3aa8d2f49909298ac6d27654d568dad9679ed9cf5ad87424b8cf87e1157603209b88539872e3f82841c0208f79f960585f5c29f6e5300544814d3e115da5e2ae7a57c5ae1b70c9a4fb0fd38dbb78209acd36617b25afbba30456146a5772d3af4bbc9f08bb4f626e97213f557cd8a7b4dff865b17eb610a4198323652be28fe123a14e95279dcf0b97eefa763efc270672df844549211401c89f77c3899d175fc02f57250524ca86e9a6aa2be56830237ebf880367c88fc21800f6adc5e9335ab363e9cfda60ae6643cfa20319067f1181b8a851c35654a7be942876a8d3b21d03706c4a188898ad4d7270f5eeb91f264d20120b5c341dba0cd16714eb4accd2001a2de4efec2ea58535f30f4728c93c7fad39acb6efbf520bf651a0c29ebf89f592c054549606d1555cc445eed3835130e3a9d2e1bbfc2186486dd756b9797956e3bb1cb525435b036214d4bf92c7148a00f688b929bf419baa9c2a73796169644cf334d7bd9736ee54f7067c63c91ea8f4477cfd5099eb8c336f22cdbb5abee185598a36d561b65e4d766e4d6c0f53bce45a97a064580c8d5b6df6b4e7a9202652155507de9940a8ae8299f3e68b9607d3d7ed2811b7ec709e4f55825f95586daa3e7345cedeb066be62c17bbd402d2a400ecede5c9f703e284f6e89c152e534bca679809fd693fdfe4e2e21b94ffc57806c85676ede3e0ff8ad7b7438c7727f8394d199dc53b6d181b583553d16a98f9957a9dc826b850bb3db39da07b5741e3de1f201190f395472c062e74d90716c673335fd4c83b5d1f65636aadd0f2634e66e2a8682b7ee9c92c258794a79b3f8563bf4c55e3a96157dc7f5b749dff1cd5d059f81d2b47624120f71934e42c8f84e0c4e0d5bd24ff676460c7c7f9454a70c9cba60e588ebbbbcb2d92c2e13aa1b1b7c3eba4c29f2f39c6ec414201a79bb729266086a09430c60e9297ed582666687cd4b04b3719da6cd08ea1cc795c74296dc932c9a705f1dafe3bc3e2a047550d36bad295662e8339a238ea40b9e63de78e5266cad58375f389e7e6aa0c7d5b4c901efaa94a19f2375c1c7cb3919002baeb561aa21e5b7d4ba1492e3a45c4631f7970c9a29ae6bb7d83f7b6c8897da0d7969321a8af8bf54adc6e4404919372cc68fa54865b0cddd8ce96936a95a93f1c8b14bce95f9c13852fc44ffca034c5646f1ba6ea43cb4bff3a7ad93462c79de164b2bd0e3f3bfdc088d0f2e70864faef709cc7f4134b07c85b2c20042d8486bc89260e4042d379ccabc24e00fc0c53840df7e765d071f3419841992a5977a9dc63831540d972d5508711e66eb34948ab1fb4b9fb7bb94eda89b5c92d04ee6a359cca4f89bea6ff29dc3854dd5e64ebb8a13d9f3c675fc827cd2a16788d8e5faaa5da2829b0cc135a9f860fab35f4b583900959ab4b9e582cd2f536613c0fe27ca1e09be33e55a4da61fb5be46df10e4038bed73621e6646140f96e2790cc9f0606adccb68da152a1a99ab38bcb5b22a1c48479eb9fb26d7a41c40a5932e4df3d34010452ef9bebc1bbb1b227695b2245e4e28aa9cd3f9b9d5ce607dc73c72dffb288b86b25b1e467586fceab9efac1335c017be4c790f73a7325716d3e4a48d80f90ad58e7a99334ce89a1fa0c434bf9f0e9fbd67ca0f2df2f15701ff35f5ab967b66012e3b93a1f6720d541c698fc0d9cafd8f8e93bcab2d0e286836ed01f190418d2e443defa6fd2a2eaae5a93724bf97d9f0dadbe0d638aa4ff4e22a8d5b484474cf8ca231a93555fecf7b32f40176d917eeac8e005d947e1c81053d1acdeaaf18ff9407b6466be6ae38e88a2775f51512cd3fd18c1756803c8d541e11b7b0a6b877f3b13c0639d03dc0e6e", @ANYRES32=r7, @ANYRESDEC=r5, @ANYRES64=r8], 0x9}}, 0x48123) 03:58:39 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:39 executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:39 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/snmp6\x00') perf_event_open(0x0, 0x0, 0x0, r0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:39 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:39 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) read$char_usb(r2, &(0x7f0000000400)=""/16, 0x10) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f00000000c0), 0x4) r6 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$setperm(0x5, r6, 0x0) keyctl$revoke(0x3, r6) r7 = add_key(&(0x7f0000000100)='dns_resolver\x00', &(0x7f0000000240)={'syz', 0x2}, &(0x7f0000000280)="151e45eac5cfd7cb33a1bb780bed74afd70c4bd0617507f1fc7714296f640bea66", 0x21, r6) keyctl$assume_authority(0x10, r7) r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r9 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r10 = dup(r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f00000003c0)={0x64, 0x0, &(0x7f00000002c0)=[@increfs_done, @acquire_done={0x40106309, 0x2}, @increfs={0x40046304, 0x2}, @acquire_done={0x40106309, 0x2}, @acquire={0x40046305, 0x1}, @exit_looper, @dead_binder_done, @increfs={0x40046304, 0x3}], 0x79, 0x0, &(0x7f0000000340)="2042b2641e2a3a2d80b1e416797787cfc8e127afaa59af54382431d126e0c6cb1b26b49b4ac520b2cd7bc4ac844f1200f38d2053a2d114afd8653f12de27c90f8fe426997a935aee94f7b2807c6e5238cc448b39151428298b22f2f92100a2e8009c42584fe720fab6127f54687685608306d4096d4c8116a4"}) r11 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB="852a747000000000000000000000000000000000000000000000000000000000416c2614ae3fdbfbb35b4f31910000000000000000852a62770000001c6c0d908d19dfdf671cdf03d5fda563bfab4208f32a6567464ebf350000000000000000000000000000b408cf208bb55e000000856164660000000000"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:39 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:39 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="30000000108cc1cbd6348c6adb00001000000000", @ANYRESHEX=r0, @ANYPTR], 0x3}}, 0x0) [ 3340.992121] binder: 32031:32040 got transaction with out-of-order buffer fixup [ 3340.994895] binder: 32035:32038 got transaction with out-of-order buffer fixup [ 3340.994930] binder: 32035:32038 transaction failed 29201/-22, size 96-24 line 3467 03:58:39 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:39 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x11, &(0x7f0000000140)=0x9710, 0x4) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) [ 3340.995310] binder: undelivered TRANSACTION_ERROR: 29201 [ 3341.000920] binder: 32032:32039 got transaction with invalid offsets size, 13 [ 3341.000948] binder: 32032:32039 transaction failed 29201/-22, size 647-13 line 3338 03:58:39 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3341.001268] binder: undelivered TRANSACTION_ERROR: 29201 [ 3341.061916] binder: 32048:32051 got transaction with invalid offsets size, 13 [ 3341.061946] binder: 32048:32051 transaction failed 29201/-22, size 647-13 line 3338 [ 3341.062133] binder: undelivered TRANSACTION_ERROR: 29201 [ 3341.098381] binder: 32059:32060 got transaction with invalid offsets size, 13 [ 3341.098628] binder: 32059:32060 transaction failed 29201/-22, size 647-13 line 3338 [ 3341.098958] binder: undelivered TRANSACTION_ERROR: 29201 [ 3341.152048] binder: 32065:32069 got transaction with invalid offsets size, 13 [ 3341.152075] binder: 32065:32069 transaction failed 29201/-22, size 647-13 line 3338 [ 3341.152399] binder: undelivered TRANSACTION_ERROR: 29201 [ 3341.210942] binder: 32031:32040 transaction failed 29201/-22, size 96-24 line 3467 [ 3341.226899] binder: undelivered TRANSACTION_ERROR: 29201 03:58:40 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="020000000000000000000000000000000000000000000100"]], 0x0, 0x0, 0x0}) 03:58:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000800fbdc000000000800140000000000"], 0x30}}, 0x0) 03:58:40 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3341.497252] binder: 32076:32078 got transaction with invalid offset (2, min 0 max 96) or object. [ 3341.507351] binder: 32076:32078 transaction failed 29201/-22, size 96-24 line 3379 [ 3341.513880] binder: 32079:32081 got transaction with invalid offsets size, 13 [ 3341.513905] binder: 32079:32081 transaction failed 29201/-22, size 647-13 line 3338 [ 3341.514205] binder: undelivered TRANSACTION_ERROR: 29201 [ 3341.549186] binder: undelivered TRANSACTION_ERROR: 29201 03:58:40 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:40 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:40 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYPTR64=&(0x7f0000000080)=ANY=[], @ANYRES32, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = accept$unix(r2, &(0x7f0000000140), &(0x7f00000001c0)=0x6e) fchdir(r3) r4 = accept4$unix(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x400) connect$unix(r4, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e) 03:58:40 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:40 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:40 executing program 4: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x40000) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x480, 0x0) recvfrom$unix(r1, &(0x7f0000000100)=""/23, 0x17, 0x2, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e) write$P9_RLCREATE(r0, &(0x7f0000000080)={0x18, 0xf, 0x2, {{0x10, 0x2, 0x4}, 0x101}}, 0x18) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000dacd62523bfa8d1dc5975840f1161f4cf56a1e72e8071b548d45584011f2e10a83216134883b861b57ea0425b25da2309c968d00be52e1a506435e55914cc8cb86a273d1cbf9582ac46805562d5a67", @ANYRES32=0x0, @ANYBLOB="0000000000000002e10000000000000008001400002641ccb363837c34fd39a8fecfb63ae6"], 0x3}}, 0x0) 03:58:40 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:40 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:40 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$P9_RWALK(r5, &(0x7f0000000240)=ANY=[@ANYBLOB="300000006f020003000802000000010000000000b7acba9a00000006000000000000004000000000010100000000000064de16ef6cbeb96dbf05241fd66a27deea1770011f05fdcbec6efbc0969ea226eb91d958e5123c62721bc308dc0cb4bd57ff074a4f5224a63978a4a51201a85818ea0899b4b8f344f33bcfd4fa4cf55dea2e041e98bd615663bddbd353317acecd011f88ee53ba616446c06d9a85b9fbd6b73fa03c1e2c69a69be07247df7f6abf6796348d300a1eba5c913b68b2a07df07bd300743a457f2441fc3f5ca11c880777a82957a987c3b31c3bdea77ceae7e3558081c380a8a7ef5d0113acefd13a51ec491bdc901e84eb8a1ef1b03ccb2bf93db9954192cad86989a1fdcd48ff01cad0e9"], 0x30) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f0000000400)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000380)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x1d7, &(0x7f0000000000)=""/64, 0x40, 0x0, 0xe}, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x50}}}], 0x0, 0x0, 0x0}) [ 3341.637272] binder: 32089:32096 got transaction with invalid offsets size, 13 [ 3341.638988] binder: 32086:32094 transaction failed 29189/-22, size 647-13 line 3138 03:58:40 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000f07bcfbffd3c5a0e0a52c2a59e1d8c93c240bc472d448bb40d1cb1203585ebfeb76ab6bd8060ed1944f45157e92367e990b78faafa5b3aeab0b630f3d8717e923ee6104a1e8265ef3a6830856cf4c74dfe64cba0cf4b179a853b7f548e1874f639e1eacc25b7920d157d5d5a5b5bd0a5c5f2ef3c32fdc75ade6d57f9399231c43f080bf49cce2e36525d56e5f6c7d77a9af2b267875dba3d857794", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:40 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:40 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3341.639189] binder: undelivered TRANSACTION_ERROR: 29189 [ 3341.666149] binder: 32092:32099 got transaction with invalid offsets size, 13 [ 3341.666178] binder: 32092:32099 transaction failed 29201/-22, size 647-13 line 3338 [ 3341.667476] binder: undelivered TRANSACTION_ERROR: 29201 [ 3341.696620] binder: 32104:32107 got transaction with invalid offsets size, 13 [ 3341.696643] binder: 32104:32107 transaction failed 29201/-22, size 647-13 line 3338 [ 3341.696997] binder: undelivered TRANSACTION_ERROR: 29201 [ 3341.738294] binder: 32108:32114 got transaction with invalid offsets size, 13 [ 3341.738322] binder: 32108:32114 transaction failed 29201/-22, size 647-13 line 3338 [ 3341.738689] binder: undelivered TRANSACTION_ERROR: 29201 [ 3341.751607] binder: 32109:32116 got transaction with too large buffer [ 3341.751637] binder: 32109:32116 transaction failed 29201/-22, size 112-24 line 3493 [ 3341.751907] binder: undelivered TRANSACTION_ERROR: 29201 [ 3341.757780] binder: 32120:32123 got transaction with invalid offsets size, 13 [ 3341.757808] binder: 32120:32123 transaction failed 29201/-22, size 647-13 line 3338 [ 3341.758684] binder: undelivered TRANSACTION_ERROR: 29201 [ 3341.765947] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3341.804155] binder: 32125:32127 got transaction with invalid offsets size, 13 [ 3341.804189] binder: 32125:32127 transaction failed 29201/-22, size 647-13 line 3338 [ 3341.804601] binder: undelivered TRANSACTION_ERROR: 29201 [ 3341.923193] binder: 32089:32096 transaction failed 29201/-22, size 647-13 line 3338 [ 3341.933228] binder: undelivered TRANSACTION_ERROR: 29201 03:58:41 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:41 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:41 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0, 0x0}) 03:58:41 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:41 executing program 4: r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0x200800, 0x0) r1 = syz_genetlink_get_family_id$team(&(0x7f0000000100)='team\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) r4 = fcntl$dupfd(r2, 0x0, r3) ioctl$BINDER_GET_NODE_DEBUG_INFO(r4, 0xc018620b, &(0x7f0000000140)={0x2}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'veth0_to_hsr\x00', 0x0}) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r6}, 0x14) accept$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000340)=0x14) r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r8) getsockopt$inet_IP_IPSEC_POLICY(r8, 0x0, 0x10, &(0x7f00000003c0)={{{@in=@empty, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@multicast2}}, &(0x7f00000004c0)=0xe8) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000000780)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000740)={&(0x7f0000000500)={0x21c, r1, 0x10, 0x70bd25, 0x25dfdbfd, {}, [{{0x8}, {0x200, 0x2, [{0x5c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x2c, 0x4, [{0xff50, 0x4, 0x8, 0x20c3cdbf}, {0x3, 0x2, 0x3, 0x5cf}, {0x7ff, 0xe5, 0x7, 0x2}, {0x8000, 0xbe, 0x0, 0x8}, {0x1, 0x1, 0x44, 0xffff5ed6}]}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r7}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x80000000}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r9}}}]}}]}, 0x21c}, 0x1, 0x0, 0x0, 0x20044040}, 0x20000010) ftruncate(r8, 0x7) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:41 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:41 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000000)={@empty, @broadcast}, &(0x7f0000000040)=0x8) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="000000000000000028fcffffff00000040f8ffffff000000ebc28da4f8f9497f4d2bd10a9acfa665fd16ce5cb3e2c764672b735d499179f6702d2bb03f0038ce13d12063f7dc2f8bc0053e71202260b767ca5ded602f2608a3df299e9608be26782880a23a4a89145a547cbee78659474d905dca4e621b4595d192507acb57caa9cb74b472d9ae3c68647555921a5c7c532ef9d98f9f052d1e6ebdc7a6047550ac19132f3b6067f8999aa465cd87a43019b63e3a2c749e1d62ce72c22fda0b0de3fd068ba408eeb7c37f00"/212]], 0x0, 0x0, 0x0}) 03:58:41 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:41 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[]}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000180)={0x0, {0x2, 0x3ff, @multicast1}, {0x2, 0x4e23, @rand_addr=0x7}, {0x2, 0x4e21, @local}, 0x200, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)='bpq0\x00', 0x8, 0x6, 0x2}) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x1042, 0x0) ioctl$TIOCPKT(r3, 0x5420, &(0x7f0000000100)=0xbb7) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) ioctl$int_out(r4, 0x2, &(0x7f0000000380)) r5 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/checkreqprot\x00', 0x80100, 0x0) write$cgroup_int(r5, &(0x7f0000000240)=0x3, 0x12) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000000)) ioctl(r6, 0x7, &(0x7f0000000280)="7e6ae380ec6693e008a2a9b58729b5851b606faf67b455567181f48a9cba121367d0d85601a1c29d01ff3688ff5dcc2b89c1f54eb50e421f225de6fc8c0de6bfc44a8a37e994fc05d9b368bb910cc2c96113e070f2600871a2874bd2ef54ea7deb9783936897efab2a7846638a60139e72fe53a4792a2f22aa70c1090694c2f2d582032cb0eced7cc87e9572f2292733fe8458cdf9bcbba8ce1c241facf4d965eb42f40f0e52733805e2c9e25daee3c82fdbff83fbd4ae538b7107c7ae8771ca2fbab976b166cb199fdc2d98970427733bca") r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f0000000000)) fsetxattr$trusted_overlay_opaque(r7, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x3) [ 3342.454336] binder: 32135:32139 got transaction with invalid offsets size, 13 [ 3342.463670] binder: 32137:32143 got transaction with invalid offsets size, 13 03:58:41 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:41 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder={0x77622a85, 0x1000}, @ptr={0x70742a85, 0x0, &(0x7f0000000340)=""/247, 0xf7, 0x0, 0xe}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:41 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3342.463699] binder: 32137:32143 transaction failed 29201/-22, size 647-13 line 3338 [ 3342.463866] binder: undelivered TRANSACTION_ERROR: 29201 [ 3342.483136] binder: 32136:32141 got transaction with invalid offsets size, 13 [ 3342.483163] binder: 32136:32141 transaction failed 29201/-22, size 647-13 line 3338 [ 3342.483701] binder: undelivered TRANSACTION_ERROR: 29201 [ 3342.503763] binder: 32149:32154 got transaction with invalid offset (1099511626792, min 40 max 96) or object. [ 3342.503789] binder: 32149:32154 transaction failed 29201/-22, size 96-24 line 3379 [ 3342.504306] binder: undelivered TRANSACTION_ERROR: 29201 [ 3342.547374] binder: 32158:32161 got transaction with invalid offsets size, 13 [ 3342.547403] binder: 32158:32161 transaction failed 29201/-22, size 647-13 line 3338 [ 3342.547584] binder: undelivered TRANSACTION_ERROR: 29201 [ 3342.559365] binder: 32159:32166 got transaction with invalid offsets size, 13 [ 3342.559393] binder: 32159:32166 transaction failed 29201/-22, size 647-13 line 3338 [ 3342.559627] binder: undelivered TRANSACTION_ERROR: 29201 [ 3342.576143] binder: 32164:32169 got transaction with too large buffer [ 3342.576180] binder: 32164:32169 transaction failed 29201/-22, size 104-24 line 3493 [ 3342.576409] binder: undelivered TRANSACTION_ERROR: 29201 [ 3342.716986] binder: 32135:32139 transaction failed 29201/-22, size 647-13 line 3338 [ 3342.726538] binder: undelivered TRANSACTION_ERROR: 29201 03:58:42 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:42 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) close(0xffffffffffffffff) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_netdev_private(r2, 0x89f5, &(0x7f0000000300)="e5e6c75f5126b3aee9c43adbe662eaf5fe4432169a2a3e1a3d8ce95155932eb746cbe0a7219aaf2a593daf341b903132a0bcee9dbca0554b") r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r4) getsockopt$EBT_SO_GET_INIT_INFO(r4, 0x0, 0x82, &(0x7f0000000240)={'broute\x00'}, &(0x7f00000002c0)=0x78) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000000)) fsetxattr$security_evm(r5, &(0x7f0000000000)='security.evm\x00', &(0x7f0000000040)=@ng={0x4, 0xb, "26ce192e"}, 0x6, 0x2) 03:58:42 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000080)='./file0\x00', 0xa94a866a5c3afb63) 03:58:42 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:42 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:42 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:42 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="110000001000050800d5f1d3a342fccf59028e00f90f20de3a1ac13101000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') openat$cgroup_procs(r1, &(0x7f00000000c0)='cgroup.threads\x00', 0x2, 0x0) 03:58:42 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3343.298475] binder: 32185:32188 got transaction with invalid offsets size, 13 [ 3343.311882] binder: 32181:32192 got transaction with invalid offsets size, 13 03:58:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="0000feffffff010000000000000000000018000000000000"], 0x30}}, 0x0) r1 = syz_genetlink_get_family_id$net_dm(&(0x7f00000000c0)='NET_DM\x00') sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2020010}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r1, 0x20, 0x70bd26, 0x25dfdbfe, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x1) 03:58:42 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) [ 3343.311910] binder: 32181:32192 transaction failed 29201/-22, size 647-13 line 3338 [ 3343.312212] binder: undelivered TRANSACTION_ERROR: 29201 [ 3343.341728] binder: 32182:32187 got transaction with out-of-order buffer fixup [ 3343.341761] binder: 32182:32187 transaction failed 29201/-22, size 96-24 line 3467 [ 3343.342471] binder: undelivered TRANSACTION_ERROR: 29201 [ 3343.422822] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3343.426686] binder: 32213:32218 ioctl c0306201 0 returned -14 [ 3343.451991] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 3343.492462] binder: 32185:32188 transaction failed 29201/-22, size 647-13 line 3338 [ 3343.502517] binder: undelivered TRANSACTION_ERROR: 29201 03:58:42 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:42 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:42 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$LOOP_GET_STATUS(r2, 0x4c03, &(0x7f0000000240)) socket$netlink(0x10, 0x3, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = socket$inet6(0xa, 0x80001, 0x0) r5 = socket$inet6(0xa, 0x80e, 0x800000000002576) ioctl(r5, 0x8912, &(0x7f0000001140)="000000000034e026c9ef05cbcd1a8f8a8f8d77934621665e1cdd6d1591691a7e95229381fc6ed1d0cba27e019af0f8c47488389aeb55b07b19c295c605d6f6aba590f507085e29fd58197be111e510e3223a8e130e00fb265fe4b6a8e8ade875b8bde60976257b462f1e533437e2ac9b9ba82f00d4196025075b934e284aab778d287e39313b4314623efd1aca89344e9e2ff0c445c3284bc2a59ab02318c58c4543b9a4e18d0990102b11bfc3c85e887cf43b49cb8eea04ae0710393485b182033500ad49fab5cb4f12a5882836b34e252da44a1561") setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000d4b000)=ANY=[@ANYBLOB="0a00000000000000ff010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000005000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100"/776], 0x310) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f00000018c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000fbff00010959158b9ac821b0050000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000004000000000020ffef0000000000000000000000000000cf0000000000000000000000007fb593c60000000000000000000000000000000092dfc8107ac7b075a58b501b8082b9a4dc307674d93199e766e3b9e1736003bc418ff8495f254848398cea23373ca80b77a2748307b62f6703160ac41bb3525155eb439b16cfcd86ee763e82564116b6303b8412d8557873ed89b548be7b94d580d2ab543ed1d62ac1b2691118501e8ed0e9d0dcfd4adad9d8d7e97cd25155f9c423edaebc8978c8fee669d5fb4b452ee3c37a68c9c2cc75b112ed174fb2e04456e0501938bf90900bae315376af11ec7260baa755038546c8857ee44088a19f0ec58f5c51a9a60fc71486a333321cf066211d3f556fceea7ff39b9f5b80725e66ed764692720c631fed7529e67c55a283a88f35368c3f5c023d48163a6d0900996227882fec5a77256fdb07ce69105c8904aff0a359e0eba663e5a5359e2a6c4cda44e30ba5a05e2dcba9d9720fb4348c1760471ec3339810432284372e855953fd52de2f09b18ce328921b62b92077d39025bac6086c73afa1ac31a4ad9cbac6a9672b95acdcc3f45e1201d05906176a83a0103e5a64d13fd5ff3877e28b6d9da915cb6718a4d813f6ffbc210d0db3bc27442e9e7ea3219a57915aaaa2671436905afa17448a388d6ae1324626aa794c137d1a91fbb49a5f577d01ae975dc63ad002587b6565194391e347c2a4a3c140b0a93c426dd3315db57c9bfb8e776047e095cb63684b69e2ef3f9e4fc30c5bc219a2fcd5ce918d1c349892bc66adf842d81179e8601325c136f00d00bd6a9762f6de89ee544a894c0814fba168545dcd86e31d6acddb63650489bfad31004dbb880c65f88b6890a49bcd12dea18b06b99429f80977af6d7410a0fc7b4e51ea1640302ef587ed94925aef4134eca31d1be02569807ddece6cd3633042b8f06fd0994e7a2f2e0e7c59db863a35e06429b4f8b982a08939a0d8ebf2b790125ff845a6e9d143e48d6b80a958125bdfef81c66512ceeeabcaab3b7e86564a08ae1a34909d027cf71a90d92324b572f3f1cc0b864217d3fcf7ab633701e5c90dae4c6fcbe7bb963b5ffd015cdb4b1752866f4de4ccbc23ee162e507b0f777f69a8a510e272e5387eabeefb1116db37f679982675ee5ece99a4163c75872eefb451e455734672db847872dae04a"], 0x1) getsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x22, &(0x7f0000001340)={{{@in=@multicast1, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}}}, &(0x7f0000000140)=0x1b7) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x2000000, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) mount(&(0x7f0000000280)=ANY=[@ANYRES64=r4, @ANYRESDEC=r6, @ANYRESOCT=r4], 0x0, 0x0, 0x80000, 0x0) lsetxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000300)=@v3={0x3000000, [{0x1000, 0x401}, {0x0, 0x5}], r6}, 0x18, 0x1) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:42 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:58:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0xffffffffffffffdf, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800ffffffff00001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x30}}, 0x0) 03:58:42 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:42 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x9b) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000180)=0x3) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x800) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r3) ioctl$sock_inet_SIOCRTMSG(r3, 0x890d, &(0x7f0000000280)={0x0, {0x2, 0x4e23, @rand_addr=0x5}, {0x2, 0x4e23, @rand_addr=0x1}, {0x2, 0x4e21, @rand_addr=0x800}, 0x40, 0x0, 0x0, 0x0, 0x5, &(0x7f00000000c0)='team_slave_0\x00', 0x3, 0x7f, 0x8}) r4 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x40000, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000300)=ANY=[], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYRES64=0x0]], 0x0, 0x0, 0x0}) lookup_dcookie(0x8, &(0x7f0000000100)=""/38, 0x26) 03:58:42 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:42 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:42 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3344.147012] binder: 32231:32236 ioctl c0306201 0 returned -14 [ 3344.162117] binder: 32233:32234 got transaction with invalid offsets size, 13 03:58:42 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800e5e3eaa200001000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b00000000000800140000000000"], 0x3}}, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) fsetxattr$trusted_overlay_nlink(r3, &(0x7f0000000200)='trusted.overlay.nlink\x00', &(0x7f0000000240)={'L-', 0x6}, 0x28, 0x1) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) r6 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet6(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r9, 0x1, 0x7, &(0x7f0000ac5000), 0x4) sendmmsg$unix(r9, &(0x7f00000bd000), 0x53, 0x0) r10 = memfd_create(&(0x7f0000000080)='dev ', 0x0) write(r10, &(0x7f00000001c0)="16", 0x1) sendfile(r9, r10, &(0x7f0000000000), 0xffff) r11 = dup2(r7, r8) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) tkill(r6, 0x1000000000013) r12 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r13 = dup(r12) ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200) ioctl$VT_WAITACTIVE(r13, 0x5607) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x200080, 0x20) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 03:58:42 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000000000000000008561646600"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="00000000000000002800000000b7bd004000000000000000"]], 0x0, 0x0, 0x0}) [ 3344.162146] binder: 32233:32234 transaction failed 29201/-22, size 647-13 line 3338 [ 3344.162510] binder: undelivered TRANSACTION_ERROR: 29201 [ 3344.211399] binder: 32242:32245 got transaction with invalid offsets size, 13 [ 3344.211428] binder: 32242:32245 transaction failed 29201/-22, size 647-13 line 3338 [ 3344.212014] binder: undelivered TRANSACTION_ERROR: 29201 [ 3344.249270] binder: 32247:32251 got transaction with invalid offsets size, 13 [ 3344.249297] binder: 32247:32251 transaction failed 29201/-22, size 647-13 line 3338 [ 3344.249592] binder: undelivered TRANSACTION_ERROR: 29201 [ 3344.289307] binder: 32257:32262 got transaction with invalid offset (53399981226197032, min 40 max 96) or object. [ 3344.289334] binder: 32257:32262 transaction failed 29201/-22, size 96-24 line 3379 [ 3344.289780] binder: undelivered TRANSACTION_ERROR: 29201 03:58:43 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) gettid() r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(0x0, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:43 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:43 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:43 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:43 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:58:43 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:43 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:58:43 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3345.002414] binder: 32271:32274 got transaction with out-of-order buffer fixup [ 3345.006232] binder: 32270:32272 got transaction with invalid offsets size, 13 03:58:43 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = accept4(r1, &(0x7f0000000000)=@hci, &(0x7f0000000240)=0x80, 0x80800) flock(r6, 0x2) ioctl$LOOP_SET_BLOCK_SIZE(r5, 0x4c09, 0x0) r7 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:43 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:43 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 3345.006258] binder: 32270:32272 transaction failed 29201/-22, size 647-13 line 3338 [ 3345.006511] binder: undelivered TRANSACTION_ERROR: 29201 [ 3345.011146] binder: 32273:32275 ioctl c0306201 0 returned -14 03:58:43 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3345.049349] binder: 32281:32284 got transaction with invalid offsets size, 13 [ 3345.049376] binder: 32281:32284 transaction failed 29201/-22, size 647-13 line 3338 [ 3345.049511] binder: undelivered TRANSACTION_ERROR: 29201 [ 3345.100618] binder: 32290:32292 got transaction with invalid parent offset or type [ 3345.100653] binder: 32290:32292 transaction failed 29201/-22, size 96-24 line 3454 [ 3345.101010] binder: undelivered TRANSACTION_ERROR: 29201 [ 3345.119366] binder: 32293:32297 transaction failed 29189/-22, size 647-13 line 3138 [ 3345.119493] binder: undelivered TRANSACTION_ERROR: 29189 [ 3345.210220] binder: 32271:32274 transaction failed 29201/-22, size 96-24 line 3467 [ 3345.219642] binder: undelivered TRANSACTION_ERROR: 29201 03:58:44 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:44 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = accept4(r1, &(0x7f0000000000)=@hci, &(0x7f0000000240)=0x80, 0x80800) flock(r6, 0x2) ioctl$LOOP_SET_BLOCK_SIZE(r5, 0x4c09, 0x0) r7 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:44 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:58:44 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:44 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) gettid() r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(0x0, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:44 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x801) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:44 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = accept4(r1, &(0x7f0000000000)=@hci, &(0x7f0000000240)=0x80, 0x80800) flock(r6, 0x2) ioctl$LOOP_SET_BLOCK_SIZE(r5, 0x4c09, 0x0) r7 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:44 executing program 1: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x1, 0x9) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r1 = syz_open_dev$binderN(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x800002, 0x4c010, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000000000000000008561646600"/85], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) r5 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r5, 0x6, 0x1d, &(0x7f0000000040), &(0x7f0000000240)=0x14) [ 3345.830278] binder: 32311:32314 transaction failed 29189/-22, size 647-13 line 3138 [ 3345.843449] binder: 32313:32315 got transaction with invalid parent offset or type [ 3345.843487] binder: 32313:32315 transaction failed 29201/-22, size 96-24 line 3454 03:58:44 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:44 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0, 0x0}) [ 3345.844126] binder: undelivered TRANSACTION_ERROR: 29201 03:58:44 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = accept4(r1, &(0x7f0000000000)=@hci, &(0x7f0000000240)=0x80, 0x80800) flock(r6, 0x2) ioctl$LOOP_SET_BLOCK_SIZE(r5, 0x4c09, 0x0) dup(r3) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:44 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3345.848208] binder: 32312:32319 got transaction with out-of-order buffer fixup [ 3345.848243] binder: 32312:32319 transaction failed 29201/-22, size 96-24 line 3467 [ 3345.848787] binder: undelivered TRANSACTION_ERROR: 29201 [ 3345.854675] binder: 32318:32321 got transaction with invalid offsets size, 13 [ 3345.854699] binder: 32318:32321 transaction failed 29201/-22, size 647-13 line 3338 [ 3345.854836] binder: undelivered TRANSACTION_ERROR: 29201 [ 3345.903868] binder: 32325:32327 got transaction with invalid parent offset or type [ 3345.903913] binder: 32325:32327 transaction failed 29201/-22, size 96-24 line 3454 [ 3345.904333] binder: undelivered TRANSACTION_ERROR: 29201 [ 3345.910061] binder: 32329:32336 got transaction with invalid offsets size, 13 [ 3345.910085] binder: 32329:32336 transaction failed 29201/-22, size 647-13 line 3338 [ 3345.910218] binder: undelivered TRANSACTION_ERROR: 29201 [ 3345.951145] binder: 32326:32337 got transaction with out-of-order buffer fixup [ 3345.951178] binder: 32326:32337 transaction failed 29201/-22, size 96-24 line 3467 [ 3345.951905] binder: undelivered TRANSACTION_ERROR: 29201 [ 3345.974334] binder: 32342:32352 got transaction with invalid parent offset or type [ 3345.974375] binder: 32342:32352 transaction failed 29201/-22, size 96-24 line 3454 [ 3345.974632] binder: undelivered TRANSACTION_ERROR: 29201 [ 3345.990435] binder: 32346:32355 transaction failed 29189/-22, size 647-13 line 3138 03:58:44 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:44 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0, 0x0}) 03:58:44 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) removexattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=@known='trusted.overlay.nlink\x00') r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x1, &(0x7f0000000000)=""/101, 0x65, 0x0, 0x2c}, @fda}, &(0x7f0000000180)={0x0, 0x28, 0x50}}}], 0x0, 0x0, 0x0}) 03:58:44 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = accept4(r1, &(0x7f0000000000)=@hci, &(0x7f0000000240)=0x80, 0x80800) flock(r5, 0x2) ioctl$LOOP_SET_BLOCK_SIZE(r4, 0x4c09, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) [ 3345.990556] binder: undelivered TRANSACTION_ERROR: 29189 [ 3346.126837] binder: undelivered TRANSACTION_ERROR: 29189 [ 3346.152843] binder: 32362:32364 got transaction with invalid parent offset or type [ 3346.164081] binder: 32362:32364 transaction failed 29201/-22, size 96-24 line 3454 [ 3346.171260] binder: 32367:32368 transaction failed 29189/-22, size 647-13 line 3138 [ 3346.171508] binder: undelivered TRANSACTION_ERROR: 29189 [ 3346.189843] binder: undelivered TRANSACTION_ERROR: 29201 [ 3346.198938] binder: 32360:32366 got transaction with too large buffer [ 3346.205526] binder: 32360:32366 transaction failed 29201/-22, size 112-24 line 3493 [ 3346.216748] binder: undelivered TRANSACTION_ERROR: 29201 03:58:45 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) gettid() r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(0x0, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:45 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:45 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0, 0x0}) 03:58:45 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:45 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = accept4(r1, &(0x7f0000000000)=@hci, &(0x7f0000000240)=0x80, 0x80800) flock(r5, 0x2) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:45 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='\x00'}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCGUNIT(r3, 0x80047456, &(0x7f0000000040)) write$binfmt_misc(r2, &(0x7f0000000740)={'syz0', "4dd70381aca2c7ef2bf8de1fb31183c5079a740dcdc59cff499096703a9e2dfbc7c7b6cc2370f1448e829692a949745918cca5b3cd65b0cf035154d668f3ac12acf8ee59e6ee0f201e52e009a28d3dc9426440b365d38e2c1ed01e8bd3356a32813bd2454900a41419306ee4e098251272ae369b5e81f4fbd6c49276ff4c0b7e88dc4af15ad3fb5ba5323d834b47ad8e412899fff942537545c66b94c4e1388939a6b0a9"}, 0xa8) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:45 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:45 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:45 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:45 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) accept4(r1, &(0x7f0000000000)=@hci, &(0x7f0000000240)=0x80, 0x80800) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) [ 3346.667319] binder: 32372:32377 got transaction with invalid offsets ptr [ 3346.676940] binder_alloc: 32375: binder_alloc_buf, no vma [ 3346.676960] binder: 32375:32381 transaction failed 29189/-3, size 647-13 line 3284 03:58:45 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:45 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3346.677395] binder: 32373:32379 transaction failed 29189/-22, size 647-13 line 3138 [ 3346.677400] binder: undelivered TRANSACTION_ERROR: 29189 [ 3346.677456] binder: undelivered TRANSACTION_ERROR: 29189 [ 3346.682713] binder: 32378:32380 got transaction with invalid parent offset or type [ 3346.682907] binder: 32378:32380 transaction failed 29201/-22, size 96-24 line 3454 [ 3346.683160] binder: undelivered TRANSACTION_ERROR: 29201 [ 3346.733874] binder: 32385:32392 got transaction with invalid offsets size, 13 [ 3346.733903] binder: 32385:32392 transaction failed 29201/-22, size 647-13 line 3338 [ 3346.734087] binder: undelivered TRANSACTION_ERROR: 29201 [ 3346.741170] binder: 32389:32393 transaction failed 29189/-22, size 647-13 line 3138 [ 3346.741291] binder: undelivered TRANSACTION_ERROR: 29189 [ 3346.763799] binder_alloc: 32387: binder_alloc_buf, no vma [ 3346.763818] binder: 32387:32394 transaction failed 29189/-3, size 647-13 line 3284 [ 3346.772055] binder: undelivered TRANSACTION_ERROR: 29189 [ 3346.774328] binder: 32390:32396 got transaction with invalid parent offset or type [ 3346.774373] binder: 32390:32396 transaction failed 29201/-22, size 96-24 line 3454 [ 3346.774780] binder: undelivered TRANSACTION_ERROR: 29201 [ 3346.796623] binder: 32400:32402 got transaction with invalid offsets size, 13 [ 3346.796650] binder: 32400:32402 transaction failed 29201/-22, size 647-13 line 3338 [ 3346.796842] binder: undelivered TRANSACTION_ERROR: 29201 [ 3346.804782] binder_alloc: 32403: binder_alloc_buf, no vma [ 3346.804803] binder: 32403:32407 transaction failed 29189/-3, size 647-13 line 3284 [ 3346.805055] binder: undelivered TRANSACTION_ERROR: 29189 [ 3346.951926] binder: 32372:32377 transaction failed 29201/-14, size 96-24 line 3330 [ 3346.966918] binder: undelivered TRANSACTION_ERROR: 29201 03:58:46 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x0) tkill(r0, 0x1000000000016) 03:58:46 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:46 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:46 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:46 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:46 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='\x00'}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCGUNIT(r3, 0x80047456, &(0x7f0000000040)) write$binfmt_misc(r2, &(0x7f0000000740)={'syz0', "4dd70381aca2c7ef2bf8de1fb31183c5079a740dcdc59cff499096703a9e2dfbc7c7b6cc2370f1448e829692a949745918cca5b3cd65b0cf035154d668f3ac12acf8ee59e6ee0f201e52e009a28d3dc9426440b365d38e2c1ed01e8bd3356a32813bd2454900a41419306ee4e098251272ae369b5e81f4fbd6c49276ff4c0b7e88dc4af15ad3fb5ba5323d834b47ad8e412899fff942537545c66b94c4e1388939a6b0a9"}, 0xa8) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:46 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:46 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)}}], 0x0, 0x0, 0x0}) 03:58:46 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:46 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3347.504150] binder: 32411:32415 got transaction with invalid offsets ptr [ 3347.507911] binder: 32413:32417 got transaction with invalid parent offset or type [ 3347.507946] binder: 32413:32417 transaction failed 29201/-22, size 96-24 line 3454 03:58:46 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:46 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)}}], 0x0, 0x0, 0x0}) [ 3347.508236] binder: undelivered TRANSACTION_ERROR: 29201 [ 3347.517116] binder_alloc: 32418: binder_alloc_buf, no vma [ 3347.517136] binder: 32418:32422 transaction failed 29189/-3, size 647-13 line 3284 [ 3347.517364] binder: undelivered TRANSACTION_ERROR: 29189 [ 3347.525172] binder: 32414:32419 got transaction with invalid offsets size, 13 [ 3347.525196] binder: 32414:32419 transaction failed 29201/-22, size 647-13 line 3338 [ 3347.525463] binder: undelivered TRANSACTION_ERROR: 29201 [ 3347.529987] binder_alloc: 32412: binder_alloc_buf, no vma [ 3347.530006] binder: 32412:32420 transaction failed 29189/-3, size 647-13 line 3284 [ 3347.530300] binder: undelivered TRANSACTION_ERROR: 29189 [ 3347.572367] binder: 32423:32425 got transaction with invalid parent offset or type [ 3347.572405] binder: 32423:32425 transaction failed 29201/-22, size 96-24 line 3454 [ 3347.572826] binder: undelivered TRANSACTION_ERROR: 29201 [ 3347.584788] binder: 32430:32434 got transaction with invalid offset (0, min 0 max 0) or object. [ 3347.584818] binder: 32430:32434 transaction failed 29201/-22, size 0-24 line 3379 [ 3347.585028] binder_alloc: 32429: binder_alloc_buf, no vma [ 3347.585046] binder: 32429:32433 transaction failed 29189/-3, size 647-13 line 3284 [ 3347.585058] binder: undelivered TRANSACTION_ERROR: 29201 [ 3347.585418] binder: undelivered TRANSACTION_ERROR: 29189 [ 3347.640492] binder: 32439:32445 got transaction with invalid offset (0, min 0 max 0) or object. [ 3347.640526] binder: 32439:32445 transaction failed 29201/-22, size 0-24 line 3379 [ 3347.640761] binder: 32440:32444 got transaction with invalid parent offset or type [ 3347.640798] binder: 32440:32444 transaction failed 29201/-22, size 96-24 line 3454 [ 3347.640822] binder: undelivered TRANSACTION_ERROR: 29201 [ 3347.641035] binder: undelivered TRANSACTION_ERROR: 29201 [ 3347.800370] binder: 32411:32415 transaction failed 29201/-14, size 96-24 line 3330 [ 3347.814991] binder: undelivered TRANSACTION_ERROR: 29201 03:58:47 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x0) tkill(r0, 0x1000000000016) 03:58:47 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:47 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:47 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)}}], 0x0, 0x0, 0x0}) 03:58:47 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:47 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='\x00'}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCGUNIT(r3, 0x80047456, &(0x7f0000000040)) write$binfmt_misc(r2, &(0x7f0000000740)={'syz0', "4dd70381aca2c7ef2bf8de1fb31183c5079a740dcdc59cff499096703a9e2dfbc7c7b6cc2370f1448e829692a949745918cca5b3cd65b0cf035154d668f3ac12acf8ee59e6ee0f201e52e009a28d3dc9426440b365d38e2c1ed01e8bd3356a32813bd2454900a41419306ee4e098251272ae369b5e81f4fbd6c49276ff4c0b7e88dc4af15ad3fb5ba5323d834b47ad8e412899fff942537545c66b94c4e1388939a6b0a9"}, 0xa8) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:47 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:47 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:47 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='\x00'}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCGUNIT(r3, 0x80047456, &(0x7f0000000040)) write$binfmt_misc(r2, &(0x7f0000000740)={'syz0', "4dd70381aca2c7ef2bf8de1fb31183c5079a740dcdc59cff499096703a9e2dfbc7c7b6cc2370f1448e829692a949745918cca5b3cd65b0cf035154d668f3ac12acf8ee59e6ee0f201e52e009a28d3dc9426440b365d38e2c1ed01e8bd3356a32813bd2454900a41419306ee4e098251272ae369b5e81f4fbd6c49276ff4c0b7e88dc4af15ad3fb5ba5323d834b47ad8e412899fff942537545c66b94c4e1388939a6b0a9"}, 0xa8) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r4) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:47 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:47 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3348.332144] binder: 32453:32455 got transaction with invalid offset (0, min 0 max 0) or object. [ 3348.351113] binder: 32456:32458 got transaction with invalid offsets ptr [ 3348.351142] binder: 32456:32458 transaction failed 29201/-14, size 96-24 line 3330 03:58:47 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3348.351475] binder: undelivered TRANSACTION_ERROR: 29201 [ 3348.354265] binder: 32454:32460 got transaction with invalid parent offset or type [ 3348.354308] binder: 32454:32460 transaction failed 29201/-22, size 96-24 line 3454 [ 3348.354808] binder: undelivered TRANSACTION_ERROR: 29201 [ 3348.402217] binder: 32467:32471 got transaction with invalid offsets size, 13 [ 3348.402242] binder: 32467:32471 transaction failed 29201/-22, size 647-13 line 3338 [ 3348.402473] binder: undelivered TRANSACTION_ERROR: 29201 [ 3348.410688] binder: 32465:32469 got transaction with invalid offsets ptr [ 3348.410755] binder: 32465:32469 transaction failed 29201/-14, size 96-24 line 3330 [ 3348.411013] binder: undelivered TRANSACTION_ERROR: 29201 [ 3348.434214] binder: 32472:32476 got transaction with invalid parent offset or type [ 3348.434251] binder: 32472:32476 transaction failed 29201/-22, size 96-24 line 3454 [ 3348.434546] binder: undelivered TRANSACTION_ERROR: 29201 [ 3348.469958] binder: 32478:32481 got transaction with invalid offsets size, 13 [ 3348.469985] binder: 32478:32481 transaction failed 29201/-22, size 647-13 line 3338 [ 3348.470138] binder: undelivered TRANSACTION_ERROR: 29201 [ 3348.573394] binder: 32453:32455 transaction failed 29201/-22, size 0-24 line 3379 [ 3348.582848] binder: undelivered TRANSACTION_ERROR: 29201 03:58:47 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x0) tkill(r0, 0x1000000000016) 03:58:47 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='\x00'}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCGUNIT(r3, 0x80047456, &(0x7f0000000040)) write$binfmt_misc(r2, &(0x7f0000000740)={'syz0', "4dd70381aca2c7ef2bf8de1fb31183c5079a740dcdc59cff499096703a9e2dfbc7c7b6cc2370f1448e829692a949745918cca5b3cd65b0cf035154d668f3ac12acf8ee59e6ee0f201e52e009a28d3dc9426440b365d38e2c1ed01e8bd3356a32813bd2454900a41419306ee4e098251272ae369b5e81f4fbd6c49276ff4c0b7e88dc4af15ad3fb5ba5323d834b47ad8e412899fff942537545c66b94c4e1388939a6b0a9"}, 0xa8) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r4) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:47 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:47 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:47 executing program 0: r0 = syz_open_dev$binderN(0x0, 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:47 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0x0, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:47 executing program 0: r0 = syz_open_dev$binderN(0x0, 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:47 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:47 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:47 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='\x00'}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCGUNIT(r3, 0x80047456, &(0x7f0000000040)) write$binfmt_misc(r2, &(0x7f0000000740)={'syz0', "4dd70381aca2c7ef2bf8de1fb31183c5079a740dcdc59cff499096703a9e2dfbc7c7b6cc2370f1448e829692a949745918cca5b3cd65b0cf035154d668f3ac12acf8ee59e6ee0f201e52e009a28d3dc9426440b365d38e2c1ed01e8bd3356a32813bd2454900a41419306ee4e098251272ae369b5e81f4fbd6c49276ff4c0b7e88dc4af15ad3fb5ba5323d834b47ad8e412899fff942537545c66b94c4e1388939a6b0a9"}, 0xa8) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r4) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3349.207231] binder: 32489:32494 got transaction with invalid parent offset or type [ 3349.218976] binder: 32489:32494 transaction failed 29201/-22, size 96-24 line 3454 03:58:48 executing program 0: r0 = syz_open_dev$binderN(0x0, 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:48 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x0, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, 0x0}}], 0x0, 0x0, 0x0}) [ 3349.226357] binder: 32492:32498 got transaction with invalid offsets size, 13 [ 3349.226382] binder: 32492:32498 transaction failed 29201/-22, size 647-13 line 3338 [ 3349.226682] binder: undelivered TRANSACTION_ERROR: 29201 [ 3349.242180] binder: 32488:32495 got transaction with invalid offsets ptr [ 3349.242204] binder: 32488:32495 transaction failed 29201/-14, size 96-24 line 3330 [ 3349.242615] binder: undelivered TRANSACTION_ERROR: 29201 [ 3349.263174] binder: 32505:32507 got transaction with invalid offsets size, 13 [ 3349.263200] binder: 32505:32507 transaction failed 29201/-22, size 647-13 line 3338 [ 3349.263372] binder: undelivered TRANSACTION_ERROR: 29201 [ 3349.282551] binder: 32506:32512 got transaction with invalid offsets ptr [ 3349.282579] binder: 32506:32512 transaction failed 29201/-14, size 96-24 line 3330 [ 3349.282820] binder: undelivered TRANSACTION_ERROR: 29201 [ 3349.294604] binder: 32504:32511 got transaction with invalid offsets size, 13 [ 3349.294627] binder: 32504:32511 transaction failed 29201/-22, size 647-13 line 3338 [ 3349.294856] binder: undelivered TRANSACTION_ERROR: 29201 [ 3349.338700] binder: undelivered TRANSACTION_COMPLETE [ 3349.342543] binder: undelivered transaction 2782, process died. [ 3349.442464] binder: undelivered TRANSACTION_ERROR: 29201 03:58:48 executing program 5: gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = gettid() r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r0, 0x1004000000016) tkill(0x0, 0x1000000000016) 03:58:48 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:48 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='\x00'}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCGUNIT(r3, 0x80047456, &(0x7f0000000040)) write$binfmt_misc(r2, &(0x7f0000000740)={'syz0', "4dd70381aca2c7ef2bf8de1fb31183c5079a740dcdc59cff499096703a9e2dfbc7c7b6cc2370f1448e829692a949745918cca5b3cd65b0cf035154d668f3ac12acf8ee59e6ee0f201e52e009a28d3dc9426440b365d38e2c1ed01e8bd3356a32813bd2454900a41419306ee4e098251272ae369b5e81f4fbd6c49276ff4c0b7e88dc4af15ad3fb5ba5323d834b47ad8e412899fff942537545c66b94c4e1388939a6b0a9"}, 0xa8) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:48 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:48 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x0, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, 0x0}}], 0x0, 0x0, 0x0}) 03:58:48 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:48 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='\x00'}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCGUNIT(r3, 0x80047456, &(0x7f0000000040)) write$binfmt_misc(r2, &(0x7f0000000740)={'syz0', "4dd70381aca2c7ef2bf8de1fb31183c5079a740dcdc59cff499096703a9e2dfbc7c7b6cc2370f1448e829692a949745918cca5b3cd65b0cf035154d668f3ac12acf8ee59e6ee0f201e52e009a28d3dc9426440b365d38e2c1ed01e8bd3356a32813bd2454900a41419306ee4e098251272ae369b5e81f4fbd6c49276ff4c0b7e88dc4af15ad3fb5ba5323d834b47ad8e412899fff942537545c66b94c4e1388939a6b0a9"}, 0xa8) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:48 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:48 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x0, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, 0x0}}], 0x0, 0x0, 0x0}) 03:58:48 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) [ 3350.035535] binder: 32527:32529 got transaction with invalid offsets size, 13 [ 3350.042321] binder: 32526:32532 got transaction with invalid offsets size, 13 [ 3350.042368] binder: 32526:32532 transaction failed 29201/-22, size 647-13 line 3338 03:58:48 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='\x00'}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCGUNIT(r3, 0x80047456, &(0x7f0000000040)) write$binfmt_misc(r2, &(0x7f0000000740)={'syz0', "4dd70381aca2c7ef2bf8de1fb31183c5079a740dcdc59cff499096703a9e2dfbc7c7b6cc2370f1448e829692a949745918cca5b3cd65b0cf035154d668f3ac12acf8ee59e6ee0f201e52e009a28d3dc9426440b365d38e2c1ed01e8bd3356a32813bd2454900a41419306ee4e098251272ae369b5e81f4fbd6c49276ff4c0b7e88dc4af15ad3fb5ba5323d834b47ad8e412899fff942537545c66b94c4e1388939a6b0a9"}, 0xa8) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:48 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) [ 3350.042509] binder: undelivered TRANSACTION_ERROR: 29201 [ 3350.043948] binder: 32524:32530 got transaction with invalid offsets ptr [ 3350.044118] binder: 32524:32530 transaction failed 29201/-14, size 96-24 line 3330 [ 3350.044550] binder: undelivered TRANSACTION_ERROR: 29201 [ 3350.047321] binder: undelivered TRANSACTION_COMPLETE [ 3350.061742] binder: 32525:32531 got transaction with invalid parent offset or type [ 3350.061773] binder: 32525:32531 transaction failed 29201/-22, size 96-24 line 3454 [ 3350.062259] binder: undelivered TRANSACTION_ERROR: 29201 [ 3350.073415] binder: undelivered transaction 2790, process died. [ 3350.104179] binder: 32542:32544 got transaction with invalid parent offset or type [ 3350.104226] binder: 32542:32544 transaction failed 29201/-22, size 96-24 line 3454 [ 3350.104473] binder: undelivered TRANSACTION_ERROR: 29201 [ 3350.116347] binder: 32537:32545 got transaction with invalid offsets ptr [ 3350.116376] binder: 32537:32545 transaction failed 29201/-14, size 96-24 line 3330 [ 3350.116601] binder: undelivered TRANSACTION_ERROR: 29201 [ 3350.116771] binder_alloc: 32539: binder_alloc_buf, no vma [ 3350.116793] binder: 32539:32546 transaction failed 29189/-3, size 647-13 line 3284 [ 3350.117093] binder: undelivered TRANSACTION_ERROR: 29189 [ 3350.140761] binder: undelivered TRANSACTION_COMPLETE [ 3350.151256] binder: undelivered transaction 2804, process died. [ 3350.186633] binder: 32552:32559 got transaction with invalid parent offset or type [ 3350.186722] binder: 32552:32559 transaction failed 29201/-22, size 96-24 line 3454 [ 3350.187156] binder: undelivered TRANSACTION_ERROR: 29201 [ 3350.197804] binder: 32553:32558 got transaction with invalid offsets ptr [ 3350.197830] binder: 32553:32558 transaction failed 29201/-14, size 96-24 line 3330 [ 3350.201448] binder: undelivered TRANSACTION_ERROR: 29201 [ 3350.342030] binder: 32527:32529 transaction failed 29201/-22, size 647-13 line 3338 [ 3350.352104] binder: undelivered TRANSACTION_ERROR: 29201 03:58:49 executing program 5: gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = gettid() r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r0, 0x1004000000016) tkill(0x0, 0x1000000000016) 03:58:49 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:49 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x20c54691c105d0f6) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) sendto$packet(r5, &(0x7f0000000040)="ba2730d78ec7ba860ef5b8a4e742ecc15229294307bda16dc937b047de", 0x1d, 0x80084, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000000)) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f0000000000)) fcntl$dupfd(r6, 0x0, r7) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a7470008bbe2e971b563f0848825bc872825500000000000000f2fe0000000000000000000000000000000000000000000000759bd4413bba00f8c74d690000852a627700000000000000000000000000000000000000008561646600000000000002a300"/111], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:49 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:49 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='\x00'}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCGUNIT(r3, 0x80047456, &(0x7f0000000040)) write$binfmt_misc(r2, &(0x7f0000000740)={'syz0', "4dd70381aca2c7ef2bf8de1fb31183c5079a740dcdc59cff499096703a9e2dfbc7c7b6cc2370f1448e829692a949745918cca5b3cd65b0cf035154d668f3ac12acf8ee59e6ee0f201e52e009a28d3dc9426440b365d38e2c1ed01e8bd3356a32813bd2454900a41419306ee4e098251272ae369b5e81f4fbd6c49276ff4c0b7e88dc4af15ad3fb5ba5323d834b47ad8e412899fff942537545c66b94c4e1388939a6b0a9"}, 0xa8) r4 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:49 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:49 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:49 executing program 2: r0 = syz_open_dev$binderN(0x0, 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:49 executing program 3: r0 = socket(0x2, 0x1, 0x0) connect$unix(r0, &(0x7f0000000000)=@file={0xbd5699bc1ec0282, './file0\x00'}, 0x10) shutdown(r0, 0x1) [ 3350.873411] binder: 32566:32567 got transaction with invalid parent offset or type [ 3350.881952] binder_alloc: 32563: binder_alloc_buf, no vma 03:58:49 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='\x00'}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCGUNIT(r3, 0x80047456, &(0x7f0000000040)) write$binfmt_misc(r2, &(0x7f0000000740)={'syz0', "4dd70381aca2c7ef2bf8de1fb31183c5079a740dcdc59cff499096703a9e2dfbc7c7b6cc2370f1448e829692a949745918cca5b3cd65b0cf035154d668f3ac12acf8ee59e6ee0f201e52e009a28d3dc9426440b365d38e2c1ed01e8bd3356a32813bd2454900a41419306ee4e098251272ae369b5e81f4fbd6c49276ff4c0b7e88dc4af15ad3fb5ba5323d834b47ad8e412899fff942537545c66b94c4e1388939a6b0a9"}, 0xa8) r4 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:49 executing program 2: r0 = syz_open_dev$binderN(0x0, 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:49 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3350.881972] binder: 32563:32569 transaction failed 29189/-3, size 647-13 line 3284 [ 3350.882289] binder: undelivered TRANSACTION_ERROR: 29189 [ 3350.882533] binder: 32568:32570 got transaction with invalid offsets size, 13 [ 3350.882559] binder: 32568:32570 transaction failed 29201/-22, size 647-13 line 3338 [ 3350.882784] binder: undelivered TRANSACTION_ERROR: 29201 [ 3350.902615] binder: 32565:32571 got transaction with invalid offsets ptr [ 3350.902644] binder: 32565:32571 transaction failed 29201/-14, size 96-24 line 3330 [ 3350.902938] binder: undelivered TRANSACTION_ERROR: 29201 [ 3350.905261] binder: 32564:32572 got transaction with too large buffer [ 3350.905287] binder: 32564:32572 transaction failed 29201/-22, size 96-24 line 3493 [ 3350.905712] binder: undelivered TRANSACTION_ERROR: 29201 [ 3350.942840] binder_alloc: 32577: binder_alloc_buf, no vma [ 3350.942861] binder: 32577:32584 transaction failed 29189/-3, size 647-13 line 3284 [ 3350.943248] binder: undelivered TRANSACTION_ERROR: 29189 [ 3350.958564] binder: 32583:32586 got transaction with invalid offsets ptr [ 3350.958591] binder: 32583:32586 transaction failed 29201/-14, size 96-24 line 3330 [ 3350.958804] binder: undelivered TRANSACTION_ERROR: 29201 [ 3350.994346] binder: 32593:32595 transaction failed 29189/-22, size 647-13 line 3138 [ 3350.994555] binder: undelivered TRANSACTION_ERROR: 29189 [ 3351.116640] binder: 32566:32567 transaction failed 29201/-22, size 96-24 line 3454 [ 3351.126648] binder: undelivered TRANSACTION_ERROR: 29201 03:58:50 executing program 5: gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = gettid() r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r0, 0x1004000000016) tkill(0x0, 0x1000000000016) 03:58:50 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='\x00'}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCGUNIT(r3, 0x80047456, &(0x7f0000000040)) write$binfmt_misc(r2, &(0x7f0000000740)={'syz0', "4dd70381aca2c7ef2bf8de1fb31183c5079a740dcdc59cff499096703a9e2dfbc7c7b6cc2370f1448e829692a949745918cca5b3cd65b0cf035154d668f3ac12acf8ee59e6ee0f201e52e009a28d3dc9426440b365d38e2c1ed01e8bd3356a32813bd2454900a41419306ee4e098251272ae369b5e81f4fbd6c49276ff4c0b7e88dc4af15ad3fb5ba5323d834b47ad8e412899fff942537545c66b94c4e1388939a6b0a9"}, 0xa8) r4 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:50 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:50 executing program 3: r0 = open(&(0x7f00000003c0)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) write$9p(r0, &(0x7f0000000800)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb9693dd6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b804bfe70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706", 0x200) sendfile(r0, r1, 0x0, 0x10000) 03:58:50 executing program 2: r0 = syz_open_dev$binderN(0x0, 0x0, 0x2) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:50 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:50 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='\x00'}, 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCGUNIT(r2, 0x80047456, &(0x7f0000000040)) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:50 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:50 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3351.724235] binder: 32605:32607 got transaction with invalid parent offset or type [ 3351.730875] binder: 32604:32611 transaction failed 29189/-22, size 647-13 line 3138 [ 3351.731030] binder: undelivered TRANSACTION_ERROR: 29189 03:58:50 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:50 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='\x00'}, 0x10) pipe(&(0x7f0000000000)) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:50 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3351.735252] binder: 32602:32609 got transaction with invalid offsets ptr [ 3351.735277] binder: 32602:32609 transaction failed 29201/-14, size 96-24 line 3330 [ 3351.735713] binder: undelivered TRANSACTION_ERROR: 29201 [ 3351.765410] binder: 32614:32616 got transaction with invalid offsets size, 13 [ 3351.765440] binder: 32614:32616 transaction failed 29201/-22, size 647-13 line 3338 [ 3351.765730] binder: undelivered TRANSACTION_ERROR: 29201 [ 3351.791788] binder: 32619:32621 got transaction with invalid offsets ptr [ 3351.791815] binder: 32619:32621 transaction failed 29201/-14, size 96-24 line 3330 [ 3351.792401] binder: undelivered TRANSACTION_ERROR: 29201 [ 3351.796653] binder: 32620:32622 transaction failed 29189/-22, size 647-13 line 3138 [ 3351.796950] binder: undelivered TRANSACTION_ERROR: 29189 [ 3351.829850] binder_alloc: 32624: binder_alloc_buf, no vma [ 3351.829868] binder: 32624:32625 transaction failed 29189/-3, size 647-13 line 3284 [ 3351.830139] binder: undelivered TRANSACTION_ERROR: 29189 [ 3351.852688] binder: 32627:32631 got transaction with invalid offsets ptr [ 3351.852716] binder: 32627:32631 transaction failed 29201/-14, size 96-24 line 3330 [ 3351.853249] binder: undelivered TRANSACTION_ERROR: 29201 [ 3351.964131] binder: 32605:32607 transaction failed 29201/-22, size 96-24 line 3454 [ 3351.974130] binder: undelivered TRANSACTION_ERROR: 29201 03:58:51 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x0) 03:58:51 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:51 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:51 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f00000006c0)='\x00'}, 0x10) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:51 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:51 executing program 3: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x303, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6(0xa, 0x80001, 0x0) fcntl$dupfd(r2, 0x0, r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, r3) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x4000154, 0x2, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r4, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2}, 0x0) perf_event_open(&(0x7f00000001c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'sit0\x00', 0x0}) setsockopt$packet_int(r5, 0x107, 0x14, &(0x7f0000000100)=0x6, 0x4) bind$packet(r5, &(0x7f0000000300)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="65ed59501ed8"}, 0x14) sendmmsg(r5, &(0x7f0000000d00), 0x400004e, 0x0) socket$inet6(0xa, 0x1, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x400c0}, 0x0) 03:58:51 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:51 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) [ 3352.545657] binder: 32642:32644 got transaction with invalid offsets ptr [ 3352.559665] binder: 32642:32644 transaction failed 29201/-14, size 96-24 line 3330 [ 3352.575808] binder: undelivered TRANSACTION_ERROR: 29201 [ 3352.585796] binder_alloc: 32640: binder_alloc_buf, no vma 03:58:51 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3352.591490] binder: 32640:32649 transaction failed 29189/-3, size 647-13 line 3284 03:58:51 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:58:51 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:51 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3352.621724] binder: undelivered TRANSACTION_ERROR: 29189 [ 3352.664619] binder: 32662:32667 got transaction with invalid offsets ptr [ 3352.689122] binder: 32668:32677 ioctl c0306201 0 returned -14 [ 3352.693184] binder_alloc: 32674: binder_alloc_buf, no vma [ 3352.693204] binder: 32674:32678 transaction failed 29189/-3, size 647-13 line 3284 [ 3352.693444] binder: undelivered TRANSACTION_ERROR: 29189 [ 3352.747446] binder: 32662:32667 transaction failed 29201/-14, size 96-24 line 3330 [ 3352.756956] binder: undelivered TRANSACTION_ERROR: 29201 03:58:52 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x0) 03:58:52 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:58:52 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:52 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:52 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:52 executing program 3: r0 = memfd_create(&(0x7f00000000c0)='\x00'/10, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) write$binfmt_script(r1, &(0x7f0000000140)={'#! ', './file0'}, 0xb) execveat(r1, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1000) 03:58:52 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:52 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:52 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:52 executing program 3: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x303, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6(0xa, 0x80001, 0x0) fcntl$dupfd(r2, 0x0, r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6(0xa, 0x80001, 0x0) fcntl$dupfd(r4, 0x0, r3) recvmmsg(r4, &(0x7f00000000c0), 0x4000154, 0x2, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r5, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2}, 0x0) perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'sit0\x00', 0x0}) setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000100)=0x6, 0x4) bind$packet(r6, &(0x7f0000000300)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @random="65ed59501ed8"}, 0x14) sendmmsg(r6, &(0x7f0000000d00), 0x400004e, 0x0) socket$inet6(0xa, 0x1, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(r5, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x400c0}, 0x80010) [ 3353.377209] binder: 32691:32696 ioctl c0306201 0 returned -14 [ 3353.386758] binder: 32692:32699 got transaction with invalid parent offset or type [ 3353.386794] binder: 32692:32699 transaction failed 29201/-22, size 96-24 line 3454 03:58:52 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:52 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3353.387134] binder: undelivered TRANSACTION_ERROR: 29201 [ 3353.393043] binder: 32690:32700 transaction failed 29189/-22, size 647-13 line 3138 [ 3353.393257] binder: undelivered TRANSACTION_ERROR: 29189 [ 3353.444163] binder: 32709:32711 got transaction with invalid parent offset or type [ 3353.444201] binder: 32709:32711 transaction failed 29201/-22, size 96-24 line 3454 [ 3353.447911] binder: undelivered TRANSACTION_ERROR: 29201 [ 3353.448576] binder: 32703:32712 transaction failed 29189/-22, size 647-13 line 3138 [ 3353.448822] binder: undelivered TRANSACTION_ERROR: 29189 [ 3353.501269] binder: 32721:32724 transaction failed 29189/-22, size 96-24 line 3138 [ 3353.501402] binder: undelivered TRANSACTION_ERROR: 29189 [ 3353.528309] binder: 32720:32728 transaction failed 29189/-22, size 647-13 line 3138 [ 3353.528651] binder: undelivered TRANSACTION_ERROR: 29189 03:58:52 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x0) 03:58:52 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:52 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:52 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:52 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:58:52 executing program 3: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) preadv(r0, &(0x7f0000000740)=[{&(0x7f0000000600)=""/164, 0xa4}], 0x1, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file0/file0\x00', 0x0, 0x0, 0xfffffffffffffe10, 0x0) write$FUSE_INIT(r0, &(0x7f0000000300)={0x50, 0x0, 0x1}, 0x50) 03:58:52 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:52 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:52 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:52 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3354.213434] binder: 32743:32747 ioctl c0306201 0 returned -14 [ 3354.217721] binder: 32744:32749 transaction failed 29189/-22, size 96-24 line 3138 03:58:53 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:53 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) [ 3354.217849] binder: undelivered TRANSACTION_ERROR: 29189 [ 3354.244580] binder: 32753:32754 got transaction with invalid offsets ptr [ 3354.244609] binder: 32753:32754 transaction failed 29201/-14, size 96-24 line 3330 [ 3354.244984] binder: undelivered TRANSACTION_ERROR: 29201 [ 3354.268920] binder: 32755:32757 transaction failed 29189/-22, size 96-24 line 3138 [ 3354.269115] binder: undelivered TRANSACTION_ERROR: 29189 [ 3354.288567] binder: 32761:32763 got transaction with invalid offsets ptr [ 3354.288596] binder: 32761:32763 transaction failed 29201/-14, size 96-24 line 3330 [ 3354.288777] binder: undelivered TRANSACTION_ERROR: 29201 [ 3354.307563] binder_alloc: 300: binder_alloc_buf, no vma [ 3354.307580] binder: 300:301 transaction failed 29189/-3, size 96-24 line 3284 [ 3354.307820] binder: undelivered TRANSACTION_ERROR: 29189 03:58:53 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:58:53 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:58:53 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:53 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:53 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="a4ab12f728db4b2b4d2f2fba4fad0b3a47006db763e3a227deb6999d32772cf2eebb1bb054d54ac45a333c28785d630fd1a2d25799eb00ea36a133349cce8d7986f5f3a2518643b12871", 0x4a}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) tkill(r0, 0x3f) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:58:53 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="02006800000f000000000000000000008128b1470000", 0x16, 0x1a0}]) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:58:53 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:53 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:58:53 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:58:53 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:53 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3355.048850] binder: 309:313 ioctl c0306201 0 returned -14 [ 3355.054969] binder_alloc: 311: binder_alloc_buf, no vma 03:58:53 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:53 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0, 0x0}) [ 3355.054989] binder: 311:314 transaction failed 29189/-3, size 96-24 line 3284 [ 3355.055367] binder: undelivered TRANSACTION_ERROR: 29189 [ 3355.074580] binder: 312:315 transaction failed 29189/-22, size 96-24 line 3138 [ 3355.074877] binder: undelivered TRANSACTION_ERROR: 29189 [ 3355.084646] binder_alloc: 320: binder_alloc_buf, no vma [ 3355.084665] binder: 320:327 transaction failed 29189/-3, size 96-24 line 3284 03:58:53 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:58:53 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:53 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) [ 3355.085251] binder: undelivered TRANSACTION_ERROR: 29189 [ 3355.126690] binder: 330:332 transaction failed 29189/-22, size 96-24 line 3138 [ 3355.126965] binder: undelivered TRANSACTION_ERROR: 29189 [ 3355.248112] binder: 360:362 ioctl c0306201 0 returned -14 [ 3355.256459] binder: 359:365 transaction failed 29189/-22, size 96-24 line 3138 [ 3355.256732] binder: undelivered TRANSACTION_ERROR: 29189 03:58:56 executing program 5: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="02006800000f000000000000000000008128b14700000000d59863d20000000002000f2020cc00000000ff0700690000000000000000000000000000000000000000000000000000000000000000000000000000000000008a6e94c0000055aa", 0x16f, 0x1a0}]) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)) fcntl$addseals(0xffffffffffffffff, 0x409, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:58:56 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0, 0x0}) 03:58:56 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:56 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:56 executing program 3: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="02006800000f000000000000000000008128b1470000", 0x16, 0x1a0}]) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:58:56 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:58:56 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:56 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 3358.063190] binder_alloc: 371: binder_alloc_buf, no vma [ 3358.072272] binder: 371:372 transaction failed 29189/-3, size 96-24 line 3284 [ 3358.081039] binder: 375:377 ioctl c0306201 0 returned -14 03:58:56 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0, 0x0}) 03:58:56 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:58:56 executing program 4: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) [ 3358.081680] binder: 373:376 got transaction with invalid parent offset or type 03:58:56 executing program 4: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) [ 3358.081714] binder: 373:376 transaction failed 29201/-22, size 96-24 line 3454 [ 3358.082051] binder: undelivered TRANSACTION_ERROR: 29201 [ 3358.122119] binder: 386:389 got transaction with invalid parent offset or type [ 3358.122160] binder: 386:389 transaction failed 29201/-22, size 96-24 line 3454 [ 3358.122351] binder: undelivered TRANSACTION_ERROR: 29201 [ 3358.248679] binder: undelivered TRANSACTION_ERROR: 29189 03:58:57 executing program 5: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}]}}) chown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 03:58:57 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:57 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:58:57 executing program 4: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:57 executing program 3: syz_read_part_table(0x0, 0x1, &(0x7f0000000140)=[{0x0, 0x0, 0x1a0}]) socketpair$unix(0x1, 0x0, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:58:57 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:57 executing program 5: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getpid() r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) preadv(r0, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/4, 0x4}], 0x1, 0x0) 03:58:57 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:57 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0, 0x0}) 03:58:57 executing program 5: syz_read_part_table(0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000), 0x0, 0x1a0}]) 03:58:57 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)}}], 0x0, 0x0, 0x0}) [ 3358.915847] binder_alloc: 412: binder_alloc_buf, no vma [ 3358.926208] binder: 413:422 got transaction with invalid offsets size, 13 [ 3358.926235] binder: 413:422 transaction failed 29201/-22, size 647-13 line 3338 [ 3358.926436] binder: undelivered TRANSACTION_ERROR: 29201 03:58:57 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:57 executing program 5: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000180)='threaded\x00', 0x2d1ee37) clone(0x20001000104, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() mount(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x23) creat(&(0x7f00000000c0)='./file0\x00', 0x0) 03:58:57 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)}}], 0x0, 0x0, 0x0}) [ 3358.974183] binder: 412:416 transaction failed 29189/-3, size 96-24 line 3284 [ 3358.989818] binder: undelivered TRANSACTION_ERROR: 29189 [ 3358.995095] binder_alloc: 431: binder_alloc_buf, no vma 03:58:57 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:57 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0, 0x0}) [ 3358.995113] binder: 431:440 transaction failed 29189/-3, size 96-24 line 3284 [ 3359.009227] binder: 434:437 got transaction with invalid offset (0, min 0 max 0) or object. [ 3359.009256] binder: 434:437 transaction failed 29201/-22, size 0-24 line 3379 [ 3359.067166] binder: BINDER_SET_CONTEXT_MGR already set [ 3359.067173] binder: 444:451 ioctl 40046207 0 returned -16 [ 3359.069985] binder_alloc: 434: binder_alloc_buf, no vma [ 3359.070005] binder: 444:451 transaction failed 29189/-3, size 0-24 line 3284 [ 3359.070718] binder: BINDER_SET_CONTEXT_MGR already set [ 3359.070727] binder: 443:448 ioctl 40046207 0 returned -16 [ 3359.073744] binder_alloc: 412: binder_alloc_buf, no vma [ 3359.073762] binder: 443:448 transaction failed 29189/-3, size 96-24 line 3284 [ 3359.094272] binder: BINDER_SET_CONTEXT_MGR already set [ 3359.094282] binder: 449:454 ioctl 40046207 0 returned -16 [ 3359.096731] binder_alloc: 431: binder_alloc_buf, no vma [ 3359.096753] binder: 449:454 transaction failed 29189/-3, size 96-24 line 3284 [ 3359.105205] binder: BINDER_SET_CONTEXT_MGR already set [ 3359.105214] binder: 453:455 ioctl 40046207 0 returned -16 [ 3359.217059] binder: undelivered TRANSACTION_ERROR: 29189 [ 3359.222674] binder: undelivered TRANSACTION_ERROR: 29189 [ 3359.228881] binder: undelivered TRANSACTION_ERROR: 29189 [ 3359.234650] binder: undelivered TRANSACTION_ERROR: 29201 [ 3359.240581] binder: undelivered TRANSACTION_ERROR: 29189 03:58:58 executing program 3: r0 = getpgrp(0x0) r1 = gettid() rt_sigprocmask(0x0, &(0x7f00000000c0)={0x7fffffff}, 0x0, 0x8) rt_tgsigqueueinfo(r0, r1, 0x4000000000000007, &(0x7f0000000100)) rt_sigtimedwait(&(0x7f0000000000)={0x7fffffffffffff66}, &(0x7f0000a72ff0), 0x0, 0x8) 03:58:58 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)}}], 0x0, 0x0, 0x0}) 03:58:58 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:58 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:58 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0, 0x0}) 03:58:58 executing program 5: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) creat(&(0x7f0000000400)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000240)='./file0\x00', 0x0, 0x7a00, 0x0) 03:58:58 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:58 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:58 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0xa, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3359.815445] binder_alloc: 468: binder_alloc_buf, no vma [ 3359.822524] binder: 468:471 transaction failed 29189/-3, size 96-24 line 3284 [ 3359.841957] binder: undelivered TRANSACTION_ERROR: 29189 03:58:58 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', 0x0}) socketpair$unix(0x1, 0x80001, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0xfffffffffffffd3f, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x60, 0x24, 0x507, 0x0, 0x0, {0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7, 0x1, 'fq\x00'}, {0x34, 0x2, [@TCA_FQ_RATE_ENABLE={0x8}, @TCA_FQ_FLOW_DEFAULT_RATE={0x8}, @TCA_FQ_FLOW_PLIMIT={0x8}, @TCA_FQ_BUCKETS_LOG={0x8, 0x8, 0xc}, @TCA_FQ_PLIMIT={0x8}, @TCA_FQ_INITIAL_QUANTUM={0xfffffffffffffc5b}]}}]}, 0x60}}, 0x0) 03:58:58 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:58 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:58 executing program 5: perf_event_open(&(0x7f0000000040)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000000)) [ 3359.870727] binder: 476:482 got transaction with invalid offset (0, min 0 max 0) or object. [ 3359.883097] binder: 486:489 transaction failed 29189/-22, size 96-24 line 3138 [ 3359.883475] binder: undelivered TRANSACTION_ERROR: 29189 [ 3359.935125] binder: 491:494 got transaction with invalid offsets size, 13 [ 3359.935151] binder: 491:494 transaction failed 29201/-22, size 647-13 line 3338 03:58:58 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0x0, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:58 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)}}], 0x0, 0x0, 0x0}) 03:58:58 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:58 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:58:58 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:58 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3359.935390] binder: undelivered TRANSACTION_ERROR: 29201 [ 3359.954073] binder: 498:502 transaction failed 29189/-22, size 96-24 line 3138 [ 3359.954390] binder: undelivered TRANSACTION_ERROR: 29189 [ 3360.015194] binder: 476:482 transaction failed 29201/-22, size 0-24 line 3379 [ 3360.026473] binder: undelivered TRANSACTION_ERROR: 29201 03:58:58 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:58:58 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:58 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:58 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:58 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3360.061671] binder: 513:522 got transaction with invalid offset (0, min 0 max 0) or object. [ 3360.066442] binder: 516:524 transaction failed 29189/-22, size 96-24 line 3138 03:58:58 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:58:58 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) [ 3360.066578] binder: undelivered TRANSACTION_ERROR: 29189 [ 3360.070633] binder: 520:525 got transaction with invalid offsets size, 13 [ 3360.070660] binder: 520:525 transaction failed 29201/-22, size 647-13 line 3338 [ 3360.070799] binder: undelivered TRANSACTION_ERROR: 29201 [ 3360.070884] binder: 517:521 got transaction with invalid offsets ptr [ 3360.070910] binder: 517:521 transaction failed 29201/-14, size 96-24 line 3330 [ 3360.071164] binder: undelivered TRANSACTION_ERROR: 29201 [ 3360.080929] binder: 514:523 got transaction with invalid offsets ptr [ 3360.080950] binder: 514:523 transaction failed 29201/-14, size 96-24 line 3330 [ 3360.081236] binder: undelivered TRANSACTION_ERROR: 29201 [ 3360.137110] binder: 528:536 got transaction with invalid parent offset or type [ 3360.137146] binder: 528:536 transaction failed 29201/-22, size 96-24 line 3454 [ 3360.137322] binder: undelivered TRANSACTION_ERROR: 29201 [ 3360.141722] binder: 534:537 got transaction with invalid offsets ptr [ 3360.141745] binder: 534:537 transaction failed 29201/-14, size 96-24 line 3330 [ 3360.142082] binder: undelivered TRANSACTION_ERROR: 29201 [ 3360.144524] binder: 532:538 got transaction with invalid offsets ptr [ 3360.144547] binder: 532:538 transaction failed 29201/-14, size 96-24 line 3330 [ 3360.144780] binder: undelivered TRANSACTION_ERROR: 29201 [ 3360.147661] binder: 533:539 got transaction with invalid offsets size, 13 03:58:59 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)}}], 0x0, 0x0, 0x0}) 03:58:59 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:59 executing program 1: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:59 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, 0x0}}], 0x0, 0x0, 0x0}) 03:58:59 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, &(0x7f0000000900)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000980)=0x80, 0x80000) stat(&(0x7f00000009c0)='./file0\x00', &(0x7f0000000a00)) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000018c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000fbff00010959158b9ac821b0050000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000004000000000020ffef0000000000000000000000000000cf0000000000000000000000007fb593c60000000000000000000000000000000092dfc8107ac7b075a58b501b8082b9a4dc307674d93199e766e3b9e1736003bc418ff8495f254848398cea23373ca80b77a2748307b62f6703160ac41bb3525155eb439b16cfcd86ee763e82564116b6303b8412d8557873ed89b548be7b94d580d2ab543ed1d62ac1b2691118501e8ed0e9d0dcfd4adad9d8d7e97cd25155f9c423edaebc8978c8fee669d5fb4b452ee3c37a68c9c2cc75b112ed174fb2e04456e0501938bf90900bae315376af11ec7260baa755038546c8857ee44088a19f0ec58f5c51a9a60fc71486a333321cf066211d3f556fceea7ff39b9f5b80725e66ed764692720c631fed7529e67c55a283a88f35368c3f5c023d48163a6d0900996227882fec5a77256fdb07ce69105c8904aff0a359e0eba663e5a5359e2a6c4cda44e30ba5a05e2dcba9d9720fb4348c1760471ec3339810432284372e855953fd52de2f09b18ce328921b62b92077d39025bac6086c73afa1ac31a4ad9cbac6a9672b95acdcc3f45e1201d05906176a83a0103e5a64d13fd5ff3877e28b6d9da915cb6718a4d813f6ffbc210d0db3bc27442e9e7ea3219a57915aaaa2671436905afa17448a388d6ae1324626aa794c137d1a91fbb49a5f577d01ae975dc63ad002587b6565194391e347c2a4a3c140b0a93c426dd3315db57c9bfb8e776047e095cb63684b69e2ef3f9e4fc30c5bc219a2fcd5ce918d1c349892bc66adf842d81179e8601325c136f00d00bd6a9762f6de89ee544a894c0814fba168545dcd86e31d6acddb63650489bfad31004dbb880c65f88b6890a49bcd12dea18b06b99429f80977af6d7410a0fc7b4e51ea1640302ef587ed94925aef4134eca31d1be02569807ddece6cd3633042b8f06fd0994e7a2f2e0e7c59db863a35e06429b4f8b982a08939a0d8ebf2b790125ff845a6e9d143e48d6b80a958125bdfef81c66512ceeeabcaab3b7e86564a08ae1a34909d027cf71a90d92324b572f3f1cc0b864217d3fcf7ab633701e5c90dae4c6fcbe7bb963b5ffd015cdb4b1752866f4de4ccbc23ee162e507b0f777f69a8a510e272e5387eabeefb1116db37f679982675ee5ece99a4163c75872eefb451e455734672db847872dae04a"], 0x1) fstat(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x2, &(0x7f0000000a80)=[r4, 0x0]) socket$inet6(0xa, 0x80001, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x2000000, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:58:59 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) [ 3360.147685] binder: 533:539 transaction failed 29201/-22, size 647-13 line 3338 [ 3360.147913] binder: undelivered TRANSACTION_ERROR: 29201 [ 3360.199800] binder: 542:547 got transaction with invalid parent offset or type [ 3360.199835] binder: 542:547 transaction failed 29201/-22, size 96-24 line 3454 [ 3360.200017] binder: undelivered TRANSACTION_ERROR: 29201 [ 3360.345637] binder: 513:522 transaction failed 29201/-22, size 0-24 line 3379 [ 3360.354449] binder: undelivered TRANSACTION_ERROR: 29201 03:58:59 executing program 1: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:59 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:59 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, 0x0}}], 0x0, 0x0, 0x0}) [ 3360.386185] binder: 550:555 got transaction with invalid offsets ptr [ 3360.396241] binder: release 553:559 transaction 2963 out, still active [ 3360.396246] binder: undelivered TRANSACTION_COMPLETE 03:58:59 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)}}], 0x0, 0x0, 0x0}) [ 3360.406007] binder: 554:558 got transaction with invalid parent offset or type 03:58:59 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:59 executing program 1: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:59 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0x0, 0x1}}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3360.406045] binder: 554:558 transaction failed 29201/-22, size 96-24 line 3454 [ 3360.406725] binder: undelivered TRANSACTION_ERROR: 29201 [ 3360.425707] binder: send failed reply for transaction 2963, target dead [ 3360.435441] binder: 557:561 got transaction with invalid offset (0, min 0 max 0) or object. [ 3360.435468] binder: 557:561 transaction failed 29201/-22, size 0-24 line 3379 [ 3360.436261] binder: undelivered TRANSACTION_ERROR: 29201 [ 3360.447147] binder: 565:566 got transaction with invalid parent offset or type [ 3360.447187] binder: 565:566 transaction failed 29201/-22, size 96-24 line 3454 [ 3360.447389] binder: undelivered TRANSACTION_ERROR: 29201 [ 3360.485507] binder: 572:574 got transaction with invalid offset (0, min 0 max 0) or object. [ 3360.485536] binder: 572:574 transaction failed 29201/-22, size 0-24 line 3379 [ 3360.486838] binder: undelivered TRANSACTION_ERROR: 29201 [ 3360.492668] binder: release 568:573 transaction 2977 out, still active [ 3360.492673] binder: undelivered TRANSACTION_COMPLETE [ 3360.504742] binder: send failed reply for transaction 2977, target dead [ 3360.537186] binder: 577:580 got transaction with invalid parent offset or type [ 3360.537226] binder: 577:580 transaction failed 29201/-22, size 96-24 line 3454 [ 3360.537577] binder: undelivered TRANSACTION_ERROR: 29201 [ 3360.547542] binder: 584:585 got transaction with invalid offsets size, 13 [ 3360.547568] binder: 584:585 transaction failed 29201/-22, size 647-13 line 3338 [ 3360.547721] binder: undelivered TRANSACTION_ERROR: 29201 03:58:59 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:59 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, 0x0}}], 0x0, 0x0, 0x0}) 03:58:59 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3360.675872] binder: 550:555 transaction failed 29201/-14, size 96-24 line 3330 [ 3360.690360] binder: undelivered TRANSACTION_ERROR: 29201 [ 3360.710519] binder_alloc: 589: binder_alloc_buf, no vma [ 3360.718772] binder: 589:591 transaction failed 29189/-3, size 96-24 line 3284 [ 3360.720285] binder: release 588:593 transaction 2987 out, still active [ 3360.720289] binder: undelivered TRANSACTION_COMPLETE [ 3360.724615] binder: send failed reply for transaction 2987, target dead [ 3360.727928] binder: 592:594 got transaction with invalid offsets ptr [ 3360.727955] binder: 592:594 transaction failed 29201/-14, size 96-24 line 3330 [ 3360.728129] binder: undelivered TRANSACTION_ERROR: 29201 [ 3360.774777] binder: undelivered TRANSACTION_ERROR: 29189 03:58:59 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) getrlimit(0x0, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB="2c726f6f746d6fa247289d30303030303030303030302930303030f57e048b234342627365725f69643dbce9049256c08a98c9d80f58500da51ca09cd1ce31273f9bb02c5bdfca48f8338ffe0f62aa0901022b47eeeac77996f1494df423d2785c7d5a7986c23a601acc4b61c0eec21b9d1fc4c2f794903c1b7defecfd904ac1660dceac2471b16efb7dcdf0fb0196b63c56fadb17f561eb6aec3a9929d1a679045a08b434752d1b0d3a5a923701c2233a47692d6459cce8bc1253e18a0145b071a490f0af4958dab0f6c489f6e4e43e8f8b136f051ea2ad08431ae8fe66b02d7c04f37976858e763515d51fe87b65bd03eb27a18ea13335240b9f47fb308913ddd3ee072613b372ee1f844ec337d039f94da09afcef", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) tkill(r1, 0x1004000000016) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000340)={0x25, {{0xa, 0x4e21, 0x5, @dev={0xfe, 0x80, [], 0x11}, 0xbbc9}}, 0x1, 0x4, [{{0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, [], 0x11}, 0xa9af}}, {{0xa, 0x4e22, 0xc38, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x8001}}, {{0xa, 0x4e20, 0xffffffff, @empty, 0x1}}, {{0xa, 0x4e24, 0x9, @remote, 0x1}}]}, 0x290) tkill(r0, 0x1000000000016) 03:58:59 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:58:59 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:58:59 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:59 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:59 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0063401e8c26f75b3b6354f7425189400000000000000000000000000000000000000000000000000000000000000000870200007502338b0161fe5a97a03bdf860fb7d5feccfaa690f31a128ab3b154712ee582a64c908635fad86a89e14b14498c4495031e8e856d39bb72c40100000000000000d2bd959e8b37484166850b952a34f6c421749e33387afb61decdece3d9a0355423f29b75cd2df8669975a6", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/88], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) getuid() r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$KDGKBSENT(r2, 0x4b48, &(0x7f0000000040)={0x4, 0xfd, 0x8001}) 03:58:59 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:58:59 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, 0x0}}], 0x0, 0x0, 0x0}) [ 3361.208923] binder: 599:602 got transaction with invalid parent offset or type 03:59:00 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r2 = socket$inet6(0xa, 0x80003, 0x9f) write$binfmt_misc(r2, &(0x7f0000000240)={'syz1', "440dd553dc15ded311d4e359d8645329801472a09b6fdd841bc464d2509af55dca9550e556e3ea65b1205feb95a4f419b8a86ea55162ead76db3d2c62661f4df3b5d6156623a10355cb983d9d42e3807bce30771f209c6885744590ed86de08a0b2c869af6b067cc23dcb5550e4572f472b1e0b9916605cf26b16134e086326577a8febf05fc5d91a2471f545b010c05e721f20ecc8576ae680b6846a71a43"}, 0xa3) 03:59:00 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3361.210179] binder: 600:604 got transaction with invalid offsets ptr [ 3361.210206] binder: 600:604 transaction failed 29201/-14, size 96-24 line 3330 [ 3361.210404] binder: undelivered TRANSACTION_ERROR: 29201 [ 3361.213186] binder: 601:606 unknown command 507536128 03:59:00 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3361.213194] binder: 601:606 ioctl c0306201 20000140 returned -22 [ 3361.220582] binder: 598:608 got transaction with invalid offsets size, 13 [ 3361.220612] binder: 598:608 transaction failed 29201/-22, size 647-13 line 3338 03:59:00 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3361.220844] binder: undelivered TRANSACTION_ERROR: 29201 [ 3361.267818] binder_alloc: 603: binder_alloc_buf, no vma [ 3361.267891] binder: 603:607 transaction failed 29189/-3, size 96-24 line 3284 [ 3361.269061] binder: 601:612 unknown command 507536128 [ 3361.269070] binder: 601:612 ioctl c0306201 20000140 returned -22 [ 3361.269236] binder: undelivered TRANSACTION_ERROR: 29189 [ 3361.310631] binder: 617:618 got transaction with invalid offsets ptr [ 3361.310660] binder: 617:618 transaction failed 29201/-14, size 96-24 line 3330 [ 3361.310836] binder: undelivered TRANSACTION_ERROR: 29201 [ 3361.348197] binder: 621:625 got transaction with invalid offsets size, 13 [ 3361.348226] binder: 621:625 transaction failed 29201/-22, size 647-13 line 3338 [ 3361.348720] binder: undelivered TRANSACTION_ERROR: 29201 [ 3361.357809] binder: 621:628 got transaction with invalid offsets size, 13 [ 3361.357842] binder: 621:628 transaction failed 29201/-22, size 647-13 line 3338 [ 3361.358478] binder: undelivered TRANSACTION_ERROR: 29201 [ 3361.361116] binder_alloc: 622: binder_alloc_buf, no vma [ 3361.361134] binder: 622:626 transaction failed 29189/-3, size 96-24 line 3284 [ 3361.361568] binder: undelivered TRANSACTION_ERROR: 29189 [ 3361.363287] binder: 623:627 got transaction with invalid offsets ptr [ 3361.363316] binder: 623:627 transaction failed 29201/-14, size 96-24 line 3330 [ 3361.363486] binder: undelivered TRANSACTION_ERROR: 29201 [ 3361.403753] binder: release 624:629 transaction 3013 out, still active [ 3361.403758] binder: undelivered TRANSACTION_COMPLETE [ 3361.423983] binder: send failed reply for transaction 3013, target dead [ 3361.437229] binder: 634:635 got transaction with invalid offsets ptr [ 3361.437258] binder: 634:635 transaction failed 29201/-14, size 96-24 line 3330 [ 3361.437755] binder: undelivered TRANSACTION_ERROR: 29201 [ 3361.584101] binder: 599:602 transaction failed 29201/-22, size 96-24 line 3454 [ 3361.593023] binder: undelivered TRANSACTION_ERROR: 29201 03:59:00 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x18, 0x0, &(0x7f0000000040)=[@clear_death={0x400c630f, 0x3}, @acquire={0x40046305, 0x2}], 0x55, 0x0, &(0x7f0000000240)="df6ebbcc23e8c736b03e784ce483e935666c55cd9b155ec9d988b97de30aa807f1da9cd1db3e330ee546898803eff97b52ff0cbf6b12172fd6a00c2b1827fafec1708bb9d396b85db349438621475ea9fa244f08fe"}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) write$binfmt_elf32(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x20, 0xed, 0x20, 0xff, 0x6, 0x3, 0x6, 0x4, 0x75, 0x38, 0xf9, 0x8001, 0x5, 0x20, 0x1, 0x0, 0x2, 0x5}, [{0x6, 0x18b, 0x401, 0x8, 0x24b22926, 0x6, 0x7, 0x100020}, {0x6474e552, 0x521, 0x5, 0x0, 0x3, 0x0, 0xffffeec4, 0x7}], "6b8ee1618368c4c9bb4e1a5d361a3bd698ab25e7bae99f73427e082ecb55b97b20c8cb08784eea430c8afc32e8f9082687743b6de2a620065310852c066b49ee26a79567080b29537ca34ab80db69a5e253f1436fd1a9f1c18571bd522a4767576f80edeb5fca1ebb34a54bdf81c0d62361e7caa0cf27e799b32a073f3aced0c119397b737d7db337330b27823544be42548f2babf54a510db59eadc9f973584687ddfcd41d3543e9ba7a5956ac1791c6c5ce62ffcaf", [[], [], [], [], [], [], []]}, 0x82e) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0xa, 0x3}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:00 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:00 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, 0x0}}], 0x0, 0x0, 0x0}) 03:59:00 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:00 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:00 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) getsockopt$IPT_SO_GET_REVISION_TARGET(r6, 0x0, 0x43, &(0x7f0000000080)={'icmp\x00'}, &(0x7f0000000100)=0x1e) r7 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = socket$inet_udplite(0x2, 0x2, 0x88) fstat(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r9, 0x0) ioctl$TUNSETGROUP(r7, 0x400454ce, r9) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="76643dc0d05a80ee85860534103f2ae47a919f5d88ac366e37fd22a6140e386b32553188405c0945", @ANYRESHEX, @ANYBLOB=',rootmode=00000000000020000000000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:00 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:00 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, 0x0}}], 0x0, 0x0, 0x0}) [ 3362.107646] binder: release 644:649 transaction 3017 out, still active [ 3362.116472] binder: undelivered TRANSACTION_COMPLETE 03:59:00 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:00 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:00 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:00 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3362.118499] binder: 646:652 got transaction with invalid parent offset or type [ 3362.118534] binder: 646:652 transaction failed 29201/-22, size 96-24 line 3454 03:59:00 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:00 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:00 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:00 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/88], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="00000000c8038a24c4d57a7d00"/24]], 0x0, 0x0, 0x0}) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000004c0)=0x0) ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f0000000100)={0x0, 0x0, 0x35b2, 0xe0b7}) arch_prctl$ARCH_SET_GS(0x1001, 0x9) io_submit(r5, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x10000}]) io_destroy(r5) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80114}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0xf4, r6, 0x520, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'netdevsim0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x401}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1f}, @IPVS_DEST_ATTR_TUN_TYPE={0x8}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x5c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'hwsim0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x1f}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={[], [], @remote}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x40000004}, 0x80) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8008400}, 0xc, &(0x7f0000000040)={&(0x7f0000000240)={0x130, r6, 0x800, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1f}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x6}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xff}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblc\x00'}]}, @IPVS_CMD_ATTR_DEST={0x60, 0x2, [@IPVS_DEST_ATTR_TUN_TYPE={0x8, 0xd, 0x2d6d90f8e0ba4dad}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xc6}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x1}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xfffffffa}, @IPVS_DEST_ATTR_TUN_TYPE={0x8}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x36}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@dev={0xac, 0x14, 0x14, 0x1a}}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xef}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1000}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xffff0001}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip6_vti0\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0xf}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x80}, 0x4008000) [ 3362.122371] binder: 645:648 transaction failed 29189/-22, size 96-24 line 3138 03:59:01 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3362.125525] binder: 647:650 got transaction with invalid offsets ptr [ 3362.125616] binder: 647:650 transaction failed 29201/-14, size 96-24 line 3330 [ 3362.180972] binder: 656:663 transaction failed 29189/-22, size 96-24 line 3138 [ 3362.193142] binder: BINDER_SET_CONTEXT_MGR already set [ 3362.193151] binder: 658:665 ioctl 40046207 0 returned -16 [ 3362.193439] binder_alloc: 644: binder_alloc_buf, no vma [ 3362.193458] binder: 658:665 transaction failed 29189/-3, size 88-0 line 3284 [ 3362.206677] binder: BINDER_SET_CONTEXT_MGR already set [ 3362.206686] binder: 664:667 ioctl 40046207 0 returned -16 [ 3362.207135] binder_alloc: 647: binder_alloc_buf, no vma [ 3362.207155] binder: 664:667 transaction failed 29189/-3, size 96-24 line 3284 [ 3362.207730] binder: BINDER_SET_CONTEXT_MGR already set [ 3362.207737] binder: 662:666 ioctl 40046207 0 returned -16 [ 3362.209032] binder_alloc: 646: binder_alloc_buf, no vma [ 3362.209049] binder: 662:666 transaction failed 29189/-3, size 96-24 line 3284 [ 3362.223142] binder: 668:670 transaction failed 29189/-22, size 96-24 line 3138 [ 3362.270432] binder: BINDER_SET_CONTEXT_MGR already set [ 3362.270442] binder: 672:678 ioctl 40046207 0 returned -16 [ 3362.271322] binder_alloc: 647: binder_alloc_buf, no vma [ 3362.271342] binder: 672:678 transaction failed 29189/-3, size 96-24 line 3284 [ 3362.277190] binder: BINDER_SET_CONTEXT_MGR already set [ 3362.277199] binder: 675:683 ioctl 40046207 0 returned -16 [ 3362.277290] binder: BINDER_SET_CONTEXT_MGR already set [ 3362.277297] binder: 675:683 ioctl 40046207 0 returned -16 [ 3362.278352] binder_alloc: 644: binder_alloc_buf, no vma [ 3362.278376] binder: 675:683 transaction failed 29189/-3, size 647-13 line 3284 [ 3362.284044] binder: BINDER_SET_CONTEXT_MGR already set [ 3362.284052] binder: 675:687 ioctl 40046207 0 returned -16 [ 3362.284128] binder: BINDER_SET_CONTEXT_MGR already set [ 3362.284133] binder: 675:683 ioctl 40046207 0 returned -16 [ 3362.284934] binder: BINDER_SET_CONTEXT_MGR already set [ 3362.284941] binder: 680:685 ioctl 40046207 0 returned -16 [ 3362.286000] binder: BINDER_SET_CONTEXT_MGR already set [ 3362.286008] binder: 681:686 ioctl 40046207 0 returned -16 [ 3362.286474] binder_alloc: 643: binder_alloc_buf, no vma [ 3362.286494] binder: 681:686 transaction failed 29189/-3, size 647-13 line 3284 [ 3362.287431] binder_alloc: 646: binder_alloc_buf, no vma [ 3362.287450] binder: 680:685 transaction failed 29189/-3, size 96-24 line 3284 [ 3362.302740] binder: 684:688 got transaction with invalid offsets ptr [ 3362.302770] binder: 684:688 transaction failed 29201/-14, size 96-24 line 3330 [ 3362.320243] binder: BINDER_SET_CONTEXT_MGR already set [ 3362.320252] binder: 689:692 ioctl 40046207 0 returned -16 [ 3362.320729] binder_alloc: 647: binder_alloc_buf, no vma [ 3362.320749] binder: 689:692 transaction failed 29189/-3, size 96-24 line 3284 [ 3362.602155] binder: undelivered TRANSACTION_ERROR: 29189 [ 3362.607803] binder: undelivered TRANSACTION_ERROR: 29189 [ 3362.613347] binder: undelivered TRANSACTION_ERROR: 29201 [ 3362.618966] binder: undelivered TRANSACTION_ERROR: 29189 [ 3362.624517] binder: undelivered TRANSACTION_ERROR: 29189 [ 3362.630131] binder: undelivered TRANSACTION_ERROR: 29189 [ 3362.635706] binder: undelivered TRANSACTION_ERROR: 29189 [ 3362.641305] binder: undelivered TRANSACTION_ERROR: 29189 [ 3362.646889] binder: undelivered TRANSACTION_ERROR: 29189 [ 3362.652425] binder: undelivered TRANSACTION_ERROR: 29189 [ 3362.658018] binder: undelivered TRANSACTION_ERROR: 29189 [ 3362.663767] binder: undelivered TRANSACTION_ERROR: 29201 [ 3362.669371] binder: undelivered TRANSACTION_ERROR: 29189 [ 3362.675042] binder: undelivered TRANSACTION_ERROR: 29201 [ 3362.680676] binder: send failed reply for transaction 3017, target dead 03:59:01 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x4f) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000100)={&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040)="a32ae4e1d8ab11c49ded55a9d2e746cea624c16f4336fd8cf525afbf8f393e13a0a70b17ce3474e87ffb86b342d15719bc", 0x31, r4}, 0x68) socket$inet6(0xa, 0x1, 0x8) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB="2c726f6f745f6f64653d302030303030303030303030303030570800003030f4b26fccd0756c65d040467a19895b8ece89657980a79580aa55fd86bdab8cb9a97dfa000000000000", @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f69643d65f23e3bde8544960cf591a98ae2b98391e77c69da2eedf457d6755ccbc2533fc89478b480f826c5044cfd6be571337e93bd6d86febc2f3c53a732dff3e1b876508c648fd2bd2b3114952f5322fb9ae7fff3bd3ac1e75fb6f1c760f202ef", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) unshare(0x4000000) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:01 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:01 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:01 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000850000b3860000000000852a6877000000000000000001fc00000000000000110000"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) 03:59:01 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:01 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@handle={0x73682a85, 0x819b248a9cc68adb}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r2 = dup3(r1, 0xffffffffffffffff, 0x80000) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0x5, &(0x7f0000000240)=0x2, 0x4) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', r4}, 0x10) 03:59:01 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:01 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000001c0)=[@register_looper], 0x0, 0x0, 0x0}) 03:59:01 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:01 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:01 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x77) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a747000000000000000000000000000009dd20000000000000000000000000000000000000000852a627700000000000000000000000000000000e3000000852a687700"/88], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000240)) [ 3363.017595] binder: 709:711 got transaction with invalid offsets ptr [ 3363.031066] binder_alloc: 710: binder_alloc_buf, no vma [ 3363.031086] binder: 710:716 transaction failed 29189/-3, size 647-13 line 3284 03:59:01 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/184, 0xb8, 0x2, 0x16}, @flat=@weak_handle}, &(0x7f0000000180)={0x0, 0x28, 0x50}}}], 0x0, 0x0, 0x0}) [ 3363.031326] binder: undelivered TRANSACTION_ERROR: 29189 [ 3363.038683] binder: 712:717 got transaction with invalid handle, 0 [ 3363.038720] binder: 712:717 transaction failed 29201/-22, size 88-24 line 3411 [ 3363.040890] binder: undelivered TRANSACTION_ERROR: 29201 [ 3363.091819] binder: 725:726 ERROR: BC_REGISTER_LOOPER called without request [ 3363.161192] binder: 740:742 got transaction with too large buffer [ 3363.161222] binder: 740:742 transaction failed 29201/-22, size 104-24 line 3493 [ 3363.161376] binder: undelivered TRANSACTION_ERROR: 29201 [ 3363.170056] binder: 740:745 got transaction with too large buffer [ 3363.170083] binder: 740:745 transaction failed 29201/-22, size 104-24 line 3493 [ 3363.170314] binder: undelivered TRANSACTION_ERROR: 29201 [ 3363.218921] binder: 709:711 transaction failed 29201/-14, size 96-24 line 3330 [ 3363.228095] binder: undelivered TRANSACTION_ERROR: 29201 03:59:02 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) clock_gettime(0x0, &(0x7f0000000080)) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000040)={{r1, r2+10000000}, {0x0, 0x1c9c380}}, 0x0) r3 = gettid() r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000000000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="67726f75700100000000000000000000e70000002db5f031fd0f17fbd05c640b95b94ffd6d1f1b1ae3186339e357e8323ed68145c53d9d2d75c61106451028ad9c6675ca0165042391cb", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) tkill(r3, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:02 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:59:02 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x10000000000000) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/enforce\x00', 0x800, 0x0) ioctl$BLKPG(r8, 0x1269, &(0x7f0000000180)={0x4, 0xffffffff, 0x18, &(0x7f0000000100)="27fd9fd00f0c3d50e3d108290fbb8f4884201de92e7b8ab7"}) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$RTC_IRQP_READ(r5, 0x8008700b, &(0x7f0000000040)) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r9, 0x8903, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYRES64=r2, @ANYRESHEX], 0x23, 0x0, 0x0}) 03:59:02 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:02 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff}) mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x400, 0x0) ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) ioctl$sock_inet_SIOCGIFADDR(r3, 0x8915, &(0x7f0000000240)={'veth0_to_team\x00', {0x2, 0x4e22, @broadcast}}) 03:59:02 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:02 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = add_key(&(0x7f0000000040)='trusted\x00', &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000100)="d0da82b7923cabce2e1fd74199fcc4559f4caa46d669bb3d3c4d19f9e3c1c3f0abd6110e6dfa21d69cf58b5d018a23052c66aeef7ea33e42517b228f0bf146f94aea8700d7174ed58fe6f354b9e59633c68005a4ea7ae18cad224101c52554eeee21d0b4f9203222e3516f171757f742139b680cda20f9d23d06b229b6b84fd0551085088cca1355707dd5e4b6bf4e0e460410de6feefa0b21ba879e507a16b578855c2b755bc16c89923c25a23c238dc75464c4a1585e04905a9fa0b2c7608a7edf19f6ef16c9308ca45b9c12e0916fe0e0e22c78", 0xd5, 0xfffffffffffffff9) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000200)={r1, 0x97, 0x17}, &(0x7f0000000240)={'enc=', 'raw', ' hash=', {'sha512\x00'}}, &(0x7f00000002c0)="dcedd653ad8e7b455a4edb28ad3611ebafd0fea24653c35a97fdfd437b7d540db78b4ec477234b056cd4439a99511a1b3c2aa79e5f456a2e6fee57301b798dfca17a407b74ed265daa34f647e83f91debaa342caad31d53efa5abcfabc4749600fc6dc522d62a08a8f3ee4771c9c51740a637329b5795ac3127cc0b7d49d0b213037656f6b12c1f3880fe839e3e5e201fc55fea22c6012", &(0x7f0000000380)=""/23) r2 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) ioctl$FIGETBSZ(r2, 0x2, &(0x7f00000003c0)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0), 0xffffffffffffffb4, 0x0, 0x0}) 03:59:02 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$cgroup_subtree(r2, &(0x7f0000000000)={[{0x2d, 'io'}, {0x2b, 'memory'}, {0x2b, 'io'}, {0x2b, 'rdma'}, {0x2d, 'pids'}, {0x2b, 'pids'}, {0x2d, 'io'}, {0x2b, 'memory'}, {0x2d, 'rdma'}]}, 0x34) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x28262, 0x0) ioctl$RTC_ALM_READ(r4, 0x80247008, &(0x7f0000000240)) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3363.923189] binder: 752:755 got transaction with invalid offsets ptr [ 3363.930760] binder_alloc: 751: binder_alloc_buf, no vma [ 3363.930782] binder: 751:760 transaction failed 29189/-3, size 647-13 line 3284 03:59:02 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:02 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:59:02 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$mice(&(0x7f0000000240)='/dev/input/mice\x00', 0x0, 0x200000) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/2, 0x2) 03:59:02 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3363.931181] binder: undelivered TRANSACTION_ERROR: 29189 [ 3363.957916] binder: 758:763 ioctl c0306201 0 returned -14 [ 3364.001041] binder: 752:755 transaction failed 29201/-14, size 96-24 line 3330 [ 3364.013344] binder: 773:777 transaction failed 29189/-22, size 96-24 line 3138 [ 3364.013473] binder: undelivered TRANSACTION_ERROR: 29189 [ 3364.025163] binder: 774:781 ioctl c0306201 0 returned -14 [ 3364.061778] binder: 784:787 transaction failed 29189/-22, size 96-24 line 3138 [ 3364.061913] binder: undelivered TRANSACTION_ERROR: 29189 [ 3364.086469] binder: undelivered TRANSACTION_ERROR: 29201 03:59:05 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000040)={0x0, 0x3, 0x18}, 0xc) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000200)={r4, &(0x7f0000000100)="4acb3885de5d56688264d6e68d39394feed70e59ea0112d46ed2996dbcc31e436a127f30b1e9d39b2bec80d187886609e1ca31367df6ac8e5f14e02a6a6e7b7b10155cf680768a0e6f5fbd576d41847a94902876ac9301612ef3691f2acb0166705cbda76b1b85757e314f1717cf9b19c3a0c79212b2d99dec82144c33596fe0a4f0462de35512c1af84820fdeb0b4dcde734bea19b889be14b47498ace80b939277158b7616b6bacdd5548fb060071b5ca2e588d48574c792b0a4d32932037e6545e11f3016cf1f558b66c6fb440844816dda811cf8f0f926c89efe29cb059dbf90363827fb8428fe1515c8c7", &(0x7f0000000080), 0xe}, 0x20) 03:59:05 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x800) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) symlinkat(&(0x7f0000000000)='./file0\x00', r1, &(0x7f0000000240)='./file0\x00') r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) r4 = eventfd2(0x800, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x80, 0x0, &(0x7f0000000340)=[@reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f00000002c0)={@fd={0x66642a85, 0x0, r3}, @fd={0x66642a85, 0x0, r4}, @flat=@weak_binder={0x77622a85, 0x1201}}, &(0x7f0000000080)={0x0, 0x18, 0x30}}}, @release, @enter_looper, @decrefs={0x40046307, 0x3}, @register_looper, @clear_death, @dead_binder_done, @release], 0x0, 0x0, 0x0}) 03:59:05 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:59:05 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:05 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_tables_names\x00') mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r5, 0x20000000000) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r6 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:05 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:05 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:05 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3366.929045] binder: 792:793 got transaction with invalid offsets ptr [ 3366.938207] binder: 792:793 transaction failed 29201/-14, size 96-24 line 3330 [ 3366.945445] binder: 797:801 got reply transaction with no transaction stack [ 3366.945452] binder: 797:801 transaction failed 29201/-71, size 72-24 line 3046 03:59:05 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$eventfd(r3, &(0x7f0000000000)=0xffff, 0x8) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:05 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:59:05 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder={0x77622a85, 0xa}, @fda={0x66646185, 0x7, 0x0, 0x4000000031}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3366.946387] binder: undelivered TRANSACTION_ERROR: 29201 [ 3366.947803] binder: 795:798 transaction failed 29189/-22, size 96-24 line 3138 [ 3366.948114] binder: undelivered TRANSACTION_ERROR: 29189 03:59:05 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) r3 = fcntl$dupfd(r2, 0x2c28e289a5b2e35b, r0) ioctl$EVIOCGMTSLOTS(r3, 0x8040450a, &(0x7f0000000580)=""/147) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r4 = syz_open_dev$binderN(0x0, 0x0, 0x0) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = syz_genetlink_get_family_id$fou(&(0x7f0000000040)='fou\x00') accept4$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000280)=0x14, 0x180000) sendmsg$FOU_CMD_DEL(r6, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x880200}, 0xc, &(0x7f0000000300)={&(0x7f0000000740)=ANY=[@ANYBLOB="004038a99b569631dfdf4d3003a58c0000", @ANYRES16=r7, @ANYBLOB="6d0726bd7000ffdbdf250200000008000b0088cb1259a8cdbe5b47280bba561b34a939b0fd4bacf0d84d84d2fc315699bde3faa20db470ae28ed15d5de614fda091a9ae62a3ac98f06e683f92b1900c8562982a69f319a5d0997fee418623433123ffc54ce37ff5270c3d0d1c1decb9248990a84fb975cc316c7579416d06eba55c0831ec2524838c3aae6664b560297947f848af184c9e6833e044840", @ANYRES32=r8, @ANYBLOB="1400030000000000000000000000000000000101"], 0x5}, 0x1, 0x0, 0x0, 0x4}, 0x1) getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f0000000380)={{{@in6=@empty, @in6=@remote}}, {{@in6=@mcast2}, 0x0, @in=@loopback}}, &(0x7f00000000c0)=0xe8) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x200) r9 = accept$inet(0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000180)=0x10) setsockopt$IP_VS_SO_SET_TIMEOUT(r9, 0x0, 0x48a, &(0x7f00000001c0)={0x8, 0x675b, 0x7}, 0xc) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f0000000540)=ANY=[@ANYPTR], @ANYRESHEX=r1], 0x0, 0x0, 0x0}) [ 3366.948649] binder: 794:800 ioctl c0306201 0 returned -14 [ 3367.012579] binder_alloc: 808: binder_alloc_buf, no vma [ 3367.012599] binder: 808:814 transaction failed 29189/-3, size 647-13 line 3284 [ 3367.012988] binder: undelivered TRANSACTION_ERROR: 29189 [ 3367.014470] binder: 810:815 got transaction with invalid offsets size, 13 [ 3367.014495] binder: 810:815 transaction failed 29201/-22, size 647-13 line 3338 [ 3367.014651] binder: undelivered TRANSACTION_ERROR: 29201 [ 3367.019089] binder_alloc: 809: binder_alloc_buf, no vma [ 3367.019106] binder: 809:817 transaction failed 29189/-3, size 96-24 line 3284 [ 3367.019475] binder: undelivered TRANSACTION_ERROR: 29189 [ 3367.077546] binder: 823:826 got transaction with out-of-order buffer fixup [ 3367.077582] binder: 823:826 transaction failed 29201/-22, size 96-24 line 3467 [ 3367.077740] binder: undelivered TRANSACTION_ERROR: 29201 [ 3367.103854] binder: 824:827 got transaction with invalid offsets ptr [ 3367.103880] binder: 824:827 transaction failed 29201/-14, size 647-13 line 3330 [ 3367.104158] binder: undelivered TRANSACTION_ERROR: 29201 [ 3367.186255] binder: undelivered TRANSACTION_ERROR: 29201 03:59:06 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:59:06 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) fcntl$setlease(r4, 0x400, 0x0) getgroups(0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000180)={{{@in6=@local, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6=@mcast1}}, &(0x7f0000000080)=0xe8) sendto$packet(r3, &(0x7f0000000100)="7391e6aaf1443f0ec3326aef1ebc82001f742b28af965c0e39036d2c1f05a64c85b0a2e56eaab9ca413b5f1347d0d20f8fae16fabdfb684ff26fcaa104269be16fa5add4672d19a3b6c04cec2af8640c1df00ea83a1cd737651c2d0ec13bfb99ecaa90ca2ed6be854176eee9177f3d0224e1349d", 0x74, 0x20080000, &(0x7f0000000280)={0x11, 0xf5, r5, 0x1, 0xa5, 0x6, @remote}, 0x14) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000000000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000040)={0x2, 0x2, 0x2000}, 0x4) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:06 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:06 executing program 0: set_thread_area(&(0x7f0000000000)={0x7, 0x20000800, 0x2000, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1}) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000048000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a62730208000002000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/72], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="000000000000000018000000000000001e00000200000000"]], 0x0, 0x0, 0x0}) 03:59:06 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:06 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x0, @local, 0x4e24, 0x3, 'nq\x00', 0x20, 0x3ff, 0x37}, {@broadcast, 0x4e23, 0x2, 0x0, 0x1000006, 0xffffffc1}}, 0x44) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0}) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000280)={0x3, &(0x7f0000000240)=[{}, {}, {}]}) 03:59:06 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3367.685083] binder: 837:838 got transaction with invalid offsets ptr [ 3367.694981] binder: 837:838 transaction failed 29201/-14, size 96-24 line 3330 [ 3367.703794] binder_alloc: 839: binder_alloc_buf, no vma [ 3367.703813] binder: 839:847 transaction failed 29189/-3, size 96-24 line 3284 03:59:06 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000de8829451fe6f0bd5abd781706a6db1e42ba267d4e94ca183f442a37f8eef38e706e261049555b473b2ba66094e51f14f1bc9c1bfa25059669a66fc0798b985348f78034c76fc193e20ea293c83f763b09d86d1284869da0dbfd8fda496d344ca0aedb7cc897e6535600976e11b6951fc11554589d8038e799eedce7a50c", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/88], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) 03:59:06 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, &(0x7f0000000040)={0x7f, 0x7, 0xfffffffffffffffc, 0x7, 0x8, 0x6}) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@handle={0x73682a85, 0x1001, 0x2}, @flat=@weak_handle}, &(0x7f0000000000)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:06 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 3367.704164] binder: undelivered TRANSACTION_ERROR: 29189 03:59:06 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:06 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96]], 0x0, 0x0, 0x0}) 03:59:06 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/#\x00\x00@\x00\x00\x00\xb4\x00', 0x0, 0x1001) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x4) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3367.704490] binder: 840:843 got transaction with invalid offset (33554462, min 48 max 72) or object. [ 3367.704537] binder: 840:843 transaction failed 29201/-22, size 72-24 line 3379 [ 3367.704721] binder: undelivered TRANSACTION_ERROR: 29201 [ 3367.765533] binder_alloc: 854: binder_alloc_buf, no vma [ 3367.765598] binder: 854:857 transaction failed 29189/-3, size 96-24 line 3284 [ 3367.765857] binder: undelivered TRANSACTION_ERROR: 29189 [ 3367.773713] binder: 853:859 got transaction with invalid handle, 2 [ 3367.773743] binder: 853:859 transaction failed 29201/-22, size 88-24 line 3411 [ 3367.773973] binder: undelivered TRANSACTION_ERROR: 29201 [ 3367.795437] binder: 858:861 got transaction with invalid data ptr [ 3367.795465] binder: 858:861 transaction failed 29201/-14, size 647-13 line 3316 [ 3367.795645] binder: undelivered TRANSACTION_ERROR: 29201 [ 3367.802339] binder: 858:867 got transaction with invalid data ptr [ 3367.802368] binder: 858:867 transaction failed 29201/-14, size 647-13 line 3316 [ 3367.802646] binder: undelivered TRANSACTION_ERROR: 29201 [ 3367.827538] binder: 868:870 got transaction with invalid offsets ptr [ 3367.827565] binder: 868:870 transaction failed 29201/-14, size 96-24 line 3330 [ 3367.827747] binder: undelivered TRANSACTION_ERROR: 29201 [ 3367.959783] binder: undelivered TRANSACTION_ERROR: 29201 03:59:07 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x24000}, 0xc, &(0x7f0000000340)={&(0x7f0000000100)={0x1e0, r3, 0x2, 0x70bd29, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xac, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'gretap0\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x56d4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffff81}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5c4}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x80000000, @rand_addr="9e5bea85cfa635b923a83b603ab6e3f3", 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x10001, @loopback, 0x1}}}}]}, @TIPC_NLA_LINK={0xa0, 0x4, [@TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8fda}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x55}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NODE={0x3c, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xd9}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_ADDR={0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x67}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x401}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x52bb}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x100000001}]}]}, 0x1e0}, 0x1, 0x0, 0x0, 0x20000000}, 0x80) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r4 = gettid() r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x482}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x30, r7, 0x100, 0x70bd2c, 0x25dfdbfe, {{}, 0x0, 0x4108, 0x0, {0x14, 0x18, {0x1, @bearer=@udp='udp:syz1\x00'}}}, ["", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x48020) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) r8 = getgid() mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id', 0x3d, r8}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r4, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:07 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/det/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000300)='trusted.overlay.opaque\x00', &(0x7f0000000340)='y\x00', 0x2, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) pipe(&(0x7f0000000380)={0xffffffffffffffff}) clock_gettime(0x0, &(0x7f00000003c0)={0x0, 0x0}) write$input_event(r4, &(0x7f0000000400)={{r5, r6/1000+10000}, 0x14, 0x7fff, 0x5}, 0x18) r7 = socket$inet_udplite(0x2, 0x2, 0x88) fstat(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r8, 0x0) getgroups(0x5, &(0x7f00000002c0)=[0xee01, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, r8]) chown(&(0x7f0000000040)='./file0\x00', r3, r9) 03:59:07 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0), 0x201, 0x0, 0x0}) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x11) ptrace(0x8, r3) 03:59:07 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:07 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:07 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96]], 0x0, 0x0, 0x0}) 03:59:07 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:07 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = open(0x0, 0x8040, 0x0) ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, &(0x7f00000001c0)={0x8, 0x0, 0x0, 0x0, 0x0, "0877cb85b908f64d91659d022395241793ba0f", 0xde73, 0x4}) socket$key(0xf, 0x3, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000013c0)={{{@in6=@remote, @in6=@ipv4, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x32}, 0x0, @in=@dev, 0x0, 0x0, 0x0, 0x5}}, 0xe8) connect$inet6(r1, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) linkat(r0, &(0x7f0000000040)='./file0\x00', r3, &(0x7f00000000c0)='./file0\x00', 0x600) sendmmsg(r1, &(0x7f0000000240), 0x5c3, 0x0) openat(0xffffffffffffffff, 0x0, 0x110600, 0x0) r4 = open(0x0, 0x8040, 0x0) ioctl$FIDEDUPERANGE(r4, 0xc0189436, &(0x7f0000000400)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00_']) r5 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r6, 0x10e, 0x5, &(0x7f0000000000)=0x6, 0x4) r7 = syz_open_dev$binderN(0x0, 0x0, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r8, 0x8903, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYRES32=r8]], 0x0, 0x0, 0x0}) [ 3368.600412] binder: 886:892 got transaction with invalid offsets ptr [ 3368.615112] binder: 886:892 transaction failed 29201/-14, size 96-24 line 3330 [ 3368.634205] binder: 893:897 got transaction with invalid offsets ptr 03:59:07 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96]], 0x0, 0x0, 0x0}) 03:59:07 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)) fchmod(r0, 0x104) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) fdatasync(r3) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000007dc80000000001800000000000000000000000000000000000000000000000852a68770000000000000000000000000000000000000000cca876997c164bf9b5a4a48f1010642a281fc36fd2bbaf1806413815dfd6e1b71f14345e4807a7a4fb80601d0cfc23b970622165b17b7b41a22982f94bfbcadce0c66cbbd7ffd7f78af06d4b2bf290ee2fee01f3a0a693c304b0b8787202514fecf6cba2bea92e6ef00099417668a6cda87992bd98b8b6b42dbfc651f0dd336a0c6e636e06e9a15b9abe2caf529c1a01da2e7d121e392c1abc37267dc85ea3de445ee385ff4fea5307771f280453aa9ab59607afe5199f20820a2ba829844b95250e42f0e10c0361ebc011eea6d433cc465715b0217f90a9310e67375f05f6d83a94dd719436d77b26bf72"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) 03:59:07 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3368.634236] binder: 893:897 transaction failed 29201/-14, size 96-24 line 3330 03:59:07 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR], 0x0, 0x0, 0x0}) [ 3368.634602] binder: undelivered TRANSACTION_ERROR: 29201 [ 3368.697647] binder: 909:913 got transaction with invalid offsets size, 13 [ 3368.697676] binder: 909:913 transaction failed 29201/-22, size 647-13 line 3338 [ 3368.698175] binder: undelivered TRANSACTION_ERROR: 29201 [ 3368.704350] binder: 907:915 got transaction with invalid offsets ptr [ 3368.704378] binder: 907:915 transaction failed 29201/-14, size 96-24 line 3330 [ 3368.704717] binder: undelivered TRANSACTION_ERROR: 29201 [ 3368.711393] binder: 912:917 got transaction with invalid offsets ptr [ 3368.711421] binder: 912:917 transaction failed 29201/-14, size 96-24 line 3330 [ 3368.711608] binder: undelivered TRANSACTION_ERROR: 29201 [ 3368.766991] binder: 921:924 got transaction with invalid offsets ptr [ 3368.767900] binder: 921:924 transaction failed 29201/-14, size 96-24 line 3330 [ 3368.768087] binder: undelivered TRANSACTION_ERROR: 29201 [ 3368.847294] binder: undelivered TRANSACTION_ERROR: 29201 03:59:08 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = getuid() stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(0xffffffffffffffff, r3, r4) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$TUNSETVNETHDRSZ(r6, 0x400454d8, &(0x7f0000000040)=0xf96) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:08 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:08 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:08 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x840000, 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r1, 0x0, 0x83, &(0x7f00000003c0)={'filter\x00', 0x0, 0x3, 0xdc, [], 0x6, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}], &(0x7f00000002c0)=""/220}, &(0x7f0000000040)=0x78) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$inet_tcp_TLS_RX(r4, 0x6, 0x2, &(0x7f0000000440)=@ccm_128={{0x303}, "50e64461995733fa", "458389ddc34ae9475b6bcdd447fbf463", "1eec2a58", "93f224e94a2b0cc3"}, 0x28) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a747000000000000000000000000000000035b8c1700000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/88], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) 03:59:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR], 0x0, 0x0, 0x0}) 03:59:08 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000a4fd69a8b2a6f53a2c1eb97c5e8fc3ca8c373937bfc3a0185d7a3f492f8e2fee24994cfc72b882fbdeaaf91d9870183d22634ffb9317beba22a92b0978b9cbb5d0a24687e210ab92656c983a18b276f12c5521", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/88], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) 03:59:08 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:08 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x84100, 0x0) setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000040)=0x3, 0x4) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) accept$inet6(r4, 0x0, &(0x7f0000000300)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0xfca5, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31b, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_handle={0x77682a85, 0x100}, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x400, 0x0) nanosleep(&(0x7f0000000280), &(0x7f00000002c0)) fchmod(r5, 0x0) 03:59:08 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3369.475436] binder: 939:942 got transaction with invalid data ptr [ 3369.482787] binder: 937:941 got transaction with invalid offsets ptr [ 3369.482819] binder: 937:941 transaction failed 29201/-14, size 96-24 line 3330 03:59:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR], 0x0, 0x0, 0x0}) 03:59:08 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$PPPIOCSNPMODE(r3, 0x4008744b, &(0x7f0000000240)={0x6010, 0x3}) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) fcntl$notify(r2, 0x402, 0xd) 03:59:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[]], 0x0, 0x0, 0x0}) [ 3369.483260] binder: undelivered TRANSACTION_ERROR: 29201 [ 3369.486787] binder: 940:945 got transaction with invalid offsets size, 13 [ 3369.486815] binder: 940:945 transaction failed 29201/-22, size 647-13 line 3338 [ 3369.487023] binder: undelivered TRANSACTION_ERROR: 29201 [ 3369.492254] binder: 938:947 got transaction with invalid offsets ptr [ 3369.492278] binder: 938:947 transaction failed 29201/-14, size 96-24 line 3330 [ 3369.492605] binder: undelivered TRANSACTION_ERROR: 29201 [ 3369.513009] binder: 943:948 got transaction with invalid offsets ptr [ 3369.513034] binder: 943:948 transaction failed 29201/-14, size 96-24 line 3330 [ 3369.513369] binder: undelivered TRANSACTION_ERROR: 29201 [ 3369.546219] binder: 950:954 got transaction with invalid offsets ptr [ 3369.546254] binder: 950:954 transaction failed 29201/-14, size 96-24 line 3330 [ 3369.546472] binder: undelivered TRANSACTION_ERROR: 29201 [ 3369.550761] binder: 952:959 got transaction with invalid offsets size, 13 [ 3369.550787] binder: 952:959 transaction failed 29201/-22, size 795-13 line 3338 [ 3369.559684] binder: undelivered TRANSACTION_ERROR: 29201 [ 3369.567186] binder: 957:962 got transaction with invalid offsets ptr [ 3369.567214] binder: 957:962 transaction failed 29201/-14, size 96-24 line 3330 [ 3369.567394] binder: undelivered TRANSACTION_ERROR: 29201 [ 3369.611669] binder: 964:970 got transaction with invalid offsets size, 13 [ 3369.611699] binder: 964:970 transaction failed 29201/-22, size 647-13 line 3338 [ 3369.626925] binder: undelivered TRANSACTION_ERROR: 29201 [ 3369.628062] binder: 964:972 got transaction with invalid offsets size, 13 [ 3369.628090] binder: 964:972 transaction failed 29201/-22, size 647-13 line 3338 [ 3369.628712] binder: undelivered TRANSACTION_ERROR: 29201 [ 3369.634140] binder: 965:971 got transaction with invalid offset (0, min 40 max 96) or object. [ 3369.634158] binder: 965:971 transaction failed 29201/-22, size 96-24 line 3379 [ 3369.634610] binder: undelivered TRANSACTION_ERROR: 29201 [ 3369.789149] binder: 939:942 transaction failed 29201/-14, size 647-13 line 3316 [ 3369.798521] binder: undelivered TRANSACTION_ERROR: 29201 [ 3369.805267] binder: 939:975 got transaction with invalid data ptr [ 3369.811568] binder: 939:975 transaction failed 29201/-14, size 647-13 line 3316 [ 3369.819361] binder: undelivered TRANSACTION_ERROR: 29201 03:59:08 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000000000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c00c8417fe27777f67c030483fe901f346793a7b5fe96e736fca98b3df4cb033c634594f6b45096c5deed70584ea8d08da4e2a2c90122a5ac3b5be8fb316c9c354e38dbf42de1c7bb33d97ffa39680987510000000000008ab54f36cad0fb98f102127cc05cab0e7d077eefa94969c8003d383700"/164]) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:08 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:08 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:08 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x5) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:08 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$int_in(0xffffffffffffffff, 0x7ea4, &(0x7f0000000000)=0x100000000) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:08 executing program 3: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:08 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:08 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) flistxattr(r0, &(0x7f0000000000)=""/81, 0x51) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3370.158126] binder: 982:984 got transaction with invalid offsets size, 13 [ 3370.166519] binder: 980:985 got transaction with invalid offsets ptr [ 3370.166547] binder: 980:985 transaction failed 29201/-14, size 96-24 line 3330 03:59:08 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB]], 0x0, 0x0, 0x0}) [ 3370.166874] binder: undelivered TRANSACTION_ERROR: 29201 [ 3370.168055] binder: 987:988 got transaction with invalid offset (0, min 40 max 96) or object. [ 3370.168082] binder: 987:988 transaction failed 29201/-22, size 96-24 line 3379 [ 3370.168438] binder: undelivered TRANSACTION_ERROR: 29201 [ 3370.197802] binder: 986:991 got transaction with invalid offsets size, 13 [ 3370.197825] binder: 986:991 transaction failed 29201/-22, size 647-13 line 3338 [ 3370.197979] binder: undelivered TRANSACTION_ERROR: 29201 [ 3370.223189] binder: 997:999 got transaction with invalid offset (0, min 40 max 96) or object. [ 3370.223216] binder: 997:999 transaction failed 29201/-22, size 96-24 line 3379 [ 3370.223390] binder: undelivered TRANSACTION_ERROR: 29201 [ 3370.251600] binder: 1004:1006 got transaction with invalid offsets size, 13 [ 3370.251628] binder: 1004:1006 transaction failed 29201/-22, size 647-13 line 3338 [ 3370.251773] binder: undelivered TRANSACTION_ERROR: 29201 [ 3370.273294] binder_alloc: 1007: binder_alloc_buf, no vma [ 3370.273314] binder: 1007:1011 transaction failed 29189/-3, size 96-24 line 3284 [ 3370.273586] binder: undelivered TRANSACTION_ERROR: 29189 [ 3370.282093] binder: 1013:1015 got transaction with invalid offset (0, min 40 max 96) or object. [ 3370.282119] binder: 1013:1015 transaction failed 29201/-22, size 96-24 line 3379 [ 3370.282284] binder: undelivered TRANSACTION_ERROR: 29201 [ 3370.410888] binder: 982:984 transaction failed 29201/-22, size 647-13 line 3338 [ 3370.420471] binder: undelivered TRANSACTION_ERROR: 29201 03:59:09 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KDDELIO(r2, 0x4b35, 0x1) r3 = gettid() r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r3, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:09 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TUNGETVNETHDRSZ(r3, 0x800454d7, &(0x7f0000000000)) 03:59:09 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:09 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:09 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB]], 0x0, 0x0, 0x0}) 03:59:09 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = accept(0xffffffffffffffff, &(0x7f0000000000)=@ax25={{0x3, @rose}, [@default, @netrom, @netrom, @netrom, @bcast, @rose, @default, @bcast]}, &(0x7f0000000240)=0x80) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000005900)={{{@in=@broadcast, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @empty}}, 0x0, @in=@empty}}, &(0x7f0000005a00)=0xe8) bind$packet(r2, &(0x7f0000005a40)={0x11, 0x17, r5, 0x1, 0xb2, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x14) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000280)=0x40, 0x4) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:09 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB]], 0x0, 0x0, 0x0}) 03:59:09 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) pread64(r1, &(0x7f0000000300)=""/176, 0xb0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@ptr={0x70742a85, 0x0, 0x0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/191, 0xbf, 0x1, 0x17}, @flat=@weak_handle}, &(0x7f0000000180)={0x0, 0x28, 0x50}}}], 0x26f, 0x0, 0x0}) 03:59:09 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:09 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3371.052207] binder: 1027:1030 got transaction with invalid offsets size, 13 [ 3371.054007] binder: 1031:1033 got transaction with invalid offset (0, min 40 max 96) or object. [ 3371.054033] binder: 1031:1033 transaction failed 29201/-22, size 96-24 line 3379 03:59:09 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:09 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) [ 3371.054201] binder: undelivered TRANSACTION_ERROR: 29201 [ 3371.056767] binder: 1026:1035 got transaction with invalid offsets size, 13 [ 3371.056789] binder: 1026:1035 transaction failed 29201/-22, size 647-13 line 3338 [ 3371.058543] binder: undelivered TRANSACTION_ERROR: 29201 [ 3371.096112] binder_alloc: 1028: binder_alloc_buf, no vma [ 3371.096132] binder: 1028:1034 transaction failed 29189/-3, size 96-24 line 3284 [ 3371.100309] binder: undelivered TRANSACTION_ERROR: 29189 [ 3371.109083] binder: 1038:1043 got transaction with invalid offset (0, min 40 max 96) or object. [ 3371.109111] binder: 1038:1043 transaction failed 29201/-22, size 96-24 line 3379 [ 3371.109299] binder: undelivered TRANSACTION_ERROR: 29201 [ 3371.112158] binder: 1042:1044 got transaction with too large buffer [ 3371.112185] binder: 1042:1044 transaction failed 29201/-22, size 104-24 line 3493 [ 3371.112202] binder: 1042:1044 ioctl c0306201 20000140 returned -14 [ 3371.112359] binder: undelivered TRANSACTION_ERROR: 29201 [ 3371.126270] binder_alloc: 1047: binder_alloc_buf, no vma [ 3371.126288] binder: 1047:1049 transaction failed 29189/-3, size 96-24 line 3284 [ 3371.126561] binder: undelivered TRANSACTION_ERROR: 29189 [ 3371.164062] binder: 1052:1055 got transaction with invalid offset (0, min 64 max 96) or object. [ 3371.164101] binder: 1052:1055 transaction failed 29201/-22, size 96-24 line 3379 [ 3371.164309] binder: undelivered TRANSACTION_ERROR: 29201 [ 3371.189728] binder: 1056:1060 transaction failed 29189/-22, size 96-24 line 3138 [ 3371.189852] binder: undelivered TRANSACTION_ERROR: 29189 [ 3371.314832] binder: 1027:1030 transaction failed 29201/-22, size 647-13 line 3338 [ 3371.324612] binder: undelivered TRANSACTION_ERROR: 29201 03:59:10 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000140)={0x6, 0x1, 0x1, 0x0, 0x6, [{0x8, 0x7000, 0xffffffffffff0001, 0x0, 0x0, 0x400}, {0x9, 0x80000, 0x8, 0x0, 0x0, 0x400}, {0x2, 0x2, 0x1, 0x0, 0x0, 0x800}, {0xfff, 0x7, 0x5, 0x0, 0x0, 0x3104}, {0x6, 0x7fd, 0x3, 0x0, 0x0, 0x1000}, {0x3, 0x8, 0x4, 0x0, 0x0, 0x10a}]}) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) getsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f0000000080), &(0x7f0000000100)=0x8) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$LOOP_SET_CAPACITY(r6, 0x4c07) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) ioctl$TIOCSERGETLSR(r3, 0x5459, &(0x7f0000000040)) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000000000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:10 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000000000000000000000d6e8506900000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/88], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYPTR=&(0x7f0000000000)=ANY=[@ANYRES64, @ANYRES16=r3, @ANYRES16, @ANYRES32=r1]]], 0x0, 0x0, 0x0}) 03:59:10 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:59:10 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:10 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:10 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000000c0)={@flat=@weak_handle={0x77682a85, 0x105, 0x3}, @flat=@weak_binder={0x77622a85, 0x3cebaa482e48a71f}, @flat=@weak_handle}, &(0x7f0000000180)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) fremovexattr(r2, &(0x7f0000000000)=@random={'system.', 'em0\x00'}) 03:59:10 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:10 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:59:10 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:10 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) ioctl$TIOCGPTPEER(r1, 0x5441, 0x10000) [ 3371.953266] binder: 1070:1074 got transaction with invalid handle, 3 [ 3371.958837] binder: 1072:1078 got transaction with invalid offset (0, min 64 max 96) or object. 03:59:10 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:59:10 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@\x00']], 0x0, 0x0, 0x0}) [ 3371.958873] binder: 1072:1078 transaction failed 29201/-22, size 96-24 line 3379 [ 3371.959053] binder: undelivered TRANSACTION_ERROR: 29201 [ 3371.960461] binder: 1071:1073 transaction failed 29189/-22, size 96-24 line 3138 [ 3371.960741] binder: undelivered TRANSACTION_ERROR: 29189 [ 3371.962002] binder: 1068:1077 ioctl c0306201 0 returned -14 [ 3371.965631] binder_alloc: 1069: binder_alloc_buf size 6902008 failed, no address space [ 3371.965639] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 4096 (num: 1 largest: 4096) [ 3371.965657] binder: 1069:1075 transaction failed 29201/-28, size 6901992-13 line 3284 [ 3371.965917] binder: undelivered TRANSACTION_ERROR: 29201 [ 3371.971874] binder_alloc: 1069: binder_alloc_buf size 6902008 failed, no address space [ 3371.971881] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 4096 (num: 1 largest: 4096) [ 3371.971897] binder: 1069:1079 transaction failed 29201/-28, size 6901992-13 line 3284 [ 3371.972193] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.021018] binder: 1087:1092 ioctl c0306201 0 returned -14 [ 3372.023887] binder: 1086:1090 got transaction with invalid offset (0, min 64 max 96) or object. [ 3372.023922] binder: 1086:1090 transaction failed 29201/-22, size 96-24 line 3379 [ 3372.024099] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.024914] binder: 1088:1091 got transaction with invalid offsets size, 13 [ 3372.024940] binder: 1088:1091 transaction failed 29201/-22, size 647-13 line 3338 [ 3372.025227] binder: 1088:1091 ioctl 5441 10000 returned -22 [ 3372.025874] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.030665] binder: 1085:1093 transaction failed 29189/-22, size 96-24 line 3138 [ 3372.030972] binder: undelivered TRANSACTION_ERROR: 29189 [ 3372.047458] binder: 1088:1095 got transaction with invalid offsets size, 13 [ 3372.047487] binder: 1088:1095 transaction failed 29201/-22, size 647-13 line 3338 [ 3372.047787] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.083527] binder: 1102:1104 got transaction with invalid parent offset or type [ 3372.083565] binder: 1102:1104 transaction failed 29201/-22, size 96-24 line 3454 [ 3372.083841] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.098066] binder: 1097:1103 ioctl c0306201 0 returned -14 [ 3372.276255] binder: 1070:1074 transaction failed 29201/-22, size 72-24 line 3411 [ 3372.286946] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.292493] binder: BINDER_SET_CONTEXT_MGR already set [ 3372.297849] binder: 1070:1089 ioctl 40046207 0 returned -16 03:59:11 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) geteuid() ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) flock(r4, 0x2) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) r5 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats\x00', 0x0, 0x0) openat$cgroup_ro(r5, &(0x7f0000000080)='pids.current\x00', 0x0, 0x0) 03:59:11 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:11 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:59:11 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000040)='security.ima\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="0302100000000da9001de0584b11d8c9817046c14f5bb1005cecf44f6fefaebfb4cc992d7ed412"], 0x27, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000100)}], 0x1) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000068000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a747001000000", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="080000000000003bfc6de400020000000000008b65ed62852a687700"/39], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="000000000000000028000000000000005000000000001f2b"]], 0x0, 0x0, 0x0}) 03:59:11 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:11 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/88], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a600000000000000280000000000000040910f9a40000000"]], 0x0, 0x0, 0x0}) socket$inet6_tcp(0xa, 0x1, 0x0) 03:59:11 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:59:11 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:11 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder={0x77622a85, 0x1000}, @flat=@weak_handle={0x77682a85, 0x0, 0x8000000}}, &(0x7f0000000180)={0x20e, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:11 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x7fffffff) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000000)) r2 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3372.850145] binder: 1114:1117 got transaction with invalid offsets ptr [ 3372.862748] binder: 1116:1122 got transaction with invalid offsets size, 13 [ 3372.862774] binder: 1116:1122 transaction failed 29201/-22, size 647-13 line 3338 03:59:11 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:11 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 3372.863241] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.867424] binder: 1116:1125 got transaction with invalid offsets size, 13 [ 3372.867451] binder: 1116:1125 transaction failed 29201/-22, size 647-13 line 3338 [ 3372.867712] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.873043] binder: 1119:1124 got transaction with invalid offset (0, min 64 max 96) or object. [ 3372.873072] binder: 1119:1124 transaction failed 29201/-22, size 96-24 line 3379 [ 3372.873222] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.891215] binder: 1118:1123 got transaction to context manager from process owning it [ 3372.891228] binder: 1118:1123 transaction failed 29201/-22, size 104-24 line 3129 [ 3372.896632] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.897067] binder: 1118:1131 got transaction to context manager from process owning it [ 3372.897079] binder: 1118:1131 transaction failed 29201/-22, size 104-24 line 3129 [ 3372.905916] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.918155] binder: 1129:1132 got transaction with invalid offset (0, min 64 max 96) or object. [ 3372.918312] binder: 1129:1132 transaction failed 29201/-22, size 96-24 line 3379 [ 3372.918618] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.942685] binder: 1135:1139 got transaction with invalid offset (526, min 0 max 88) or object. [ 3372.942713] binder: 1135:1139 transaction failed 29201/-22, size 88-24 line 3379 [ 3372.942854] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.948550] binder: 1135:1144 got transaction with invalid offset (526, min 0 max 88) or object. [ 3372.948702] binder: 1135:1144 transaction failed 29201/-22, size 88-24 line 3379 [ 3372.953435] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.957192] binder: 1137:1140 got transaction with invalid offsets size, 13 [ 3372.957215] binder: 1137:1140 transaction failed 29201/-22, size 647-13 line 3338 [ 3372.957451] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.970825] binder: 1137:1147 got transaction with invalid offsets size, 13 [ 3372.970851] binder: 1137:1147 transaction failed 29201/-22, size 647-13 line 3338 [ 3372.970935] binder: 1141:1145 got transaction with invalid offset (0, min 64 max 96) or object. [ 3372.970970] binder: 1141:1145 transaction failed 29201/-22, size 96-24 line 3379 [ 3372.971297] binder: undelivered TRANSACTION_ERROR: 29201 [ 3372.971320] binder: undelivered TRANSACTION_ERROR: 29201 [ 3373.200789] binder: 1114:1117 transaction failed 29201/-14, size 96-24 line 3330 [ 3373.209866] binder: undelivered TRANSACTION_ERROR: 29201 03:59:12 executing program 5: gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = gettid() r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="66643d0801081a3e50347b54a7a2651d0ff3bb91fd1ee59cc4f8d0a38f75571c4778715cd426b559dd4ac98e19fda8cf63459eeaa936ee186d359dfedf8e59edcb06d077f8f51246a1dca242e3f7efced3c83ae2fccda3db561abbe195ad054bd8f41bcbcaa563bc7600585c059d4c8bf06be617290237369a2d5b807fffd9af4dae1e9d122ff17840a87b6337cbf3b389fc8fe9547e014d28daa738d5242a543238014bc82535b89a5d7fdc66c302e0963646541a9a8b2e93c5c176fb697ce4fa9bc5c87653fd3ee63d8dd660a66e6b5af36c13e38e59e6bc340cf3c6c2a4e333055dce2b", @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000000000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaa3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$inet6(0xa, 0x401000000001, 0x0) close(r4) syz_open_procfs(0x0, &(0x7f00000002c0)='comm\x00') r5 = open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) mmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x0, 0x11, r3, 0x0) r6 = creat(&(0x7f0000000140)='./bus\x00', 0x40) ftruncate(r6, 0x208200) sendfile(r4, r5, 0x0, 0x8000fffffffe) r7 = openat$random(0xffffffffffffff9c, &(0x7f0000000140)='/dev/urandom\x00', 0x0, 0x0) ioctl$RNDADDENTROPY(r7, 0x40085203, 0x0) fremovexattr(r7, &(0x7f0000000000)=@random={'osx.', 'selinux\x02)em0\x00'}) tkill(r0, 0x1004000000016) 03:59:12 executing program 0: r0 = gettid() tgkill(r0, 0xffffffffffffffff, 0x1b) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x40, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/88], @ANYRES32], 0x0, 0x0, 0x0}) 03:59:12 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:12 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x800) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:12 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"]], 0x0, 0x0, 0x0}) 03:59:12 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:12 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:12 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:12 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x34, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000"], 0x0, 0x0, 0x0}) 03:59:12 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r1, 0x80045400, &(0x7f0000000040)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3373.750033] binder: 1163:1165 got transaction with invalid offset (0, min 64 max 96) or object. [ 3373.753439] binder: 1162:1169 got transaction with invalid offsets size, 13 [ 3373.753464] binder: 1162:1169 transaction failed 29201/-22, size 647-13 line 3338 03:59:12 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:12 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a747000000000000000000000000006000001000000000000000000000006f8b5350000000000852a62770000000000000000200000000000000000000000852a68770000000800"/88], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000021000000000000005903000000000000"]], 0x0, 0x0, 0x0}) [ 3373.753648] binder: undelivered TRANSACTION_ERROR: 29201 [ 3373.754870] binder: 1162:1171 got transaction with invalid offsets size, 13 [ 3373.754895] binder: 1162:1171 transaction failed 29201/-22, size 647-13 line 3338 [ 3373.755166] binder: undelivered TRANSACTION_ERROR: 29201 [ 3373.762240] binder: 1161:1167 got transaction with invalid offsets ptr [ 3373.762265] binder: 1161:1167 transaction failed 29201/-14, size 647-13 line 3330 [ 3373.762413] binder: undelivered TRANSACTION_ERROR: 29201 [ 3373.764955] binder: 1168:1174 got transaction with invalid offsets ptr [ 3373.764978] binder: 1168:1174 transaction failed 29201/-14, size 96-24 line 3330 [ 3373.765272] binder: undelivered TRANSACTION_ERROR: 29201 [ 3373.771810] binder: 1166:1172 got transaction with invalid offsets ptr [ 3373.771834] binder: 1166:1172 transaction failed 29201/-14, size 96-24 line 3330 [ 3373.772003] binder: undelivered TRANSACTION_ERROR: 29201 [ 3373.777918] binder: 1161:1173 got transaction with invalid offsets ptr [ 3373.777944] binder: 1161:1173 transaction failed 29201/-14, size 647-13 line 3330 03:59:12 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:12 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x34, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000"], 0x0, 0x0, 0x0}) [ 3373.778226] binder: undelivered TRANSACTION_ERROR: 29201 [ 3373.820364] binder: 1176:1180 got transaction with invalid offsets size, 13 [ 3373.820394] binder: 1176:1180 transaction failed 29201/-22, size 647-13 line 3338 [ 3373.820561] binder: undelivered TRANSACTION_ERROR: 29201 [ 3373.822509] binder: 1177:1186 got transaction with invalid offsets ptr [ 3373.822535] binder: 1177:1186 transaction failed 29201/-14, size 96-24 line 3330 [ 3373.822814] binder: undelivered TRANSACTION_ERROR: 29201 [ 3373.825957] binder: 1176:1188 got transaction with invalid offsets size, 13 [ 3373.825984] binder: 1176:1188 transaction failed 29201/-22, size 647-13 line 3338 [ 3373.826272] binder: undelivered TRANSACTION_ERROR: 29201 [ 3373.836798] binder: 1185:1189 got transaction with invalid offsets size, 13 [ 3373.836824] binder: 1185:1189 transaction failed 29201/-22, size 647-13 line 3338 [ 3373.836981] binder: 1179:1187 got transaction with invalid data ptr [ 3373.836984] binder: undelivered TRANSACTION_ERROR: 29201 [ 3373.837005] binder: 1179:1187 transaction failed 29201/-14, size 96-24 line 3316 [ 3373.837192] binder: undelivered TRANSACTION_ERROR: 29201 [ 3373.842172] binder: 1185:1191 got transaction with invalid offsets size, 13 [ 3373.842208] binder: 1185:1191 transaction failed 29201/-22, size 647-13 line 3338 [ 3373.842460] binder: undelivered TRANSACTION_ERROR: 29201 [ 3373.894969] binder: 1196:1199 got transaction with invalid offsets size, 13 [ 3373.895079] binder: 1196:1199 transaction failed 29201/-22, size 647-13 line 3338 [ 3373.895219] binder: undelivered TRANSACTION_ERROR: 29201 [ 3373.901292] binder: 1197:1198 got transaction with invalid offsets ptr [ 3373.901364] binder: 1197:1198 transaction failed 29201/-14, size 96-24 line 3330 [ 3373.901834] binder: undelivered TRANSACTION_ERROR: 29201 [ 3373.917775] binder: 1196:1201 got transaction with invalid offsets size, 13 [ 3373.917802] binder: 1196:1201 transaction failed 29201/-22, size 647-13 line 3338 [ 3373.918062] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.046301] binder: 1207:1209 got transaction with invalid offsets ptr 03:59:12 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:12 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000080000000000000000000faffffff00000000000085e7b5822a627700000000000000000000000000000000000000852a6877000000000000d21bff98060a1c340b4538374e2df4b2bf7b134dd56c22b5bf62e556daa0836977ad29eb03965eea0270dc67facea7c53d9b1ee5fc189d306312ce5d0cce94a672dd3078acdc488d798039451ab6bfcd366a85e82b0991e61715309393338b0386bfd36d3ae85864250997ecfe424f5da9e442c2a08ca9520231a4399f03872c1e4f37bfb173023339034e67bcc99d86a714c3eeea911c45e6f1611297fabd4e3d94604dc6e0a366b3e1cc369e08770e45c220936bb7"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) 03:59:12 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) sendmsg$nl_route(r2, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv4_getroute={0x1c, 0x1a, 0xe, 0x70bd28, 0x25dfdbfe, {0x2, 0xb0, 0x14, 0x5, 0xfd, 0x1, 0xfe, 0x7}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000}, 0x20000000) fadvise64(r1, 0x0, 0xd5, 0x1) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$team(&(0x7f0000000340)='team\x00') accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r6}, 0x14) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000380)={{{@in6=@loopback, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@empty}}, &(0x7f0000000480)=0xe8) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'bridge_slave_0\x00', 0x0}) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r9}, 0x14) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r10}, 0x14) sendmsg$TEAM_CMD_PORT_LIST_GET(r4, &(0x7f0000000740)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000500)={0x1d4, r5, 0x200, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r6}, {0x80, 0x2, [{0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r7}, {0x130, 0x2, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x200}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x1}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8, 0x4, 0xffff}}, {0x8, 0x6, r10}}}]}}]}, 0x1d4}, 0x1, 0x0, 0x0, 0x24008080}, 0x4000000) [ 3374.046329] binder: 1207:1209 transaction failed 29201/-14, size 96-24 line 3330 [ 3374.046630] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.057075] binder: 1208:1210 got transaction with invalid data ptr [ 3374.057101] binder: 1208:1210 transaction failed 29201/-14, size 96-24 line 3316 [ 3374.057388] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.228891] binder: 1163:1165 transaction failed 29201/-22, size 96-24 line 3379 [ 3374.238174] binder: undelivered TRANSACTION_ERROR: 29201 03:59:12 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000040)) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:12 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:12 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x34, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000"], 0x0, 0x0, 0x0}) 03:59:13 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR], 0x0, 0x0, 0x0}) 03:59:13 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:13 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3374.256366] binder: 1214:1215 got transaction with invalid offset (0, min 64 max 96) or object. [ 3374.274995] binder: 1220:1221 got transaction with invalid data ptr [ 3374.275024] binder: 1220:1221 transaction failed 29201/-14, size 96-24 line 3316 03:59:13 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR], 0x0, 0x0, 0x0}) 03:59:13 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:13 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) ioprio_set$uid(0x2, r3, 0xfffffffffffffffc) r4 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000140)={0x18, 0x0, &(0x7f00000001c0)=ANY=[@ANYRES64=r3, @ANYPTR=&(0x7f00000002c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a55770000000000000000000000000000000000000000852a68770000000000000000000000000000000000000000a0ed5074d3327f7395365110307662cb73f621bf9f7be5265f6b9b6f26a1516fe71dd94886dec8d9693b4bb2d50000000000001452956091574dcaf675cbac548311992dc3318171f6a59347aedb75155300101e5257c46bd33a939bd6054e444780002a1ebb188205e2d752d782"], @ANYPTR=&(0x7f00000000c0)=ANY=[]], 0x0, 0x0, 0x0}) [ 3374.275207] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.279281] binder: 1213:1222 got transaction with invalid offsets size, 13 [ 3374.279314] binder: 1213:1222 transaction failed 29201/-22, size 647-13 line 3338 [ 3374.281062] binder: 1216:1224 got transaction with invalid offsets size, 13 [ 3374.281084] binder: 1216:1224 transaction failed 29201/-22, size 647-13 line 3338 [ 3374.281217] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.292693] binder: 1219:1225 got transaction with invalid offsets ptr [ 3374.292715] binder: 1219:1225 transaction failed 29201/-14, size 96-24 line 3330 [ 3374.292991] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.323041] binder: 1229:1230 got transaction with invalid data ptr [ 3374.323069] binder: 1229:1230 transaction failed 29201/-14, size 96-24 line 3316 [ 3374.323241] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.334672] binder: 1232:1237 got transaction with invalid offsets ptr [ 3374.334700] binder: 1232:1237 transaction failed 29201/-14, size 96-24 line 3330 [ 3374.334844] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.337388] binder: 1233:1238 got transaction with invalid offsets size, 13 [ 3374.337412] binder: 1233:1238 transaction failed 29201/-22, size 647-13 line 3338 [ 3374.337601] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.379710] binder: 1242:1245 got transaction with invalid data ptr [ 3374.379779] binder: 1242:1245 transaction failed 29201/-14, size 96-24 line 3316 [ 3374.380199] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.401320] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.402809] binder: 1213:1248 got transaction with invalid offsets size, 13 [ 3374.402837] binder: 1213:1248 transaction failed 29201/-22, size 647-13 line 3338 [ 3374.407065] binder: 1247:1251 got transaction with invalid offsets ptr [ 3374.407090] binder: 1247:1251 transaction failed 29201/-14, size 96-24 line 3330 03:59:13 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:13 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR], 0x0, 0x0, 0x0}) 03:59:13 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) sendfile(0xffffffffffffffff, r1, 0x0, 0x2044037f) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet6_mreq(r2, 0x29, 0x1c, &(0x7f0000000040), &(0x7f0000000240)=0x14) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x800) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/net/pfkey\x00', 0x341800, 0x0) bpf$BPF_MAP_FREEZE(0x16, &(0x7f00000002c0)=r3, 0x4) [ 3374.414521] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.451212] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.600378] binder: 1214:1215 transaction failed 29201/-22, size 96-24 line 3379 [ 3374.609685] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.626190] binder: 1262:1263 got transaction with invalid offsets size, 13 [ 3374.635889] binder: 1262:1263 transaction failed 29201/-22, size 647-13 line 3338 [ 3374.642866] binder: 1261:1266 got transaction with invalid offsets ptr [ 3374.642890] binder: 1261:1266 transaction failed 29201/-14, size 96-24 line 3330 [ 3374.643052] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.645033] binder: 1264:1267 got transaction with invalid data ptr [ 3374.645056] binder: 1264:1267 transaction failed 29201/-14, size 96-24 line 3316 [ 3374.645371] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.699485] binder: undelivered TRANSACTION_ERROR: 29201 [ 3374.705014] binder: BINDER_SET_CONTEXT_MGR already set [ 3374.710512] binder: 1262:1270 ioctl 40046207 0 returned -16 03:59:13 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) fcntl$dupfd(0xffffffffffffffff, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x17979256, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:13 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:13 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/enforce\x00', 0x0, 0x0) ioctl$KDDISABIO(r2, 0x4b37) r3 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) getsockopt$inet6_udp_int(r2, 0x11, 0x65, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) r4 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000831298653f18fe8000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/88], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) uname(&(0x7f0000000000)=""/120) 03:59:13 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:13 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:13 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000000)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @fda={0x66646185, 0x1, 0x1, 0x3f}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:13 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a74700000000000000000cc6a00000000b924a119000000000000000000000000000000700a000000000000770000000000000000000000000000000000000000852a6877000000000000000000000000000000000001"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) 03:59:13 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:13 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:13 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x11) ptrace$setopts(0x4200, r1, 0x75, 0x52) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0xac, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r3 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x10) openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.controllers\x00', 0x0, 0x0) [ 3375.149650] binder: 1276:1278 got transaction with invalid offset (0, min 64 max 96) or object. [ 3375.165301] binder: 1276:1278 transaction failed 29201/-22, size 96-24 line 3379 [ 3375.168779] binder: 1281:1284 got transaction with invalid parent offset or type 03:59:13 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x4e, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"], @ANYBLOB="5c8a61cf7efe316c206834b3d53a4e9ef1c4"], 0x0, 0x0, 0x0}) 03:59:13 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 3375.168813] binder: 1281:1284 transaction failed 29201/-22, size 96-24 line 3454 [ 3375.169066] binder: undelivered TRANSACTION_ERROR: 29201 [ 3375.174918] binder: 1281:1288 got transaction with invalid parent offset or type [ 3375.174954] binder: 1281:1288 transaction failed 29201/-22, size 96-24 line 3454 [ 3375.175213] binder: undelivered TRANSACTION_ERROR: 29201 [ 3375.194754] binder: 1277:1287 got transaction with invalid offsets ptr [ 3375.194780] binder: 1277:1287 transaction failed 29201/-14, size 96-24 line 3330 [ 3375.195125] binder: undelivered TRANSACTION_ERROR: 29201 [ 3375.241623] binder: 1295:1301 unknown command 536871488 [ 3375.241631] binder: 1295:1301 ioctl c0306201 20000140 returned -22 [ 3375.245483] binder: 1296:1300 got transaction with invalid offsets size, 13 [ 3375.245512] binder: 1296:1300 transaction failed 29201/-22, size 647-13 line 3338 [ 3375.246224] binder: undelivered TRANSACTION_ERROR: 29201 [ 3375.261668] binder: 1296:1303 got transaction with invalid offsets size, 13 [ 3375.261696] binder: 1296:1303 transaction failed 29201/-22, size 647-13 line 3338 [ 3375.262602] binder: undelivered TRANSACTION_ERROR: 29201 [ 3375.288140] binder: 1290:1309 got transaction with invalid offsets size, 13 [ 3375.288218] binder: 1290:1309 transaction failed 29201/-22, size 647-13 line 3338 [ 3375.290843] binder: undelivered TRANSACTION_ERROR: 29201 [ 3375.291785] binder: 1307:1312 unknown command 536871488 [ 3375.291793] binder: 1307:1312 ioctl c0306201 20000140 returned -22 [ 3375.291865] binder: BINDER_SET_CONTEXT_MGR already set 03:59:14 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) setpgid(r0, r1) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000000000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c58726f75705f69643d000d8c90fc1dda295d7aa534eaf7d201008d55b9448f2257053870d6357e28da39ad2859f7b26fcc539f9b500793b2077783ee7a6b920160e0d1fdcac7e0f3511e384e1e32586937d83ed1d6834bc61a21d053acea0400c49d5db2ea4456d5972f4ae0eee51180c8bb34ed01fe068ddb9b5760605468209b5e84a36420bc060ddc935bfc34d097d71883e2ff14d26070d935ca09dc7955998dd3893a", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:14 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r2 = socket$inet6(0xa, 0x800, 0x5) accept4$packet(0xffffffffffffffff, &(0x7f0000005f00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000005f40)=0x14, 0x80800) setsockopt$inet6_mreq(r2, 0x29, 0x1, &(0x7f0000005f80)={@ipv4={[], [], @rand_addr=0x10001}, r3}, 0x14) 03:59:14 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:59:14 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:14 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700000007bb204beeccea1fae00"/97], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) 03:59:14 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) [ 3375.291873] binder: 1290:1309 ioctl 40046207 0 returned -16 [ 3375.453886] binder: undelivered TRANSACTION_ERROR: 29201 03:59:14 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:14 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000002c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a68770000000000000000000000000000000000000000a971f3e140e319a671b87c29247c47b998d3d422376e7f1215a9bd3a23b09fa06001872b208b76b18ac675dfa23ccaca7a8920d462f0198b2a858f04e94b67b0d1bc100a400be1d1b1a95c012f4328696a9ed7eb54c254c6b9e66f4d2fe5085124b44caf647d2916a300b94c778b8fe05c08e10689bc2cf2be9861ff46f6ed0a089937a7fe6d9551ccdf657c6098500b4a070694aeb852bd61dc93e4d5262eac81a3e6fbdd3dd5de7e71c52a6e1b8385716ff649c511ed909468ce48c15e5ffc7fb012aea46a1c2bcf242672fb72af"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) write$selinux_load(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e7578fa4bede817d5d276280ecdf607654d1750739fdb2c091a7fb836bff8a03e934c5ada6c8b092442f2b55c2be901702d463551ddd27f58f8631a38ee1f990d5380eb6640bd5b141cf817f9e2bfb8b2ad9467d3f4b8591f7b83f5f9e56ea1e848fccf7d2b83496f2e"], 0x77) 03:59:14 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) [ 3375.508142] binder: 1324:1326 ioctl c0306201 0 returned -14 [ 3375.515284] binder: 1322:1327 unknown command 536871488 03:59:14 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) write$smack_current(0xffffffffffffffff, &(0x7f0000000240)='&lo):\x00', 0x6) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vga_arbiter\x00', 0x101000, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0xdfd45fad496111c5, 0x0) flistxattr(r4, &(0x7f0000000040), 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$UI_END_FF_ERASE(r6, 0x400c55cb, &(0x7f0000000040)={0x0, 0x1000, 0x8}) unlink(&(0x7f0000000280)='./file0\x00') 03:59:14 executing program 0: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x501000, 0x84) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) r4 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:14 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 3375.515293] binder: 1322:1327 ioctl c0306201 20000140 returned -22 [ 3375.516533] binder: 1329:1330 got transaction with invalid offsets size, 13 [ 3375.516561] binder: 1329:1330 transaction failed 29201/-22, size 647-13 line 3338 [ 3375.516699] binder: undelivered TRANSACTION_ERROR: 29201 [ 3375.517661] binder: 1323:1331 got transaction with invalid offsets size, 13 [ 3375.517689] binder: 1323:1331 transaction failed 29201/-22, size 647-13 line 3338 [ 3375.522546] binder: 1329:1333 got transaction with invalid offsets size, 13 [ 3375.522573] binder: 1329:1333 transaction failed 29201/-22, size 647-13 line 3338 [ 3375.522935] binder: undelivered TRANSACTION_ERROR: 29201 [ 3375.533829] binder: 1328:1335 got transaction with invalid parent offset or type [ 3375.533864] binder: 1328:1335 transaction failed 29201/-22, size 96-24 line 3454 [ 3375.534076] binder: undelivered TRANSACTION_ERROR: 29201 [ 3375.544796] binder: undelivered TRANSACTION_ERROR: 29201 [ 3375.550354] binder: 1323:1340 got transaction with invalid offsets size, 13 [ 3375.550380] binder: 1323:1340 transaction failed 29201/-22, size 647-13 line 3338 [ 3375.550711] binder: undelivered TRANSACTION_ERROR: 29201 [ 3375.567516] binder: 1339:1345 got transaction with invalid offsets size, 13 [ 3375.567542] binder: 1339:1345 transaction failed 29201/-22, size 647-13 line 3338 [ 3375.568294] SELinux: policydb version -387101702 does not match my version range 15-30 [ 3375.568846] binder: undelivered TRANSACTION_ERROR: 29201 [ 3375.575708] binder: 1339:1349 got transaction with invalid offsets size, 13 [ 3375.575998] binder: 1339:1349 transaction failed 29201/-22, size 647-13 line 3338 [ 3375.580127] SELinux: policydb version -387101702 does not match my version range 15-30 [ 3375.580548] binder: undelivered TRANSACTION_ERROR: 29201 [ 3375.586558] binder: 1338:1342 unknown command 536871488 [ 3375.586566] binder: 1338:1342 ioctl c0306201 20000140 returned -22 [ 3375.615314] binder: 1347:1353 got transaction with invalid offset (0, min 64 max 96) or object. [ 3375.615375] binder: 1347:1353 transaction failed 29201/-22, size 96-24 line 3379 [ 3375.616043] binder: undelivered TRANSACTION_ERROR: 29201 [ 3375.656217] binder: 1359:1361 unknown command 536871488 [ 3375.656226] binder: 1359:1361 ioctl c0306201 20000140 returned -22 03:59:15 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000080)={0x0, 0x12, 0xd, @thr={&(0x7f0000000240)="0800000000000000ef2f02d7cd1f171aec4b", &(0x7f0000000340)="2aff5162ce8a74093b2c9b9616bc8a0e07ecd379eddcf58d635dfdda902a6d529b57cf782a5bc308000000839b76aa09f0a4c12652a136feeef6e00bed98ff0100b342b3a3b9cd4f244e22c84953ceaa3199d22494adcd102566fdc4d82b6c8c17ee624f3162ad8f89ad1b5ef0751274f5e4335b3a6c10a2371cc371281fd3f8574f361d664429c2caea9cd2e9a5b621746da7b650bbeb79e96bd954863a68624509412a50af8a9dfbce0800090000000004355a665c21f7a630c594240a467722f49cf655c86c2a12f4e94865954720a9cce174b38864a73bcfdc0835bf38bdddec24d7e3a2541e9a7d4d05443c96b0d42940af1eddf860952173cbbd9aadf37b2c947337a2cdb155e05ea74e74fc820f5302fa1d38868f668025d1505f3885b08b88c8"}}, &(0x7f0000000200)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x30f) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:15 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:15 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/88], @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000cf2ad7bdebd4e18f7697ce306766a8ab1b7b5f7377eb118bb4a96f4f190ee274edb7288359f696f52d05af0cbdfaa86b4705fa1cba67a78cda2d4b899075964fd792905e6e86e18a1236da1e73121e3cffa8b26d5ca20dfc913ac7fb9ec673beee3971b457331cf2b954e90c912bfd80b46c6f9af906d215f183a447ab037ba50de1e965608e73fd841b24b86ccd8e2a853b68e6047b027f811f43f0dc14d1d50a8770e32bb0fa1e1ef9a07d29b2bd2bad0d4be87f3134f0e4013c39e16bc9c90277b17cf6affef9a30dcff013"]], 0x0, 0x0, 0x0}) 03:59:15 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:15 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) timerfd_gettime(r2, &(0x7f0000000440)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300), 0xfffffffffffffdeb, 0x0, &(0x7f0000000380)="6978be466a98970badab21346c3fa8a268cf3a17313fa8adeecb9ef1717be6937a598d280b2f682bbc6c4439033870a798c7edd48101b671accca9fc2065f73f51ac9ad38a2339a84d2ebcc76244dc3a"}) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) clone(0x80000000, &(0x7f0000000480)="de911985ebc8b0a1d98b2abb9ead72feb56eb6", &(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)="e69702745ca742bf7f5932d5636819a2910e830929f562f921a55ebcb054e55f4456df4b9d990ea10b67814a8c268b72951199322118e67be84763522ce4538d88462fd96034d97ddc8e94b77d32d48e7c4d0d2194d1d8") ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00423e40730000000000000000549ffc1c0000c3fef44bfe1f95cfbe8f15d9bf8dec2979000421110000156b987ad43013450600", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/88], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a600000000000000004000"/24]], 0x0, 0x0, 0x0}) getpeername(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f0000000240)=0xfffffffffffffffc) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/cache_stats\x00', 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000280)={{0x2c, @rand_addr=0x5, 0x4e21, 0x3, 'sed\x00', 0x10, 0x8000, 0x2d}, {@multicast1, 0x4e23, 0x2, 0x2, 0x8, 0xfffffffd}}, 0x44) 03:59:15 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:59:15 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x11) r2 = getpgid(r1) sched_setscheduler(r2, 0x5, &(0x7f0000000000)=0x7ff) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_inet_tcp_SIOCINQ(r4, 0x541b, &(0x7f0000000040)) r5 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:15 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x22, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00c@@\x00'/26, @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 3376.392769] binder: 1370:1372 got transaction with invalid offsets size, 13 [ 3376.406234] binder: 1370:1372 transaction failed 29201/-22, size 647-13 line 3338 [ 3376.414770] binder: 1373:1376 unknown command 536871488 03:59:15 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) 03:59:15 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad0700"/96], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) 03:59:15 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:59:15 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x22, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00c@@\x00'/26, @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 3376.414779] binder: 1373:1376 ioctl c0306201 20000140 returned -22 [ 3376.434428] binder: 1375:1378 ioctl c0306201 0 returned -14 [ 3376.451461] binder: 1371:1380 got transaction with invalid offset (0, min 64 max 96) or object. [ 3376.451498] binder: 1371:1380 transaction failed 29201/-22, size 96-24 line 3379 [ 3376.451682] binder: undelivered TRANSACTION_ERROR: 29201 [ 3376.472906] binder: 1386:1388 ioctl c0306201 0 returned -14 [ 3376.490408] binder: release 1387:1389 transaction 3392 out, still active [ 3376.490413] binder: undelivered TRANSACTION_COMPLETE [ 3376.503226] binder: send failed reply for transaction 3392, target dead [ 3376.517907] binder: 1392:1397 got transaction with invalid offset (0, min 64 max 96) or object. [ 3376.517945] binder: 1392:1397 transaction failed 29201/-22, size 96-24 line 3379 [ 3376.518135] binder: undelivered TRANSACTION_ERROR: 29201 [ 3376.543588] binder: release 1400:1403 transaction 3400 out, still active [ 3376.543593] binder: undelivered TRANSACTION_COMPLETE [ 3376.560182] binder: send failed reply for transaction 3400, target dead [ 3376.627276] binder: undelivered TRANSACTION_ERROR: 29201 [ 3376.633843] binder: 1370:1408 got transaction with invalid offsets size, 13 [ 3376.641094] binder: 1370:1408 transaction failed 29201/-22, size 647-13 line 3338 [ 3376.649555] binder: undelivered TRANSACTION_ERROR: 29201 03:59:18 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="61a117b3307b23b9395407b2b081e88c199246832c3229949da9a18a62adc9aa785f96208d25fe88825b860675daa08b2998a0d36ec9580c3fc4f13e6939cbec7d324574fc61270d362a75e3db83bc69c16bb0a7d54ab7c5ad45ddfb1ee741ddfa4decf6c6a1dd9a2184438a8c3cd63684ad45ecfbced5c6556dc3ef2d430b7619b7d8fcf290c00e202f77dbe68c3e6b49679dcbb93101434c57e3be966c6f18e1", @ANYRESHEX, @ANYBLOB="2c726f6f746d6ffb4d79517def14ce85bb8264653d3030300cb841bb30303030303030303030303030303030303030302c75736504079b633d", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:18 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) fallocate(r1, 0x9639e88767b7a37c, 0xfff, 0x400) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0xffffffffffffff08, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:18 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:59:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:18 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x22, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00c@@\x00'/26, @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:18 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x4) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x40200, 0x0) ioctl$ASHMEM_GET_PIN_STATUS(r1, 0x7709, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = gettid() ptrace$setopts(0x4206, r5, 0x0, 0x0) tkill(r5, 0x11) write$cgroup_pid(r4, &(0x7f0000000040)=r5, 0x12) 03:59:18 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:59:18 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x2f, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:18 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$sock_inet_SIOCDELRT(r5, 0x890c, &(0x7f0000000240)={0x0, {0x2, 0x4e21, @remote}, {0x2, 0x4e22, @broadcast}, {0x2, 0x4e22, @loopback}, 0x100, 0x0, 0x0, 0x0, 0xc343, 0x0, 0x0, 0x9, 0x6}) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(r3, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0x8, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="bc000000", @ANYRES16=r6, @ANYBLOB="00032bbd7000fcdbdf250c00000008000400070000000800040097d20000080005000300000020000200080008000676ffff14000100fe80000000000000000000000000001c14000200080006007f00000008000d0001000000540003000800020300030000000800030002000000140002006966623000000000000000000000fcffffffffffff00000114000600ff010000000000000000000000000001080001000300000008000400040000000800060000100000"], 0xbc}}, 0x20000080) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f0000000000)) r8 = accept(r7, &(0x7f0000000440)=@ax25={{0x3, @rose}, [@bcast, @bcast, @default, @default, @rose, @bcast, @netrom, @default]}, &(0x7f00000002c0)=0x80) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r9}, 0x14) setsockopt$packet_drop_memb(r8, 0x107, 0x2, &(0x7f00000004c0)={r9, 0x1, 0x6, @local}, 0x10) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000010000d000000d5fe0000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/88], @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB="a600000000767330d91b6cf93abc9a6dbe79dc0000002800000000fadea2a40d9e911d9929d4"]], 0x0, 0x0, 0x0}) [ 3379.424624] binder_alloc: 1416: binder_alloc_buf, no vma [ 3379.432111] binder: release 1417:1419 transaction 3408 out, still active 03:59:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:18 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000002641ae5d0000000000000000852a627700000000000000000000000000000000000000008561646600000000000000000000000000000000000000000000710000000000da3c1cfd345044b3ac527b3ce07b2aeb8dfc2cfae7dd064ae8c3f48b68a99a2386c404bb51090c10ba70e2a2e85dbd67f56f1f6b35d1b5d5637c292bd25bc201b75509863194dd1e5b856118a71125998ea2802415570c0dd1e605a91bd011857281926a8d3fc351618289833604e423b981dd9ef7f4df27246a22116aca00c5748394cd595cf6a723ef07771045a839c2732df4f6e418f3539e07561c1a693d670fc5b5"]], 0x0, 0x0, 0x0}) 03:59:18 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x2f, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 3379.432116] binder: undelivered TRANSACTION_COMPLETE [ 3379.447883] binder: send failed reply for transaction 3408, target dead [ 3379.475320] binder: 1411:1422 got transaction with invalid offsets ptr [ 3379.475350] binder: 1411:1422 transaction failed 29201/-14, size 96-24 line 3330 [ 3379.475628] binder: undelivered TRANSACTION_ERROR: 29201 [ 3379.506679] binder_alloc: 1425: binder_alloc_buf size 9007208918417504 failed, no address space [ 3379.506686] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3379.506707] binder: 1425:1428 transaction failed 29201/-28, size 9007208918417504-0 line 3284 [ 3379.507005] binder: undelivered TRANSACTION_ERROR: 29201 [ 3379.526997] binder: 1436:1438 got transaction with invalid offsets ptr [ 3379.527723] binder: 1436:1438 transaction failed 29201/-14, size 96-24 line 3330 [ 3379.527911] binder: undelivered TRANSACTION_ERROR: 29201 [ 3379.536500] binder: 1435:1441 got transaction with invalid offsets ptr [ 3379.536527] binder: 1435:1441 transaction failed 29201/-14, size 96-24 line 3330 [ 3379.536707] binder: undelivered TRANSACTION_ERROR: 29201 [ 3379.539476] binder_alloc: 1430: binder_alloc_buf size 4783790408860312 failed, no address space [ 3379.539483] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3379.539501] binder: 1430:1432 transaction failed 29201/-28, size 4503599627371143-280190781489165 line 3284 [ 3379.539899] binder: undelivered TRANSACTION_ERROR: 29201 [ 3379.543134] binder_alloc: 1440: binder_alloc_buf size 9007208918417504 failed, no address space [ 3379.543141] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3379.543160] binder: 1440:1443 transaction failed 29201/-28, size 9007208918417504-0 line 3284 [ 3379.543313] binder: undelivered TRANSACTION_ERROR: 29201 [ 3379.732389] binder: 1416:1418 transaction failed 29189/-3, size 647-13 line 3284 [ 3379.741690] binder: undelivered TRANSACTION_ERROR: 29189 03:59:18 executing program 5: gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x6, 0x0, &(0x7f0000000400), &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = gettid() r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000440)) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000000)) fcntl$dupfd(r2, 0x406, r3) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) r7 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r8 = accept$packet(r7, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000100)=0xfffffffffffffe90) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000340)={'team0\x00', 0x0}) sendto$packet(r8, &(0x7f0000000140)="d7f1f9ed047a53b668e37a482f44eca338748f16cd216decf3663feee4ac97376c6ff4b4a32e6b3fdbb4304c326b057514954712a90a89a9b1aae0f79d11205209fdcccf10e843efa36fd6b93b876f4f347d3e4b2a880886bbefe730ee8633761af4eedc0059a53d4283dad248766e14ccec3e5760d838cce5705b43900a414d54f7c037eb56bd6b0b6a6d1d19e616efb489339bd69d1c65313ed38eb1aa4f18cb95dd5d99a506", 0xa7, 0x1, &(0x7f0000000380)={0x11, 0x4, r9, 0x1, 0x5, 0x6, @broadcast}, 0x14) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r10, 0x8903, &(0x7f0000000000)) setsockopt$sock_linger(r10, 0x1, 0xd, &(0x7f0000000040)={0x1, 0x7}, 0x8) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB="2c72006f746d6f64653d30303030303030303030303030304b30303030303030302c757365725f69643dfa905529b5e38c81d6b1442680", @ANYRESDEC=0x0, @ANYBLOB="2c67736f75705f69643d0f75746dd24f51473bd3829e185d27833c98f56184b7ea337b", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) tkill(r0, 0x1004000000016) r11 = gettid() ptrace$setopts(0x4206, r11, 0x0, 0x0) tkill(r11, 0x11) tkill(r11, 0x2b) 03:59:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:18 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) fcntl$setlease(r1, 0x400, 0x95f886d12a687a7e) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000040)={0x585, 0x0, 0x9}) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x80001, 0x0) r5 = socket$inet6(0xa, 0x80e, 0x800000000002576) ioctl(r5, 0x8912, &(0x7f0000001140)="000000000034e026c9ef05cbcd1a8f8a8f8d77934621665e1cdd6d1591691a7e95229381fc6ed1d0cba27e019af0f8c47488389aeb55b07b19c295c605d6f6aba590f507085e29fd58197be111e510e3223a8e130e00fb265fe4b6a8e8ade875b8bde60976257b462f1e533437e2ac9b9ba82f00d4196025075b934e284aab778d287e39313b4314623efd1aca89344e9e2ff0c445c3284bc2a59ab02318c58c4543b9a4e18d0990102b11bfc3c85e887cf43b49cb8eea04ae0710393485b182033500ad49fab5cb4f12a5882836b34e252da44a1561") setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000d4b000)=ANY=[@ANYBLOB="0a00000000000000ff010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000005000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100"/776], 0x310) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f00000018c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000fbff00010959158b9ac821b0050000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000004000000000020ffef0000000000000000000000000000cf0000000000000000000000007fb593c60000000000000000000000000000000092dfc8107ac7b075a58b501b8082b9a4dc307674d93199e766e3b9e1736003bc418ff8495f254848398cea23373ca80b77a2748307b62f6703160ac41bb3525155eb439b16cfcd86ee763e82564116b6303b8412d8557873ed89b548be7b94d580d2ab543ed1d62ac1b2691118501e8ed0e9d0dcfd4adad9d8d7e97cd25155f9c423edaebc8978c8fee669d5fb4b452ee3c37a68c9c2cc75b112ed174fb2e04456e0501938bf90900bae315376af11ec7260baa755038546c8857ee44088a19f0ec58f5c51a9a60fc71486a333321cf066211d3f556fceea7ff39b9f5b80725e66ed764692720c631fed7529e67c55a283a88f35368c3f5c023d48163a6d0900996227882fec5a77256fdb07ce69105c8904aff0a359e0eba663e5a5359e2a6c4cda44e30ba5a05e2dcba9d9720fb4348c1760471ec3339810432284372e855953fd52de2f09b18ce328921b62b92077d39025bac6086c73afa1ac31a4ad9cbac6a9672b95acdcc3f45e1201d05906176a83a0103e5a64d13fd5ff3877e28b6d9da915cb6718a4d813f6ffbc210d0db3bc27442e9e7ea3219a57915aaaa2671436905afa17448a388d6ae1324626aa794c137d1a91fbb49a5f577d01ae975dc63ad002587b6565194391e347c2a4a3c140b0a93c426dd3315db57c9bfb8e776047e095cb63684b69e2ef3f9e4fc30c5bc219a2fcd5ce918d1c349892bc66adf842d81179e8601325c136f00d00bd6a9762f6de89ee544a894c0814fba168545dcd86e31d6acddb63650489bfad31004dbb880c65f88b6890a49bcd12dea18b06b99429f80977af6d7410a0fc7b4e51ea1640302ef587ed94925aef4134eca31d1be02569807ddece6cd3633042b8f06fd0994e7a2f2e0e7c59db863a35e06429b4f8b982a08939a0d8ebf2b790125ff845a6e9d143e48d6b80a958125bdfef81c66512ceeeabcaab3b7e86564a08ae1a34909d027cf71a90d92324b572f3f1cc0b864217d3fcf7ab633701e5c90dae4c6fcbe7bb963b5ffd015cdb4b1752866f4de4ccbc23ee162e507b0f777f69a8a510e272e5387eabeefb1116db37f679982675ee5ece99a4163c75872eefb451e455734672db847872dae04a"], 0x1) getsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x22, &(0x7f0000001340)={{{@in=@multicast1, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}}}, &(0x7f0000000140)=0x1b7) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x2000000, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r6}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) mount(&(0x7f0000000280)=ANY=[@ANYRES64=r4, @ANYRESDEC=r6, @ANYRESOCT=r4], 0x0, 0x0, 0x80000, 0x0) r7 = getegid() write$FUSE_CREATE_OPEN(r3, &(0x7f0000000440)={0xa0, 0x0, 0x3, {{0x6, 0x0, 0x9b5, 0x401, 0x5e5d, 0x1000, {0x0, 0x1, 0x9, 0x9, 0x10000, 0x2, 0x79ed, 0x0, 0x9, 0x7fffffff, 0x1c2e, r6, r7, 0x40, 0x80}}}}, 0xa0) r8 = syz_open_dev$binderN(0x0, 0x0, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r9, 0x8903, &(0x7f0000000000)) ioctl$sock_SIOCADDDLCI(r9, 0x8980, &(0x7f0000000400)={'eql\x00', 0xcf}) r10 = accept(r9, &(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000340)=0x80) getsockopt$inet6_mtu(r10, 0x29, 0x17, &(0x7f0000000380), &(0x7f00000003c0)=0x4) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000140)={0xfffffe9a, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000878edeffffffffff0c00"/52, @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a68770000000000000000000000000000000000000000f83fb8e5193f4b402dab32873da9345190c9b2b09132de73b058bc961746cb6ef52f53ee39001c8fd5b3bc748e066eb93941a27dada1b0a9de85124845d8fedbb00394d0d4dc946f76da9d6b8ad58a84681ccab4ab6de24b64dd5aea8a04e7bfce8f256e9d4e9540c3d0"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) 03:59:18 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x34, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000"], 0x0, 0x0, 0x0}) 03:59:18 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x2f, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:18 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a7470000000000000000000000000800000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a68770000000000000000000000000000000000000000a25765317d8b80fcdbb456a7b95938635f612d3dd2a3eebce9dc07b1f97ed34dfcdb16ac11835048941cf1987687d1cbfb828771affab3da00000000000000"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) 03:59:18 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x4000000000802, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000000)={{}, 'syz0\x00', 0xe}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) write$uinput_user_dev(r0, &(0x7f0000000880)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000]}, 0x45c) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR, @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:18 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x34, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000"], 0x0, 0x0, 0x0}) 03:59:18 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x36, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 3380.121432] binder: 1458:1459 ioctl c0185879 20000040 returned -22 [ 3380.134793] binder: 1462:1465 got transaction with invalid offsets size, 13 [ 3380.138311] binder_alloc: 1461: binder_alloc_buf size 9007208918417504 failed, no address space 03:59:18 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x6}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) gettid() r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0xd53bdba66349b5f0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000080)=0x0) write$FUSE_LK(r1, &(0x7f0000000100)={0x28, 0x0, 0x5, {{0x5, 0x9, 0x1, r2}}}, 0x28) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/mls\x00', 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@loopback, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@mcast2}}, &(0x7f0000000280)=0xe8) r7 = socket$inet_udplite(0x2, 0x2, 0x88) fstat(r7, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r8, 0x0) getgroups(0x3, &(0x7f00000002c0)=[0x0, r8, 0xee01]) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@loopback, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@broadcast}}, &(0x7f00000008c0)=0xe8) mount$fuseblk(&(0x7f0000000180)='/dev/loop0\x00', &(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000200)='fuseblk\x00', 0x1000000, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=r6, @ANYBLOB=',group_id=', @ANYRESDEC=r9, @ANYBLOB=',max_read=0x0000000000000000,default_permissions,default_permissions,default_permissions,max_read=0x0000000000000000,allow_other,blksize=0x0000000000001e00,default_permissions,default_permissions,ud>', @ANYRESDEC=r10, @ANYBLOB=',\x00']) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, &(0x7f0000000140)='syz0\x00', 0x200002, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB="2c726f6f746d6f6465b800000000000000303030303070303030304f30303030302c75736d725f69643d303cc1e389bb8b55ec93aa292b58cbcda28d04c529f096ab185a993032857fbf7d1fcea9f6c5666d6228b6745a01878ca6ad9f03341177bf80cfbd874f39f08b7e433bfb6ecd20859c83bd331fa1d3a90039fa59168f2f545d50d22463e0ff3fb4c5ae3a0de283619aa46b987358bca5b6fd2f1abfd3e0350e3b8a98b9d8e956", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) tkill(r2, 0x96) tkill(r0, 0x1000000000016) 03:59:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR, @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:18 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x36, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 3380.138318] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:59:18 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x34, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000"], 0x0, 0x0, 0x0}) [ 3380.138336] binder: 1461:1466 transaction failed 29201/-28, size 9007208918417504-0 line 3284 03:59:19 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x36, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:19 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR, @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:19 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR], 0x0, 0x0, 0x0}) [ 3380.138481] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.143110] binder: 1460:1464 got transaction with invalid data ptr [ 3380.143136] binder: 1460:1464 transaction failed 29201/-14, size 96-24 line 3316 [ 3380.143296] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.146999] binder: 1456:1467 got transaction with invalid offsets ptr [ 3380.147022] binder: 1456:1467 transaction failed 29201/-14, size 96-24 line 3330 [ 3380.147363] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.195686] binder: 1473:1475 got transaction with invalid data ptr [ 3380.195716] binder: 1473:1475 transaction failed 29201/-14, size 96-24 line 3316 [ 3380.195904] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.213459] input: syz0 as /devices/virtual/input/input571 [ 3380.217816] binder: 1477:1482 got transaction with invalid data ptr [ 3380.217844] binder: 1477:1482 transaction failed 29201/-14, size 96-24 line 3316 [ 3380.218040] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.231150] binder: 1472:1480 got transaction with invalid offsets size, 13 [ 3380.231178] binder: 1472:1480 transaction failed 29201/-22, size 647-13 line 3338 [ 3380.237405] binder_alloc: 1479: binder_alloc_buf size 35184409837688 failed, no address space [ 3380.237412] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3380.237429] binder: 1479:1483 transaction failed 29201/-28, size 96-35184409837592 line 3284 [ 3380.237569] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.266697] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.282169] input: syz0 as /devices/virtual/input/input572 [ 3380.286662] binder: BINDER_SET_CONTEXT_MGR already set [ 3380.286670] binder: 1472:1491 ioctl 40046207 0 returned -16 [ 3380.287836] binder_alloc: 1488: binder_alloc_buf size 35184409837688 failed, no address space [ 3380.287843] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3380.287862] binder: 1488:1493 transaction failed 29201/-28, size 96-35184409837592 line 3284 [ 3380.288016] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.291530] binder: 1472:1497 transaction failed 29189/-22, size 647-13 line 3138 [ 3380.297351] binder: 1487:1496 got transaction with invalid data ptr [ 3380.297379] binder: 1487:1496 transaction failed 29201/-14, size 96-24 line 3316 [ 3380.297587] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.319879] binder: 1492:1498 got transaction with invalid data ptr [ 3380.319907] binder: 1492:1498 transaction failed 29201/-14, size 96-24 line 3316 [ 3380.320245] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.329106] binder: undelivered TRANSACTION_ERROR: 29189 [ 3380.352616] binder_alloc: 1500: binder_alloc_buf size 35184409837688 failed, no address space [ 3380.352623] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3380.352642] binder: 1500:1501 transaction failed 29201/-28, size 96-35184409837592 line 3284 [ 3380.352852] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.365067] binder: 1504:1507 got transaction with invalid data ptr [ 3380.365094] binder: 1504:1507 transaction failed 29201/-14, size 96-24 line 3316 [ 3380.367634] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.368932] binder: 1506:1508 got transaction with invalid data ptr [ 3380.368955] binder: 1506:1508 transaction failed 29201/-14, size 96-24 line 3316 [ 3380.369116] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.691316] binder: 1462:1465 transaction failed 29201/-22, size 647-13 line 3338 [ 3380.700778] binder: undelivered TRANSACTION_ERROR: 29201 03:59:19 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$cgroup_ro(r2, &(0x7f00000002c0)='rdma.current\x00', 0x0, 0x0) r4 = getpgid(0x0) write$FUSE_LK(r3, &(0x7f0000000300)={0x28, 0x0, 0x7, {{0x200, 0x7, 0x0, r4}}}, 0x28) r5 = request_key(&(0x7f0000000000)='rxrpc\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000240)='/dev/binder#\x00', 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, 0x0, &(0x7f0000000280)=@keyring={'key_or_keyring:'}) r6 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000800000000000852a627700000000bf05b39c00000000000000000000794cd938687700"/88], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) 03:59:19 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x39, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:19 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000100)={0x3}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) fcntl$getownex(r1, 0x10, &(0x7f00000000c0)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a68770000000000000000000008000000000000000000d38e6aaa130520f3d5fb0f9dc519f9c3b2ee29e7b6073d82caabb5a81ef4da5dd67c5399ad9c7b4e766550358537d4fa85da8d4f7540c6786f97120827b0cf83439833aa47770e7365371e3699e957e1816c5df2816f17094c1279a583da9aa7e929b97602d387d7e491d9fc0ae599fef55bc7ac35a11c52befac92cad3a0070264c9998176346d34718702cd5ecd5fefacdf5625a5186c19a24dedab64d36dc92cbf7aac9fcee8cc577518c035b5e50e8949e15ed42eb5ca94da38e206463be07684f0975b33122883a5718995b55905160c70af65411870083772e6645fbba2d8c73c4ed66fad4c7e87f2b582d327d05"], @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB="a6000008000000002802000000000000400000000000000087df583eb049f59395b0"]], 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps_rollup\x00') bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={r2, 0x6, 0x3, 0x0, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8}, 0x20) 03:59:19 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR], 0x0, 0x0, 0x0}) 03:59:19 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) [ 3380.706445] binder: BINDER_SET_CONTEXT_MGR already set [ 3380.711728] binder: 1462:1516 ioctl 40046207 0 returned -16 [ 3380.737166] binder_alloc: 1519: binder_alloc_buf size 633318697599096 failed, no address space [ 3380.747663] binder: 1518:1522 got transaction with invalid offset (0, min 0 max 96) or object. [ 3380.747692] binder: 1518:1522 transaction failed 29201/-22, size 96-24 line 3379 [ 3380.748076] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.749169] binder: 1521:1524 got transaction with invalid offsets size, 13 [ 3380.749193] binder: 1521:1524 transaction failed 29201/-22, size 647-13 line 3338 [ 3380.749784] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.751619] binder: 1525:1527 got transaction with invalid data ptr [ 3380.751639] binder: 1525:1527 transaction failed 29201/-14, size 96-24 line 3316 [ 3380.751792] binder: undelivered TRANSACTION_ERROR: 29201 [ 3380.837780] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3380.846679] binder: 1519:1523 transaction failed 29201/-28, size 96-633318697599000 line 3284 [ 3380.857393] binder: undelivered TRANSACTION_ERROR: 29201 03:59:21 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000000000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="98f6475d0ea3a8c64c28f5400da0818de3c9e7c841a00efb563c9e149d85fd15af86c697ef74076c9b17b207e2e8b6c7ffec87cb17a3e3817786311a3c8940c4bbb327b7ab5c4991d96d472632b52cc27b5d0a2d35f355632d4da1659f74383d87a0fe529a78eaa76ff26dd66ce1286555fa5ad3b07a71c026aafaadd32d54ff580feeeb624f95fde9b76b185ccdd04f000131991e3be10b9d0bac6dcf4c415ed8f52a71222b83c087ff2fa12c66919d36bace7c228f27b93a6e9d1755a7abc511b918", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:21 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:21 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x101200, 0x0) ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0xe00000000000) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet6_tcp_TLS_RX(r3, 0x6, 0x2, &(0x7f0000000000)=@gcm_256={{0x303}, "cebb786cfe381327", "e07ea318c5eb39662b2c999c85ce525547a216faba08e91f08a8e516d010dc36", "ffb16ee0", "eff8b41c97d4df4f"}, 0x38) r4 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder={0x77622a85, 0x1000}, @flat=@weak_handle}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:21 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR], 0x0, 0x0, 0x0}) 03:59:21 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c, 0x18, &(0x7f00000002c0)={@ptr={0x70742a85, 0x0, 0x0}, @fda={0x66646185, 0x2, 0x0, 0x32}, @flat=@weak_handle={0x77682a85, 0x0, 0x2}}, &(0x7f0000000180)={0x0, 0x28, 0x48}}}], 0x0, 0x0, 0x0}) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x402000, 0x0) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x20) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) getpeername$packet(r2, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000380)=0x14) setsockopt$inet6_mreq(r6, 0x29, 0x1b, &(0x7f00000003c0)={@mcast2, r7}, 0x14) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)={0x0, r4, 0x1c}, 0x10) r8 = gettid() r9 = socket$inet6(0xa, 0x80001, 0x0) r10 = socket$inet6(0xa, 0x80e, 0x800000000002576) ioctl(r10, 0x8912, &(0x7f0000001140)="000000000034e026c9ef05cbcd1a8f8a8f8d77934621665e1cdd6d1591691a7e95229381fc6ed1d0cba27e019af0f8c47488389aeb55b07b19c295c605d6f6aba590f507085e29fd58197be111e510e3223a8e130e00fb265fe4b6a8e8ade875b8bde60976257b462f1e533437e2ac9b9ba82f00d4196025075b934e284aab778d287e39313b4314623efd1aca89344e9e2ff0c445c3284bc2a59ab02318c58c4543b9a4e18d0990102b11bfc3c85e887cf43b49cb8eea04ae0710393485b182033500ad49fab5cb4f12a5882836b34e252da44a1561") setsockopt$inet6_MCAST_MSFILTER(r9, 0x29, 0x30, &(0x7f0000d4b000)=ANY=[@ANYBLOB="0a00000000000000ff010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000005000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100"/776], 0x310) setsockopt$inet6_MCAST_MSFILTER(r9, 0x29, 0x30, &(0x7f00000018c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000fbff00010959158b9ac821b0050000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000004000000000020ffef0000000000000000000000000000cf0000000000000000000000007fb593c60000000000000000000000000000000092dfc8107ac7b075a58b501b8082b9a4dc307674d93199e766e3b9e1736003bc418ff8495f254848398cea23373ca80b77a2748307b62f6703160ac41bb3525155eb439b16cfcd86ee763e82564116b6303b8412d8557873ed89b548be7b94d580d2ab543ed1d62ac1b2691118501e8ed0e9d0dcfd4adad9d8d7e97cd25155f9c423edaebc8978c8fee669d5fb4b452ee3c37a68c9c2cc75b112ed174fb2e04456e0501938bf90900bae315376af11ec7260baa755038546c8857ee44088a19f0ec58f5c51a9a60fc71486a333321cf066211d3f556fceea7ff39b9f5b80725e66ed764692720c631fed7529e67c55a283a88f35368c3f5c023d48163a6d0900996227882fec5a77256fdb07ce69105c8904aff0a359e0eba663e5a5359e2a6c4cda44e30ba5a05e2dcba9d9720fb4348c1760471ec3339810432284372e855953fd52de2f09b18ce328921b62b92077d39025bac6086c73afa1ac31a4ad9cbac6a9672b95acdcc3f45e1201d05906176a83a0103e5a64d13fd5ff3877e28b6d9da915cb6718a4d813f6ffbc210d0db3bc27442e9e7ea3219a57915aaaa2671436905afa17448a388d6ae1324626aa794c137d1a91fbb49a5f577d01ae975dc63ad002587b6565194391e347c2a4a3c140b0a93c426dd3315db57c9bfb8e776047e095cb63684b69e2ef3f9e4fc30c5bc219a2fcd5ce918d1c349892bc66adf842d81179e8601325c136f00d00bd6a9762f6de89ee544a894c0814fba168545dcd86e31d6acddb63650489bfad31004dbb880c65f88b6890a49bcd12dea18b06b99429f80977af6d7410a0fc7b4e51ea1640302ef587ed94925aef4134eca31d1be02569807ddece6cd3633042b8f06fd0994e7a2f2e0e7c59db863a35e06429b4f8b982a08939a0d8ebf2b790125ff845a6e9d143e48d6b80a958125bdfef81c66512ceeeabcaab3b7e86564a08ae1a34909d027cf71a90d92324b572f3f1cc0b864217d3fcf7ab633701e5c90dae4c6fcbe7bb963b5ffd015cdb4b1752866f4de4ccbc23ee162e507b0f777f69a8a510e272e5387eabeefb1116db37f679982675ee5ece99a4163c75872eefb451e455734672db847872dae04a"], 0x1) getsockopt$inet6_IPV6_IPSEC_POLICY(r10, 0x29, 0x22, &(0x7f0000001340)={{{@in=@multicast1, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}}}, &(0x7f0000000140)=0x1b7) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x2000000, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, r11}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) mount(&(0x7f0000000280)=ANY=[@ANYRES64=r9, @ANYRESDEC=r11, @ANYRESOCT=r9], 0x0, 0x0, 0x80000, 0x0) setreuid(0xee00, r11) getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@remote, @in=@remote}}, {{@in6=@loopback}, 0x0, @in=@multicast1}}, &(0x7f0000000540)=0xe8) write$P9_RGETLOCK(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="2b000000370200007f00000000000000d200000000000000", @ANYRES32=r8, @ANYBLOB="0d002f7989c262196465762f62696e"], 0x2b) pivot_root(&(0x7f0000000240)='./file1\x00', &(0x7f0000000400)='./file0\x00') 03:59:21 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x39, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:22 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:22 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:22 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:22 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$binderN(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x2) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4c, 0x0, &(0x7f0000000340)=[@release={0x40046306, 0x2}], 0x0, 0x0, 0x0}) [ 3383.260026] binder_alloc: 1539: binder_alloc_buf size 633318697599096 failed, no address space [ 3383.260702] binder: 1538:1540 got transaction with invalid offset (0, min 0 max 96) or object. 03:59:22 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:22 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0x0, 0x2}}, &(0x7f0000000180)={0x252, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3383.260728] binder: 1538:1540 transaction failed 29201/-22, size 96-24 line 3379 [ 3383.261079] binder: undelivered TRANSACTION_ERROR: 29201 [ 3383.288789] binder: 1537:1543 got transaction with invalid data ptr [ 3383.288815] binder: 1537:1543 transaction failed 29201/-14, size 96-24 line 3316 [ 3383.293219] binder: undelivered TRANSACTION_ERROR: 29201 [ 3383.322889] binder: 1552:1555 got transaction with invalid offsets size, 13 [ 3383.322919] binder: 1552:1555 transaction failed 29201/-22, size 647-13 line 3338 [ 3383.323074] binder: undelivered TRANSACTION_ERROR: 29201 [ 3383.329000] binder: 1547:1556 got transaction with invalid offset (0, min 0 max 96) or object. [ 3383.329027] binder: 1547:1556 transaction failed 29201/-22, size 96-24 line 3379 [ 3383.329200] binder: undelivered TRANSACTION_ERROR: 29201 [ 3383.343371] binder: 1553:1558 Release 1 refcount change on invalid ref 2 ret -22 [ 3383.343378] binder: 1553:1558 unknown command 0 [ 3383.343386] binder: 1553:1558 ioctl c0306201 20000140 returned -22 [ 3383.350492] binder: 1554:1559 got transaction with invalid offsets ptr [ 3383.350537] binder: 1554:1559 transaction failed 29201/-14, size 96-24 line 3330 [ 3383.350840] binder: undelivered TRANSACTION_ERROR: 29201 [ 3383.376545] binder: 1560:1565 got transaction with invalid offset (0, min 0 max 96) or object. [ 3383.376576] binder: 1560:1565 transaction failed 29201/-22, size 96-24 line 3379 [ 3383.376766] binder: undelivered TRANSACTION_ERROR: 29201 [ 3383.377987] binder: 1564:1566 got transaction with invalid offset (594, min 0 max 88) or object. [ 3383.378011] binder: 1564:1566 transaction failed 29201/-22, size 88-24 line 3379 [ 3383.378260] binder: undelivered TRANSACTION_ERROR: 29201 [ 3383.391018] binder: 1564:1570 got transaction with invalid offset (594, min 0 max 88) or object. [ 3383.391045] binder: 1564:1570 transaction failed 29201/-22, size 88-24 line 3379 [ 3383.391282] binder: undelivered TRANSACTION_ERROR: 29201 [ 3383.572574] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3383.581446] binder: 1539:1542 transaction failed 29201/-28, size 96-633318697599000 line 3284 [ 3383.592095] binder: undelivered TRANSACTION_ERROR: 29201 03:59:22 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) r4 = accept4(r2, &(0x7f0000000040)=@xdp, &(0x7f0000000100)=0x80, 0x800) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'veth1\x00'}) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:22 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:22 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x400120, 0x200) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='e\x02inux/avc/cach\x99_thu=shold\x00', 0x2, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:22 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:22 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) splice(0xffffffffffffffff, &(0x7f0000000000), r0, &(0x7f0000000040), 0xde43, 0x2) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) fcntl$setsig(r0, 0xa, 0x5) 03:59:22 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x39, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:22 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:22 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3b, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:22 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 3384.039225] binder: 1582:1584 got transaction with invalid offsets size, 13 [ 3384.047657] binder: 1587:1588 got transaction with invalid offset (0, min 0 max 96) or object. [ 3384.047686] binder: 1587:1588 transaction failed 29201/-22, size 96-24 line 3379 03:59:22 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0xc) ioctl$TUNSETCARRIER(r1, 0x400454e2, &(0x7f0000000040)=0x1) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:22 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3b, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:22 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) [ 3384.047886] binder: undelivered TRANSACTION_ERROR: 29201 [ 3384.048254] binder_alloc: 1580: binder_alloc_buf size 633318697599096 failed, no address space [ 3384.048260] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3384.048279] binder: 1580:1585 transaction failed 29201/-28, size 96-633318697599000 line 3284 [ 3384.048575] binder: undelivered TRANSACTION_ERROR: 29201 [ 3384.049535] binder: 1581:1589 unknown command 536871488 [ 3384.049543] binder: 1581:1589 ioctl c0306201 20000140 returned -22 [ 3384.082714] binder: 1586:1591 got transaction with invalid offsets size, 13 [ 3384.082745] binder: 1586:1591 transaction failed 29201/-22, size 647-13 line 3338 [ 3384.083468] binder: undelivered TRANSACTION_ERROR: 29201 [ 3384.106131] binder_alloc: 1594: binder_alloc_buf size 4611686018427388024 failed, no address space [ 3384.106138] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3384.106159] binder: 1594:1599 transaction failed 29201/-28, size 96-4611686018427387928 line 3284 [ 3384.106514] binder: undelivered TRANSACTION_ERROR: 29201 [ 3384.121379] binder: 1597:1600 got transaction with invalid offset (0, min 0 max 96) or object. [ 3384.121407] binder: 1597:1600 transaction failed 29201/-22, size 96-24 line 3379 [ 3384.121643] binder: undelivered TRANSACTION_ERROR: 29201 [ 3384.123530] binder: 1598:1601 unknown command 536871488 [ 3384.123539] binder: 1598:1601 ioctl c0306201 20000140 returned -22 [ 3384.141600] binder: 1603:1608 got transaction with invalid offsets size, 13 [ 3384.141636] binder: 1603:1608 transaction failed 29201/-22, size 647-13 line 3338 [ 3384.141950] binder: undelivered TRANSACTION_ERROR: 29201 [ 3384.164368] binder: 1603:1609 got transaction with invalid offsets size, 13 [ 3384.164397] binder: 1603:1609 transaction failed 29201/-22, size 647-13 line 3338 [ 3384.164721] binder: undelivered TRANSACTION_ERROR: 29201 [ 3384.176123] binder_alloc: 1607: binder_alloc_buf size 4611686018427388024 failed, no address space [ 3384.176131] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3384.176149] binder: 1607:1612 transaction failed 29201/-28, size 96-4611686018427387928 line 3284 [ 3384.176311] binder: undelivered TRANSACTION_ERROR: 29201 [ 3384.185610] binder: 1611:1615 got transaction with invalid offset (64, min 64 max 96) or object. [ 3384.185649] binder: 1611:1615 transaction failed 29201/-22, size 96-24 line 3379 [ 3384.185831] binder: undelivered TRANSACTION_ERROR: 29201 [ 3384.412309] binder: 1582:1584 transaction failed 29201/-22, size 647-13 line 3338 [ 3384.421632] binder: undelivered TRANSACTION_ERROR: 29201 03:59:23 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:23 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:23 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x3b, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="006340400000000000000000000000000000000000000000000000000000000000000000600000000000000018000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:23 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:23 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f00000000c0)={{0x2, 0x4e20, @empty}, {0x306, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x2, {0x2, 0x4e20, @remote}, 'netdevsim0\x00'}) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0x44, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0f630c4003000000000000000000000008631040030000000000000000000000000000000e630c400100020000000000000200000863104003000000000001000000eeffffffffffffff000963104003000000000000000000000000000000106308400000004000000000000000fffffffffffffff70000009019cade9876d7957711a33119d65c77fbfe69f9de6dc9a0ad64bc779c5e4b3bf6955a01184b4b3edaadea0fe7c0e25145893a9aaceedc87e6718d03340a147a1b3f768ea3f8bbe69bbd8fb0e4c3"], 0xffffffffffffffde, 0x0, 0x0}) recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000180)=""/168, 0xa8, 0x20, &(0x7f0000000000)={0xa, 0x4e24, 0x7, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x2aa}, 0x1c) 03:59:23 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:23 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)) getsockname(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f0000000240)=0x80) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000280)={0x2, 'vlan0\x00'}, 0x18) r2 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3384.932974] binder_alloc: 1626: binder_alloc_buf size 4611686018427388024 failed, no address space [ 3384.945210] binder: 1630:1632 got transaction with invalid offset (64, min 64 max 96) or object. [ 3384.945932] binder: 1630:1632 transaction failed 29201/-22, size 96-24 line 3379 03:59:23 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) r6 = syz_genetlink_get_family_id$team(&(0x7f0000000080)='team\x00') getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000680)={{{@in6=@mcast2, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}}}, &(0x7f0000000780)=0xe8) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r8, 0x8903, &(0x7f0000000000)) recvmsg(r8, &(0x7f00000008c0)={&(0x7f00000007c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f0000000840)=[{&(0x7f0000001500)=""/4096, 0x1000}], 0x1, &(0x7f0000000880)=""/32, 0x20}, 0x2) r10 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r11 = dup(r10) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) getsockopt$inet6_IPV6_XFRM_POLICY(r11, 0x29, 0x23, &(0x7f0000000900)={{{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}}}, &(0x7f0000000a00)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000a40)={'team0\x00', 0x0}) accept4(r4, &(0x7f0000000a80)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000b00)=0x80, 0x80000) r15 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r16 = dup(r15) ioctl$PERF_EVENT_IOC_ENABLE(r16, 0x8912, 0x400200) getsockname$packet(r16, &(0x7f0000000b40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000b80)=0x14) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000bc0)={'bridge0\x00', 0x0}) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r19}, 0x14) r20 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r21 = dup(r20) ioctl$PERF_EVENT_IOC_ENABLE(r21, 0x8912, 0x400200) getsockopt$inet6_IPV6_IPSEC_POLICY(r21, 0x29, 0x22, &(0x7f0000000c00)={{{@in6, @in6=@ipv4={[], [], @empty}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000d00)=0xe8) getsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000d40)={@mcast2, 0x0}, &(0x7f0000000d80)=0x14) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000dc0)={@broadcast, @remote, 0x0}, &(0x7f0000000e00)=0xc) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r25}, 0x14) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r26}, 0x14) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000f00)={'team0\x00', r26}) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r28}, 0x14) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000fc0)={'team0\x00', 0x0}) accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@remote, r30}, 0x14) sendmsg$TEAM_CMD_OPTIONS_GET(r5, &(0x7f0000001040)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x82080020}, 0xc, &(0x7f0000001000)={&(0x7f0000002500)={0x7fc, r6, 0x300, 0x70bd29, 0x25dfdbfe, {}, [{{0x8}, {0x1b4, 0x2, [{0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8, 0x4, 0x200}}, {0x8, 0x6, r9}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r12}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x2cd}}, {0x8}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'broadcast\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r13}}}]}}, {{0x8, 0x1, r14}, {0x3c, 0x2, [{0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x8}}}]}}, {{0x8, 0x1, r17}, {0x1c0, 0x2, [{0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x6}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r18}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r19}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r22}}}]}}, {{0x8, 0x1, r23}, {0x160, 0x2, [{0x3c, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0xc, 0x4, 'random\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r24}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r25}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x20}}}]}}, {{0x8, 0x1, r27}, {0x22c, 0x2, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r28}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x40}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x80}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r29}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x81}}, {0x8}}}]}}, {{0x8, 0x1, r30}, {0x7c, 0x2, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x7}}, {0x8}}}]}}]}, 0x7fc}, 0x1, 0x0, 0x0, 0x4001}, 0x80) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:23 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:23 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) vmsplice(r1, &(0x7f00000005c0)=[{&(0x7f0000000000)="423c4b98b7bb47ebbcf873c00d8e59d013c8331258556e3928c5eb829cc3e630c09bc52148b16c7a05166863295e22b456c249bf535b31f4e7f12bd62bb9a980a6d2b4bf2111631cd5ac90bbd4ae", 0x4e}, {&(0x7f0000000240)="780835152e86d70d2adfb80d986e6bf6f63ea7da83562ecde3e34d", 0x1b}, {&(0x7f0000000280)="f88863386d9f2482353946fec74056950dc858079819af6f8ebf5c43d338367dfb29e34682bd8195af7147f58ff880677063ab3ecf1cace05551b47aa77ff7971ad9433600ac3c79697ee9f8e9500da9507ed24c46917973e7adfadec966b184510293e9cc29ad90d3506dead7af785a385b4f9ea769b4f389d1e4983ef8e09169a9187f93f2660e4a1a3cc9790303068ef20058486c8a9772422e88d1c8", 0x9e}, {&(0x7f0000000340)="cb93e946be01177789178156e42ace82232cd867b6a335bcc772544e3a98fb1f9ce87c27e5075f89a8260d61cd7afaaded7e5175a4fdb2165b75634b8b0e73185b6c90d79de3db3316a7c56adf08010ffcdce89edea521e6defa0590ed22d56ad8290cffb3b84f14cdeb24fb63f77d232d04fdb7fb040dc0ef42b0eb5d0af6b44c5ab7645eadc30ad687edc9fb148b16b9d318b9ce7f1ff7bcc69c5c100f02b43fbf76dc03f75c661537b9f0b7597726be8e2973ff5c11cd1758709f4178c806b59a3fbdce8fc02169d9b4453bc33af6df6da976fe589a764f8ea2f8", 0xdc}, {&(0x7f0000000440)="c9c2b10913ca619cae4fd47160eb2f7d3f6f98", 0x13}, {&(0x7f0000000480)="590dd4c08502e045d5c99ac72d0f08ceb9c9a9c787bf3be3b14615bb50dae10d397e8159a97d16be4928d4c82746cea9ddd8801d8b051a81a5f3b05a71272aeeb7a27362cf1ec011134ea73083089245743f4c5c27b5bdc99d5db555a6044893e4cf982b8a68d3f938d815d8", 0x6c}, {&(0x7f0000000500)="f34cdf4aacc97da153d35396069e4a54b11f32542a354f4d5a85abd4e576c450132df9f5b21a19dba5068a9d86011ad875c2c998b76643c1783fb1a68ec2092ee7", 0x41}, {&(0x7f0000000580)="219c7faaf57f7af8ab7d66506059252a4af984c53156520089f6fbc99881914a14161fb1f5d685915fbc32596c", 0x2d}], 0x8, 0x1) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:23 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000b"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:23 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) write$FUSE_STATFS(r1, &(0x7f0000000240)={0x60, 0x0, 0x8, {{0x8000, 0x15c6, 0x7, 0x0, 0x7, 0x9e, 0x45bc, 0x5}}}, 0x60) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle={0x77682a85, 0x0, 0x4}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3384.946289] binder: undelivered TRANSACTION_ERROR: 29201 [ 3384.949066] binder: 1627:1631 got transaction with invalid offsets size, 13 03:59:23 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000b"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:23 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 3384.949089] binder: 1627:1631 transaction failed 29201/-22, size 647-13 line 3338 [ 3384.949226] binder: undelivered TRANSACTION_ERROR: 29201 [ 3384.982663] binder: 1629:1634 unknown command 536871488 [ 3384.982671] binder: 1629:1634 ioctl c0306201 20000140 returned -22 [ 3384.997359] binder: 1640:1641 got transaction with invalid offsets size, 13 [ 3384.997380] binder: 1640:1641 transaction failed 29201/-22, size 647-13 line 3338 [ 3384.997580] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.012343] binder: 1639:1642 got transaction with invalid offset (64, min 64 max 96) or object. [ 3385.012381] binder: 1639:1642 transaction failed 29201/-22, size 96-24 line 3379 [ 3385.012572] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.021273] binder: 1640:1643 got transaction with invalid offsets size, 13 [ 3385.021298] binder: 1640:1643 transaction failed 29201/-22, size 647-13 line 3338 [ 3385.021639] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.044670] binder: 1644:1650 unknown command 536871488 [ 3385.044679] binder: 1644:1650 ioctl c0306201 20000140 returned -22 [ 3385.052535] binder: 1649:1652 got transaction with invalid offsets size, 13 [ 3385.052561] binder: 1649:1652 transaction failed 29201/-22, size 647-13 line 3338 [ 3385.052771] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.060149] binder: 1653:1656 got transaction with out-of-order buffer fixup [ 3385.060186] binder: 1653:1656 transaction failed 29201/-22, size 96-24 line 3467 [ 3385.060370] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.067333] binder: 1655:1658 got transaction with invalid handle, 4 [ 3385.067372] binder: 1655:1658 transaction failed 29201/-22, size 88-24 line 3411 [ 3385.067531] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.074927] binder: 1655:1659 got transaction with invalid handle, 4 [ 3385.074965] binder: 1655:1659 transaction failed 29201/-22, size 88-24 line 3411 [ 3385.076429] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.112447] binder: 1661:1667 got transaction with out-of-order buffer fixup [ 3385.112482] binder: 1661:1667 transaction failed 29201/-22, size 96-24 line 3467 [ 3385.112668] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.114975] binder: 1664:1668 unknown command 536871488 [ 3385.114983] binder: 1664:1668 ioctl c0306201 20000140 returned -22 [ 3385.325990] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3385.334831] binder: 1626:1628 transaction failed 29201/-28, size 96-4611686018427387928 line 3284 03:59:24 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000b"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:24 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000009c00000000000000000000000000852a687700"/88], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) 03:59:24 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x4000, 0x0) fchmod(r1, 0x20) r2 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:24 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:24 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@handle={0x73682a85, 0x819b248a9cc68adb}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r2 = dup3(r1, 0xffffffffffffffff, 0x80000) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0x5, &(0x7f0000000240)=0x2, 0x4) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', r4}, 0x10) [ 3385.345714] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.376733] binder: 1682:1685 got transaction with invalid offsets size, 13 [ 3385.380195] binder: 1681:1688 got transaction with out-of-order buffer fixup [ 3385.380230] binder: 1681:1688 transaction failed 29201/-22, size 96-24 line 3467 [ 3385.380405] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.384769] binder: 1680:1684 unknown command 536871488 [ 3385.384777] binder: 1680:1684 ioctl c0306201 20000140 returned -22 [ 3385.389100] binder: 1679:1686 got transaction with invalid offsets size, 13 [ 3385.389125] binder: 1679:1686 transaction failed 29201/-22, size 647-13 line 3338 [ 3385.389257] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.390417] binder: 1679:1690 got transaction with invalid offsets size, 13 [ 3385.390444] binder: 1679:1690 transaction failed 29201/-22, size 647-13 line 3338 [ 3385.399158] binder: 1687:1689 got transaction with invalid handle, 0 [ 3385.399193] binder: 1687:1689 transaction failed 29201/-22, size 88-24 line 3411 [ 3385.404399] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.404425] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.510144] binder: 1682:1685 transaction failed 29201/-22, size 647-13 line 3338 [ 3385.519359] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.525976] binder: 1682:1695 got transaction with invalid offsets size, 13 [ 3385.533116] binder: 1682:1695 transaction failed 29201/-22, size 647-13 line 3338 [ 3385.541202] binder: undelivered TRANSACTION_ERROR: 29201 03:59:24 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) clock_settime(0x7, &(0x7f0000000080)={0x77359400}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$GIO_UNISCRNMAP(r3, 0x4b69, &(0x7f0000000340)=""/4096) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x200000, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f00000016c0)=ANY=[@ANYBLOB="663c043d1634470741f448991fe7160959b3d972ecf0e54892371c6a5cd1bdc59d30c92627da91ea480007e75044f897f8dffe4dc1dd3a9a536da6aeb1803ef4f75ff613e5e18c2a80552f9cd5f0254f28a646f109d31aae6576fc4a0e6e675d3976a1fcf68e95666c5ae73721ff6c806b762fa68daa8f8bb65e695e7fa69a6268c157588df581bc3d849b0cbd280ce43923fe45f6a5e4f1c956cd0bdc8dd5529c2028ca1327b4d7398549d4cec01b48bdc4fd3d9166ef131e4c4506feaeb79ab3d6fbace5c2faa4953f1fdf03571df02dd38b368f2900b849de1e43ae81bc14b8cc3203e29c79a9693f00594dba7620794aecdd6bd74890a3b9954d67c15b801a9a21b5603f11a405c102b4d7e5df74c6d7724a64f98bd47b7d98c9791a5262974d12973c22689fb3e74290dab3474ea6a9df3fd523c4c7097dd7452f9173c32cd5089554180a2757ea9b4c63422f4673f070ea9c134a57cb6f90147feba66ec83aca92f3d76a91c1d73579bcf4fd50bb1c9505c3543701032280eb6a25c6bb2e3d0bdd878bd573915cff48ec9c2ce406619495d8f6cf163a8ce4a4b0961e65feb54c17f8f80c818389deff62", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000000000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:24 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x22, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00c@@\x00'/26, @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:24 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x11) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x3, &(0x7f0000000240)=""/191) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:24 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb9642ca0ad"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:24 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@handle={0x73682a85, 0x819b248a9cc68adb}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r2 = dup3(r1, 0xffffffffffffffff, 0x80000) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0x5, &(0x7f0000000240)=0x2, 0x4) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', r4}, 0x10) 03:59:24 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) fsetxattr$security_ima(r0, &(0x7f0000000280)='sectritima\x00', &(0x7f0000000040)=@ng={0x4, 0x5, "913f7343"}, 0x6, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff}) setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f00000002c0)={0x10001, {{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x88) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r3 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:24 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x22, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00c@@\x00'/26, @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:24 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@handle={0x73682a85, 0x819b248a9cc68adb}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r2 = dup3(r1, 0xffffffffffffffff, 0x80000) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0x5, &(0x7f0000000240)=0x2, 0x4) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', r4}, 0x10) 03:59:24 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="20cfad52c234c9d60000000000000000000000000000000000000000f4000000000000a0ee290085020000000000000d00000000000000adee3ce34ee38a0ec48215b1c8c7c1ed2ade505de132e32938142d9ef59519b93aaa736f7e5316060130ab56d5811717e3c3ddb449e3fcc1cbfb249278897bb5eceee0e655f80ebf7440b176b1aba5634721ba8c62a6aaabb00c5c0fa4564fd8147f1797548533134a9fe8f6217a3e67556ac7a9337095767d9abca4b5", @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="852a7470000000000000002dde7c0d00000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700000000000000000000000000000000000000009afa"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000020008cca22eee6d18059004000000000000000"]], 0x0, 0x0, 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TIOCGRS485(r1, 0x542e, &(0x7f0000000040)) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000000)) sendfile(r0, r2, &(0x7f0000000000), 0x6165) [ 3385.925074] binder: 1710:1714 got transaction with invalid parent offset or type [ 3385.928201] binder: 1709:1717 got transaction with invalid offsets size, 13 03:59:24 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="006340400000000000e4640000dd860000000000000000f90000000000040000000000050000000098ea9416f85de37abba02a534ada5b3ee84bc7225d8039d7def19c9cefb734d29c462bb2490e24fa4c80f0d685a9823dd4bbae75b2270d412d0994e09f8c807a40f008ae8e8244739fcbbef9907bed9ef07754df1fd7bbd9bbd442", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/88], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) [ 3385.928226] binder: 1709:1717 transaction failed 29201/-22, size 647-13 line 3338 03:59:24 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x22, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00c@@\x00'/26, @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:24 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) getresuid(&(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000100)) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0063404000000000000000000000000000000000000000000000000000000000000000007a4a2308646087020000000000000d00", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a7470000000000000000000000000002100000000000000000000000000000000000000000000852a6277000000000000000000000038000000000000000000000000000000000071b9dd47fd458f812dd4fc06ec8eadc16d7af0f887889825393b70cfa3a2f6a7b20b646171f211b655b5b792e05fb7eb8c53da857dc70c70431b351f84b59b725d76a01e153b4e068642f67f2872b885815b637ebbc397bd8549470daf6b837efc42d80e121ed3c4647af860f6b4a2b9f5c64b70046c45decf48"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000"]], 0x0, 0x0, 0x0}) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$IOC_PR_PREEMPT_ABORT(r3, 0x401870cc, &(0x7f0000000340)={0x1, 0x1ff, 0x3, 0x6}) [ 3385.928373] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.930584] binder: 1709:1718 got transaction with invalid offsets size, 13 [ 3385.930608] binder: 1709:1718 transaction failed 29201/-22, size 647-13 line 3338 [ 3385.930855] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.934904] binder: release 1708:1713 transaction 3577 out, still active [ 3385.934908] binder: undelivered TRANSACTION_COMPLETE [ 3385.937478] binder: 1712:1715 got transaction with invalid handle, 0 [ 3385.937510] binder: 1712:1715 transaction failed 29201/-22, size 88-24 line 3411 [ 3385.938713] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.940963] binder: send failed reply for transaction 3577, target dead [ 3385.944619] binder: 1716:1720 got transaction with invalid handle, 0 [ 3385.944656] binder: 1716:1720 transaction failed 29201/-22, size 88-24 line 3411 [ 3385.944942] binder: undelivered TRANSACTION_ERROR: 29201 [ 3385.986213] binder: release 1725:1727 transaction 3588 out, still active [ 3385.986219] binder: undelivered TRANSACTION_COMPLETE [ 3386.000381] binder: 1724:1730 got transaction with invalid handle, 0 [ 3386.000418] binder: 1724:1730 transaction failed 29201/-22, size 88-24 line 3411 [ 3386.001817] binder: undelivered TRANSACTION_ERROR: 29201 [ 3386.002048] binder: 1728:1732 unknown command 1387122464 [ 3386.002056] binder: 1728:1732 ioctl c0306201 20000140 returned -22 [ 3386.002268] binder: 1728:1732 ioctl 542e 20000040 returned -22 [ 3386.005048] binder: 1728:1735 unknown command 1387122464 [ 3386.005054] binder: 1728:1735 ioctl c0306201 20000140 returned -22 [ 3386.005205] binder: 1728:1735 ioctl 542e 20000040 returned -22 [ 3386.009492] binder: send failed reply for transaction 3588, target dead [ 3386.021334] binder_alloc: 1734: binder_alloc_buf size 7619962285194436088 failed, no address space [ 3386.021340] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3386.021358] binder: 1734:1736 transaction failed 29201/-28, size 1627183303943520256-5992778981250915832 line 3284 [ 3386.021496] binder: undelivered TRANSACTION_ERROR: 29201 [ 3386.029149] binder_alloc: 1734: binder_alloc_buf size 7619962285194436088 failed, no address space [ 3386.029158] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3386.029177] binder: 1734:1739 transaction failed 29201/-28, size 1627183303943520256-5992778981250915832 line 3284 [ 3386.029409] binder: undelivered TRANSACTION_ERROR: 29201 [ 3386.047627] binder: release 1738:1744 transaction 3600 out, still active [ 3386.047632] binder: undelivered TRANSACTION_COMPLETE [ 3386.076601] binder: send failed reply for transaction 3600, target dead [ 3386.083807] binder_alloc: 1741: binder_alloc_buf size 185879467378559616 failed, no address space [ 3386.083814] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3386.083832] binder: 1741:1746 transaction failed 29201/-28, size 182220292681321082-3659174697238528 line 3284 [ 3386.084552] binder: undelivered TRANSACTION_ERROR: 29201 [ 3386.343696] binder: 1710:1714 transaction failed 29201/-22, size 96-24 line 3454 [ 3386.352857] binder: undelivered TRANSACTION_ERROR: 29201 03:59:25 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) r4 = getuid() mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000100)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id'}}) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:25 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@handle={0x73682a85, 0x819b248a9cc68adb}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r2 = dup3(r1, 0xffffffffffffffff, 0x80000) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0x5, &(0x7f0000000240)=0x2, 0x4) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 03:59:25 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) socketpair(0x4, 0x2, 0x8, &(0x7f0000000000)={0xffffffffffffffff}) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80114}, 0xc, &(0x7f0000000180)={&(0x7f00000003c0)={0xf4, r3, 0x520, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'netdevsim0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x401}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1f}, @IPVS_DEST_ATTR_TUN_TYPE={0x8}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x200}, @IPVS_CMD_ATTR_DAEMON={0x5c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'hwsim0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x1f}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr="270b84b49d76281d741a312d4b2ef47b"}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x40000004}, 0x80) sendmsg$IPVS_CMD_ZERO(r2, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x3c, r3, 0x0, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x28, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3ff}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2, 0x20}}, @IPVS_SVC_ATTR_PROTOCOL={0x8}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x4004) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:25 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x80000001) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TIOCNOTTY(r3, 0x5422) 03:59:25 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x2f, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:25 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000b"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:25 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="852a74700000000000000000000000000000000000000000000000000000000000852a62770000000000000000852a6877000000000000000000000000000000000000b18e0000000000000054e790198cc828a487121ef8984f1caeae3eadcf320d951f1e63000000000000003c152409c0754fe7e683d4d4585d231a3425b245b9ec0b40b2fd9f818f4706"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a60000000000000028000000000000004000001000000000"]], 0x0, 0x0, 0x0}) 03:59:25 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000b"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:25 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x2f, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) [ 3386.819263] binder: 1757:1761 got transaction with invalid handle, 0 [ 3386.820686] binder: 1760:1764 got transaction with invalid offsets size, 13 [ 3386.820711] binder: 1760:1764 transaction failed 29201/-22, size 647-13 line 3338 03:59:25 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x2f, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00', @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:25 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder={0x77622a85, 0x836fbe09161c2727}, @flat=@weak_handle={0x77682a85, 0x1}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) 03:59:25 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000b"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) [ 3386.821388] binder: undelivered TRANSACTION_ERROR: 29201 [ 3386.838089] binder: 1756:1765 got transaction with out-of-order buffer fixup [ 3386.838126] binder: 1756:1765 transaction failed 29201/-22, size 96-24 line 3467 [ 3386.838538] binder: undelivered TRANSACTION_ERROR: 29201 [ 3386.838963] binder_alloc: 1762: binder_alloc_buf size 9007208918417504 failed, no address space [ 3386.838970] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3386.838986] binder: 1762:1767 transaction failed 29201/-28, size 9007208918417504-0 line 3284 [ 3386.839271] binder: undelivered TRANSACTION_ERROR: 29201 [ 3386.876369] binder: 1770:1774 got transaction with invalid offsets size, 13 [ 3386.876525] binder: 1770:1774 transaction failed 29201/-22, size 647-13 line 3338 [ 3386.876681] binder: undelivered TRANSACTION_ERROR: 29201 [ 3386.878890] binder: 1755:1763 got transaction with invalid offsets size, 13 [ 3386.878916] binder: 1755:1763 transaction failed 29201/-22, size 647-13 line 3338 [ 3386.879183] binder: undelivered TRANSACTION_ERROR: 29201 [ 3386.887743] binder_alloc: 1773: binder_alloc_buf size 9007208918417504 failed, no address space [ 3386.887749] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3386.887768] binder: 1773:1779 transaction failed 29201/-28, size 9007208918417504-0 line 3284 [ 3386.887918] binder: undelivered TRANSACTION_ERROR: 29201 [ 3386.889945] binder: 1772:1781 got transaction with out-of-order buffer fixup [ 3386.889984] binder: 1772:1781 transaction failed 29201/-22, size 96-24 line 3467 [ 3386.890177] binder: undelivered TRANSACTION_ERROR: 29201 [ 3386.918273] binder: 1755:1789 got transaction with invalid offsets size, 13 [ 3386.918504] binder: 1755:1789 transaction failed 29201/-22, size 647-13 line 3338 [ 3386.918796] binder: undelivered TRANSACTION_ERROR: 29201 [ 3386.931431] binder_alloc: 1787: binder_alloc_buf size 9007208918417504 failed, no address space [ 3386.931439] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3386.931458] binder: 1787:1791 transaction failed 29201/-28, size 9007208918417504-0 line 3284 [ 3386.931626] binder: undelivered TRANSACTION_ERROR: 29201 [ 3386.962295] binder: 1790:1795 got transaction with invalid handle, 0 [ 3386.962339] binder: 1790:1795 transaction failed 29201/-22, size 88-24 line 3411 [ 3386.962887] binder: undelivered TRANSACTION_ERROR: 29201 [ 3386.963831] binder: 1793:1794 got transaction with out-of-order buffer fixup [ 3386.963868] binder: 1793:1794 transaction failed 29201/-22, size 96-24 line 3467 [ 3386.964051] binder: undelivered TRANSACTION_ERROR: 29201 [ 3386.968552] binder: 1790:1798 got transaction with invalid handle, 0 [ 3386.968588] binder: 1790:1798 transaction failed 29201/-22, size 88-24 line 3411 [ 3386.968819] binder: undelivered TRANSACTION_ERROR: 29201 [ 3387.215496] binder: 1757:1761 transaction failed 29201/-22, size 88-24 line 3411 [ 3387.225293] binder: undelivered TRANSACTION_ERROR: 29201 03:59:26 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) stat(0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000000000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f690400", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:26 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x36, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:26 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/88], @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="a60000000000000028000000000000004000000000000000d205e9320750f52f853d84ced98ab4d2fa67125547f2d3dd6328f1098393ac29e0f969946c62947567c519e677bf3fbc25aea5d15dfc2bda92bb046114e038a900002e978c1732e1fa7308325297d0b83561592d1b73d1db52fe90dd30087df4317a425a62ed83ce79d289cb688f4b8f7cea0b30d3594f7b7585bbd58bde3cd9c071065af48c4b326ec9d311352e3ae0823784ff211d594d0319ad98aa00"/193]], 0x0, 0x0, 0x0}) 03:59:26 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:26 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binderN(0x0, 0x0, 0x0) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/mls\x00', 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x11) get_robust_list(r4, &(0x7f0000000200)=&(0x7f00000001c0)={&(0x7f00000000c0)={&(0x7f0000000040)}, 0x0, &(0x7f0000000180)={&(0x7f0000000100)}}, &(0x7f0000000280)=0x18) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0, 0x0}) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='bic\x00', 0x4) 03:59:26 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@handle={0x73682a85, 0x819b248a9cc68adb}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r2 = dup3(r1, 0xffffffffffffffff, 0x80000) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0x5, &(0x7f0000000240)=0x2, 0x4) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 03:59:26 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:26 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x287, 0xd, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000180)={0xa6, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) [ 3387.473470] binder: 1807:1808 got transaction with invalid handle, 0 [ 3387.483961] binder: 1807:1808 transaction failed 29201/-22, size 88-24 line 3411 [ 3387.489842] binder: 1809:1815 got transaction with invalid offsets size, 13 03:59:26 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x36, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:26 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f0000000640)=[@release={0x40046306, 0x3}, @transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={@ptr={0x70742a85, 0x1, &(0x7f0000000240)=""/231, 0x0, 0x1, 0x2f}, @ptr={0x70742a85, 0x0, &(0x7f0000000340)=""/214, 0x0, 0x1, 0x26}, @ptr={0x70742a85, 0x1, &(0x7f0000000040)=""/43, 0x0, 0x1, 0x3e}}, &(0x7f00000004c0)}, 0x400}, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={@ptr={0x70742a85, 0x1000, &(0x7f0000000500)=""/113, 0xffffffffffffffeb, 0x1, 0x37}, @fda={0x66646185, 0x6, 0x2, 0xb}, @flat=@handle={0x73682a85, 0x14, 0x1}}, &(0x7f0000000600)}, 0xc00}, @increfs={0x40046304, 0x1}], 0xfffffffffffffddc, 0x0, 0x0}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) 03:59:26 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) [ 3387.489868] binder: 1809:1815 transaction failed 29201/-22, size 647-13 line 3338 [ 3387.490007] binder: undelivered TRANSACTION_ERROR: 29201 03:59:26 executing program 2: bpf$OBJ_GET_MAP(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000280)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a62770000000000000000000000000000000000000000852a687700"/88], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB="a6000000000800002800000000000000406b689e20b9974d"]], 0x0, 0x0, 0x0}) [ 3387.493041] binder: 1810:1812 got transaction with out-of-order buffer fixup [ 3387.493076] binder: 1810:1812 transaction failed 29201/-22, size 96-24 line 3467 [ 3387.493473] binder: undelivered TRANSACTION_ERROR: 29201 [ 3387.513982] binder_alloc: 1806: binder_alloc_buf size 35184409837688 failed, no address space [ 3387.513989] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3387.514014] binder: 1806:1816 transaction failed 29201/-28, size 96-35184409837592 line 3284 [ 3387.514450] binder: 1809:1817 got transaction with invalid offsets size, 13 [ 3387.514478] binder: 1809:1817 transaction failed 29201/-22, size 647-13 line 3338 [ 3387.514750] binder: undelivered TRANSACTION_ERROR: 29201 [ 3387.515349] binder: undelivered TRANSACTION_ERROR: 29201 [ 3387.533141] binder: 1820:1823 got transaction with invalid offsets size, 13 [ 3387.533169] binder: 1820:1823 transaction failed 29201/-22, size 647-13 line 3338 [ 3387.533313] binder: undelivered TRANSACTION_ERROR: 29201 [ 3387.544090] binder: 1822:1825 got transaction with out-of-order buffer fixup [ 3387.544121] binder: 1822:1825 transaction failed 29201/-22, size 96-24 line 3467 [ 3387.544371] binder: undelivered TRANSACTION_ERROR: 29201 [ 3387.558732] binder: 1820:1826 got transaction with invalid offsets size, 13 [ 3387.558757] binder: 1820:1826 transaction failed 29201/-22, size 647-13 line 3338 [ 3387.559035] binder: undelivered TRANSACTION_ERROR: 29201 [ 3387.567998] binder: 1829:1831 Release 1 refcount change on invalid ref 3 ret -22 [ 3387.568066] binder: 1829:1831 ioctl c0306201 20000140 returned -14 [ 3387.569092] binder: BINDER_SET_CONTEXT_MGR already set [ 3387.569101] binder: 1829:1831 ioctl 40046207 0 returned -16 [ 3387.569226] binder: undelivered TRANSACTION_COMPLETE [ 3387.569760] binder: undelivered transaction 3666, process died. [ 3387.577827] binder_alloc: 1830: binder_alloc_buf size 35184409837688 failed, no address space [ 3387.577833] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3387.577850] binder: 1830:1833 transaction failed 29201/-28, size 96-35184409837592 line 3284 [ 3387.578181] binder: undelivered TRANSACTION_ERROR: 29201 [ 3387.579676] binder: 1832:1835 got transaction with out-of-order buffer fixup [ 3387.579714] binder: 1832:1835 transaction failed 29201/-22, size 96-24 line 3467 [ 3387.579906] binder: undelivered TRANSACTION_ERROR: 29201 [ 3387.590115] binder: 1829:1836 Release 1 refcount change on invalid ref 3 ret -22 [ 3387.590172] binder: 1829:1836 ioctl c0306201 20000140 returned -14 [ 3387.590420] binder: undelivered TRANSACTION_COMPLETE [ 3387.602567] binder: undelivered transaction 3674, process died. [ 3387.645455] binder: 1838:1844 got transaction with invalid offsets size, 13 [ 3387.645485] binder: 1838:1844 transaction failed 29201/-22, size 647-13 line 3338 [ 3387.645746] binder: undelivered TRANSACTION_ERROR: 29201 [ 3388.004992] binder: undelivered TRANSACTION_ERROR: 29201 03:59:27 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x0, 0x989680}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000000)) accept4(r5, 0x0, 0x0, 0x80000) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000001440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB="2c726f6f746d6f64653d303030300800000000000030302c7573e5a5a017643d00"/42, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) tkill(r1, 0x1004000000016) tkill(r0, 0x1000000000016) 03:59:27 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x36, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800", @ANYPTR=&(0x7f0000000240)=ANY=[]], 0x0, 0x0, 0x0}) 03:59:27 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0), 0x0, 0x0, 0x0}) 03:59:27 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="852a7470000000000000000000000000000000000000000000000000000000000000000000000000852a627700000000000000000000000000fd001400000000856164660000000bf020b4817327bcb964"], @ANYPTR=&(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00@']], 0x0, 0x0, 0x0}) 03:59:27 executing program 0: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x53, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00634040000000000000000000000000000000000000000000000000000000000000000087020000000000000d00000000000000", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB="852a747000000000145ae65b7ebf94fa000000000000000000000000000000fbffffffffffffff000000000000000000852a627700000000000000a5000000000000000000000000852a687700"/96], @ANYRESOCT=r1], 0x0, 0x0, 0x0}) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6(0xa, 0x80001, 0x0) r7 = socket$inet6(0xa, 0x80e, 0x800000000002576) ioctl(r7, 0x8912, &(0x7f0000001140)="000000000034e026c9ef05cbcd1a8f8a8f8d77934621665e1cdd6d1591691a7e95229381fc6ed1d0cba27e019af0f8c47488389aeb55b07b19c295c605d6f6aba590f507085e29fd58197be111e510e3223a8e130e00fb265fe4b6a8e8ade875b8bde60976257b462f1e533437e2ac9b9ba82f00d4196025075b934e284aab778d287e39313b4314623efd1aca89344e9e2ff0c445c3284bc2a59ab02318c58c4543b9a4e18d0990102b11bfc3c85e887cf43b49cb8eea04ae0710393485b182033500ad49fab5cb4f12a5882836b34e252da44a1561") setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f0000d4b000)=ANY=[@ANYBLOB="0a00000000000000ff010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000005000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff01000000000000000000000000000100"/776], 0x310) setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000018c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff0100000000000000000000fbff00010959158b9ac821b0050000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000004000000000020ffef0000000000000000000000000000cf0000000000000000000000007fb593c60000000000000000000000000000000092dfc8107ac7b075a58b501b8082b9a4dc307674d93199e766e3b9e1736003bc418ff8495f254848398cea23373ca80b77a2748307b62f6703160ac41bb3525155eb439b16cfcd86ee763e82564116b6303b8412d8557873ed89b548be7b94d580d2ab543ed1d62ac1b2691118501e8ed0e9d0dcfd4adad9d8d7e97cd25155f9c423edaebc8978c8fee669d5fb4b452ee3c37a68c9c2cc75b112ed174fb2e04456e0501938bf90900bae315376af11ec7260baa755038546c8857ee44088a19f0ec58f5c51a9a60fc71486a333321cf066211d3f556fceea7ff39b9f5b80725e66ed764692720c631fed7529e67c55a283a88f35368c3f5c023d48163a6d0900996227882fec5a77256fdb07ce69105c8904aff0a359e0eba663e5a5359e2a6c4cda44e30ba5a05e2dcba9d9720fb4348c1760471ec3339810432284372e855953fd52de2f09b18ce328921b62b92077d39025bac6086c73afa1ac31a4ad9cbac6a9672b95acdcc3f45e1201d05906176a83a0103e5a64d13fd5ff3877e28b6d9da915cb6718a4d813f6ffbc210d0db3bc27442e9e7ea3219a57915aaaa2671436905afa17448a388d6ae1324626aa794c137d1a91fbb49a5f577d01ae975dc63ad002587b6565194391e347c2a4a3c140b0a93c426dd3315db57c9bfb8e776047e095cb63684b69e2ef3f9e4fc30c5bc219a2fcd5ce918d1c349892bc66adf842d81179e8601325c136f00d00bd6a9762f6de89ee544a894c0814fba168545dcd86e31d6acddb63650489bfad31004dbb880c65f88b6890a49bcd12dea18b06b99429f80977af6d7410a0fc7b4e51ea1640302ef587ed94925aef4134eca31d1be02569807ddece6cd3633042b8f06fd0994e7a2f2e0e7c59db863a35e06429b4f8b982a08939a0d8ebf2b790125ff845a6e9d143e48d6b80a958125bdfef81c66512ceeeabcaab3b7e86564a08ae1a34909d027cf71a90d92324b572f3f1cc0b864217d3fcf7ab633701e5c90dae4c6fcbe7bb963b5ffd015cdb4b1752866f4de4ccbc23ee162e507b0f777f69a8a510e272e5387eabeefb1116db37f679982675ee5ece99a4163c75872eefb451e455734672db847872dae04a"], 0x1) getsockopt$inet6_IPV6_IPSEC_POLICY(r7, 0x29, 0x22, &(0x7f0000001340)={{{@in=@multicast1, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}}}, &(0x7f0000000140)=0x1b7) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x2000000, &(0x7f0000001440)=ANY=[@ANYBLOB="81443d", @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=r8, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,allow_other,\x00']) mount(&(0x7f0000000280)=ANY=[@ANYRES64=r6, @ANYRESDEC=r8, @ANYRESOCT=r6], 0x0, 0x0, 0x80000, 0x0) r9 = socket$inet_udplite(0x2, 0x2, 0x88) fstat(r9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r10, 0x0) write$P9_RSTATu(r5, &(0x7f0000000340)={0x69, 0x7d, 0x2, {{0x0, 0x47, 0xa09, 0x0, {0x80, 0x0, 0x8}, 0x1000000, 0xfffffffa, 0x2800, 0x8, 0x5, 'TIPC\x00', 0xd, '/dev/binder#\x00', 0x0, '', 0x2, '&#'}, 0xd, '/dev/binder#\x00', r8, r10, 0xee00}}, 0x69) r11 = openat$selinux_mls(0xffffffffffffff9c, 0x0, 0x0, 0x0) r12 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240)='TIPC\x00') sendmsg$TIPC_CMD_GET_REMOTE_MNG(r11, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4400a000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r12, 0x10, 0x70bd27, 0x25dfdbfd, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000010}, 0x1) sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r12, 0x10, 0x70bd26, 0x25dfdbfd, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x20, @media='udp\x00'}}}, ["", "", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x8000}, 0x0) write$P9_RCLUNK(r3, &(0x7f0000000180)={0x7, 0x79, 0x1}, 0x7) 03:59:27 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x44, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@ptr={0x70742a85, 0x0, 0x0}, @flat=@weak_binder, @flat=@handle={0x73682a85, 0x819b248a9cc68adb}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0}) r2 = dup3(r1, 0xffffffffffffffff, 0x80000) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0x5, &(0x7f0000000240)=0x2, 0x4) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) [ 3388.390497] binder: 1860:1863 got transaction with invalid offsets ptr [ 3388.394671] binder_alloc: 1855: binder_alloc_buf size 35184409837688 failed, no address space [ 3388.394678] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 3388.394695] binder: 1855:1867 transaction failed 29201/-28, size 96-35184409837592 line 3284 [ 3388.394836] binder: undelivered TRANSACTION_ERROR: 29201 [ 3388.398985] binder: 1862:1868 got transaction with invalid handle, 0 [ 3388.399023] binder: 1862:1868 transaction failed 29201/-22, size 88-24 line 3411 [ 3388.403183] ------------[ cut here ]------------ [ 3388.403189] kernel BUG at drivers/android/binder_alloc.c:1108! [ 3388.403200] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 3388.403206] Modules linked in: [ 3388.403216] CPU: 0 PID: 1865 Comm: syz-executor.4 Not tainted 4.9.194+ #0 [ 3388.403223] task: 00000000c284c0fc task.stack: 00000000427954dc [ 3388.403242] RIP: 0010:[] [<0000000070d9ef31>] binder_alloc_do_buffer_copy+0xcb/0x500 [ 3388.403246] RSP: 0018:ffff880187f0f4a8 EFLAGS: 00010212 [ 3388.403251] RAX: 0000000000040000 RBX: 0000000020ffc000 RCX: ffffc9000a58a000 [ 3388.403256] RDX: 0000000000000798 RSI: ffffffff8223a8fb RDI: ffff8801a5650958 [ 3388.403262] RBP: ffff880187f0f528 R08: ffff880187f0f5a8 R09: 0000000000000008 [ 3388.403267] R10: ffffed0030fe1f11 R11: ffff880187f0f88f R12: 0000000000000070 [ 3388.403273] R13: 0000000000000380 R14: 0000000000000008 R15: ffff880187f0f5a8 [ 3388.403281] FS: 00007f29b1891700(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000 [ 3388.403287] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3388.403292] CR2: 0000000000400200 CR3: 00000001a6013000 CR4: 00000000001606b0 [ 3388.403299] DR0: 0000000020000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3388.403304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 [ 3388.403305] Stack: [ 3388.403318] ffff880191864268 ffffffff82216590 ffff880191864268 270f1cbab4629421 [ 3388.403328] ffff8801a2e88040 ffff8801aeb14658 00ff880187f0f870 ffff8801aeb14600 [ 3388.403339] ffffffff814fdcb6 ffff8801d3f3b380 0000000000000380 ffff880187f0f5a8 [ 3388.403341] Call Trace: [ 3388.403353] [<00000000aad27390>] ? _binder_inner_proc_unlock+0x30/0x40 [ 3388.403361] [<00000000f6ac989b>] ? memcpy+0x46/0x50 [ 3388.403370] [<00000000094e5eb4>] binder_alloc_copy_from_buffer+0x37/0x42 [ 3388.403381] [<00000000178c31af>] binder_validate_ptr+0xc5/0x1b0 [ 3388.403391] [<000000008fc5a637>] ? binder_get_object+0x1b0/0x1b0 [ 3388.403400] [<00000000094e5eb4>] ? binder_alloc_copy_from_buffer+0x37/0x42 [ 3388.403410] [<000000001b344653>] ? binder_get_object+0x12f/0x1b0 [ 3388.403418] [<000000006230c3ba>] binder_transaction+0x20a4/0x5890 [ 3388.403428] [<000000008b7522c1>] ? binder_inc_ref_for_node+0xba0/0xba0 [ 3388.403437] [<00000000d17a7e3e>] ? perf_trace_lock_acquire+0x530/0x530 [ 3388.403447] [<0000000063ecf5ad>] ? depot_save_stack+0x13c/0x4a0 [ 3388.403456] [<0000000089396e3e>] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 3388.403466] [<00000000ff9d32b5>] ? __might_fault+0x114/0x1d0 [ 3388.403473] [<000000003b55f8fb>] binder_thread_write+0x583/0x20e0 [ 3388.403483] [<00000000713470b9>] ? debug_smp_processor_id+0x1c/0x20 [ 3388.403489] [<000000000db8af37>] ? perf_trace_lock+0x11e/0x540 [ 3388.403497] [<000000008963c1b3>] ? binder_transaction+0x5890/0x5890 [ 3388.403505] [<00000000ff9d32b5>] ? __might_fault+0x114/0x1d0 [ 3388.403512] [<000000002b954967>] binder_ioctl+0xecd/0x1720 [ 3388.403519] [<000000002b8b405a>] ? rtnl_unlock+0xe/0x10 [ 3388.403526] [<0000000087936af5>] ? binder_poll+0x240/0x240 [ 3388.403532] [<00000000ed7cd483>] ? __lock_acquire+0x5e0/0x4390 [ 3388.403540] [<0000000038453f61>] ? check_preemption_disabled+0x3c/0x200 [ 3388.403548] [<000000009cf0f918>] ? __might_sleep+0x95/0x1a0 [ 3388.403555] [<0000000087936af5>] ? binder_poll+0x240/0x240 [ 3388.403563] [<000000008049075b>] do_vfs_ioctl+0xb87/0x11d0 [ 3388.403572] [<00000000030daa14>] ? selinux_file_ioctl+0x103/0x550 [ 3388.403580] [<00000000107760fc>] ? ioctl_preallocate+0x210/0x210 [ 3388.403589] [<000000004e6858f4>] ? selinux_parse_skb.constprop.0+0x16b0/0x16b0 [ 3388.403604] [<00000000a0a9c03a>] ? __fget+0x208/0x370 [ 3388.403615] [<00000000d4f8ccae>] ? __fget+0x22f/0x370 [ 3388.403624] [<00000000b3c81365>] ? __fget+0x47/0x370 [ 3388.403634] [<0000000012dba50c>] ? security_file_ioctl+0x8f/0xc0 [ 3388.403643] [<0000000063241221>] SyS_ioctl+0x8f/0xc0 [ 3388.403650] [<00000000c27bf293>] ? do_vfs_ioctl+0x11d0/0x11d0 [ 3388.403658] [<000000004b0dd3f5>] do_syscall_64+0x1ad/0x5c0 [ 3388.403669] [<0000000035f8f7b5>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 3388.403796] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 0a 04 00 00 4d 8b 64 24 58 49 29 dc e8 0f 7e 0e ff 4d 39 e6 76 07 e8 05 7e 0e ff <0f> 0b e8 fe 7d 0e ff 4c 8b 6d d0 4d 29 f4 4d 39 e5 77 e8 e8 ed [ 3388.403806] RIP [<0000000070d9ef31>] binder_alloc_do_buffer_copy+0xcb/0x500 [ 3388.403808] RSP [ 3388.403876] ---[ end trace 8f6ac2b54db590d4 ]--- [ 3388.403881] Kernel panic - not syncing: Fatal exception [ 3388.404376] Kernel Offset: disabled [ 3388.865843] Rebooting in 86400 seconds..