0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:12 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x300000000000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:13 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 649.506801][T10408] binder: BINDER_SET_CONTEXT_MGR already set 03:27:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x6000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 649.547479][T10408] binder: 10400:10408 ioctl 40046207 0 returned -16 03:27:13 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x400000000000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:13 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x60}], 0x1c3, 0x0) 03:27:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:13 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x7000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:13 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x500000000000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:13 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 649.893166][T10430] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 649.912067][T10436] binder_transaction: 42 callbacks suppressed [ 649.912081][T10436] binder: 10427:10436 got transaction with invalid offset (24, min 24 max 40) or object. [ 649.928478][T10437] binder: 10426:10437 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:13 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x600000000000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 649.939908][T10439] binder: 10434:10439 got transaction with invalid offset (0, min 40 max 40) or object. [ 649.970779][T10442] binder: 10427:10442 got transaction with invalid offset (24, min 24 max 40) or object. [ 649.971237][T10441] binder: BINDER_SET_CONTEXT_MGR already set 03:27:13 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) ftruncate(0xffffffffffffffff, 0x8001) sendfile(r1, 0xffffffffffffffff, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0xa000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 650.119411][T10441] binder: 10427:10441 ioctl 40046207 0 returned -16 [ 650.126381][T10445] binder: 10444:10445 got transaction with invalid offset (0, min 40 max 40) or object. [ 650.167184][T10453] binder: 10444:10453 got transaction with invalid offset (0, min 40 max 40) or object. [ 650.178768][T10452] binder: 10451:10452 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:13 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) ftruncate(0xffffffffffffffff, 0x8001) sendfile(r1, 0xffffffffffffffff, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:13 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x700000000000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 650.224289][ C1] net_ratelimit: 15 callbacks suppressed [ 650.224297][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 650.238162][T10454] binder_alloc: 10427: binder_alloc_buf, no vma [ 650.313241][T10460] binder_fixup_parent: 21 callbacks suppressed [ 650.313251][T10460] binder: 10459:10460 got transaction with invalid parent offset or type [ 650.357053][T10464] binder: 10463:10464 got transaction with invalid offset (0, min 40 max 40) or object. [ 650.381397][T10440] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 650.392153][T10465] binder: 10463:10465 got transaction with invalid offset (0, min 40 max 40) or object. [ 650.438485][T10468] binder: 10459:10468 got transaction with invalid parent offset or type 03:27:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x1c2}], 0x1c3, 0x0) 03:27:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x10000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:14 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) ftruncate(0xffffffffffffffff, 0x8001) sendfile(r1, 0xffffffffffffffff, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:14 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 650.553993][T10475] binder: 10471:10475 got transaction with invalid offset (0, min 40 max 40) or object. [ 650.632958][T10484] binder: 10483:10484 got transaction with invalid parent offset or type [ 650.696701][T10487] binder: 10483:10487 got transaction with invalid parent offset or type 03:27:14 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x20000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:14 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:14 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 650.845377][T10500] binder: 10499:10500 got transaction with invalid parent offset or type 03:27:14 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x4800000000000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x28000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 650.888378][T10504] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 650.898745][T10500] binder: BINDER_SET_CONTEXT_MGR already set 03:27:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x1f4}], 0x1c3, 0x0) 03:27:14 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 650.950726][T10500] binder: 10499:10500 ioctl 40046207 0 returned -16 03:27:14 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x38000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 651.164534][T10528] binder: 10527:10528 got transaction with invalid parent offset or type [ 651.213505][T10532] binder_transaction: 118 callbacks suppressed [ 651.213522][T10532] binder: 10529:10532 transaction failed 29201/-22, size 40-16 line 3242 [ 651.218484][T10528] binder: 10527:10528 transaction failed 29201/-22, size 94-16 line 3389 [ 651.270228][T10508] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 651.285568][T10535] binder: 10527:10535 got transaction with invalid parent offset or type [ 651.305695][T10535] binder: 10527:10535 transaction failed 29201/-22, size 94-16 line 3389 03:27:15 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:15 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x3f000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x3e8}], 0x1c3, 0x0) [ 651.501055][T10544] binder: 10542:10544 transaction failed 29189/-22, size 40-16 line 2995 [ 651.522246][T10548] binder: 10547:10548 transaction failed 29189/-22, size 40-16 line 2995 [ 651.533841][T10549] binder: 10546:10549 got transaction with invalid parent offset or type [ 651.544487][T10550] binder: 10542:10550 transaction failed 29201/-22, size 40-16 line 3242 [ 651.559352][T10552] binder: 10547:10552 transaction failed 29201/-22, size 40-16 line 3242 [ 651.561000][T10549] binder: 10546:10549 transaction failed 29201/-22, size 99-16 line 3389 [ 651.573993][T10554] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x48000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 651.598412][T10555] binder: 10546:10555 got transaction with invalid parent offset or type [ 651.613408][T10555] binder: 10546:10555 transaction failed 29201/-22, size 99-16 line 3389 03:27:15 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = socket(0x2, 0x3, 0x100000001) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 651.684651][ T7851] binder_release_work: 116 callbacks suppressed [ 651.684658][ T7851] binder: undelivered TRANSACTION_ERROR: 29201 [ 651.706366][T10560] binder: 10558:10560 transaction failed 29189/-22, size 40-16 line 2995 [ 651.743171][T10562] binder: 10561:10562 got transaction with invalid parent offset or type [ 651.763716][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 651.774827][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 03:27:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x4c000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 651.800518][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 [ 651.808365][T10562] binder: BINDER_SET_CONTEXT_MGR already set [ 651.825419][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 651.832320][T10562] binder: 10561:10562 ioctl 40046207 0 returned -16 03:27:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x6800000000000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:15 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = socket(0x2, 0x3, 0x100000001) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 651.853749][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 651.864139][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 03:27:15 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f5e0ff, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x60000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 652.012771][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 652.028929][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 03:27:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x6c00000000000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x68000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 652.075589][T10584] binder_alloc: 10583: binder_alloc_buf size 100000016 failed, no address space [ 652.098257][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 652.144444][T10584] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:27:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x700}], 0x1c3, 0x0) 03:27:15 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = socket(0x2, 0x3, 0x100000001) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x7400000000000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 652.230916][T10599] binder_alloc: 10583: binder_alloc_buf size 100000016 failed, no address space [ 652.251886][T10599] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:27:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200005c0, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x6c000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:15 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r1 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r1, 0x8001) sendfile(0xffffffffffffffff, r1, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 652.436511][T10614] binder_alloc: 10612: binder_alloc_buf size 536872400 failed, no address space [ 652.481186][T10614] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 652.538560][T10624] binder_alloc: 10612: binder_alloc_buf size 536872400 failed, no address space [ 652.565859][T10624] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:27:16 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x74000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:16 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:16 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r1 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r1, 0x8001) sendfile(0xffffffffffffffff, r1, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 652.670369][T10632] binder_alloc: 10612: binder_alloc_buf, no vma [ 652.727321][T10637] __nla_parse: 1 callbacks suppressed [ 652.727332][T10637] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 652.793809][T10642] binder_transaction: 4 callbacks suppressed [ 652.793820][T10642] binder: 10641:10642 got transaction with invalid offsets size, 2 03:27:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x900}], 0x1c3, 0x0) 03:27:16 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x2, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x7a000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:16 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r1 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r1, 0x8001) sendfile(0xffffffffffffffff, r1, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 652.896776][T10646] binder: 10641:10646 got transaction with invalid offsets size, 2 03:27:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0xfdfdffff, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:16 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x3, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:16 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:16 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x3, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0xfffffdfd, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:16 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x4, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x100000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 653.210020][T10678] binder: 10674:10678 got transaction with invalid offsets size, 3 [ 653.237350][T10682] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 653.287911][T10686] binder: BINDER_SET_CONTEXT_MGR already set [ 653.304171][T10687] binder: 10674:10687 got transaction with invalid offsets size, 3 [ 653.329714][T10686] binder: 10674:10686 ioctl 40046207 0 returned -16 03:27:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xe00}], 0x1c3, 0x0) 03:27:17 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x5, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:17 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x200000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:17 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:17 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x6, 0x0]}}}], 0x0, 0x0, 0x0}) [ 653.572520][T10701] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 653.610996][T10708] binder: 10700:10708 got transaction with invalid offsets size, 4 03:27:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x300000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:17 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 653.688322][T10718] binder: 10700:10718 got transaction with invalid offsets size, 4 03:27:17 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x7, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x5, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:17 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x0, 0x0}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 653.915816][T10735] binder: 10731:10735 got transaction with invalid offsets size, 5 [ 654.011649][T10740] binder: 10731:10740 got transaction with invalid offsets size, 5 03:27:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x1100}], 0x1c3, 0x0) 03:27:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x400000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:17 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x48, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:17 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:17 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 654.140823][T10750] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 654.154537][T10746] binder: 10744:10746 got transaction with invalid offsets size, 6 03:27:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x500000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:17 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x4c, 0x0]}}}], 0x0, 0x0, 0x0}) [ 654.202056][T10759] binder: 10744:10759 got transaction with invalid offsets size, 6 03:27:17 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x7, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:17 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:17 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x60, 0x0]}}}], 0x0, 0x0, 0x0}) [ 654.384303][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 654.390120][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 654.396008][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 654.402005][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 654.626735][T10757] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x1c00}], 0x1c3, 0x0) 03:27:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x600000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x8, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:18 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x68, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:18 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:18 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:18 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x6c, 0x0]}}}], 0x0, 0x0, 0x0}) [ 654.754928][ T7851] binder: release 10790:10794 transaction 6239 out, still active [ 654.762721][ T7851] binder: unexpected work type, 4, not freed [ 654.773655][T10794] binder: BINDER_SET_CONTEXT_MGR already set 03:27:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x700000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 654.803155][ T7851] binder: undelivered TRANSACTION_COMPLETE [ 654.819898][T10794] binder: 10790:10794 ioctl 40046207 0 returned -16 [ 654.848281][T10798] binder_alloc: 10790: binder_alloc_buf, no vma [ 654.851764][ T7851] binder: send failed reply for transaction 6239, target dead [ 654.856648][T10805] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x9, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:18 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:18 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x74, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0xa00000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 655.058229][T10824] binder_transaction: 40 callbacks suppressed [ 655.058243][T10824] binder: 10823:10824 got transaction with invalid offset (0, min 40 max 40) or object. [ 655.058506][T10826] binder: 10822:10826 got transaction with invalid offset (116, min 0 max 40) or object. 03:27:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x2000}], 0x1c3, 0x0) 03:27:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0xa, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:18 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x1000000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:18 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x7a, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:18 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 655.352332][T10841] binder: 10840:10841 got transaction with invalid offset (0, min 40 max 40) or object. [ 655.371433][T10845] binder: 10844:10845 got transaction with invalid offset (122, min 0 max 40) or object. 03:27:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0xb, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 655.394477][T10846] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 655.404412][T10848] binder: 10840:10848 got transaction with invalid offset (0, min 40 max 40) or object. [ 655.423784][T10849] binder: 10844:10849 got transaction with invalid offset (122, min 0 max 40) or object. 03:27:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x2000000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:19 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:19 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x300, 0x0]}}}], 0x0, 0x0, 0x0}) [ 655.584281][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 655.584312][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 655.590198][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 655.590285][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 655.596133][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 655.601794][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 655.607551][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:27:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x2800000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 655.629396][T10865] binder: 10861:10865 got transaction with invalid offset (768, min 0 max 40) or object. 03:27:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0xc, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 655.713426][T10869] binder: 10868:10869 got transaction with invalid offset (0, min 40 max 40) or object. [ 655.807863][T10874] binder: BINDER_SET_CONTEXT_MGR already set [ 655.847366][T10874] binder: 10872:10874 ioctl 40046207 0 returned -16 03:27:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x3f00}], 0x1c3, 0x0) 03:27:19 executing program 3: setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r0 = socket(0x2, 0x3, 0x100000001) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r1 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r1, 0x8001) sendfile(r0, r1, 0x0, 0x400008bca) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:19 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x500, 0x0]}}}], 0x0, 0x0, 0x0}) [ 655.848039][T10878] binder_alloc: 10872: binder_alloc_buf, no vma 03:27:19 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x3800000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0xd, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:19 executing program 3: setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r0 = socket(0x2, 0x3, 0x100000001) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r1 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r1, 0x8001) sendfile(r0, r1, 0x0, 0x400008bca) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:19 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x600, 0x0]}}}], 0x0, 0x0, 0x0}) [ 656.022367][T10895] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x3f00000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 656.088165][T10900] binder: 10899:10900 got transaction with invalid offset (1536, min 0 max 40) or object. 03:27:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0xe, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 656.134935][T10906] binder: 10899:10906 got transaction with invalid offset (1536, min 0 max 40) or object. [ 656.156564][T10909] binder_alloc: 10893: binder_alloc_buf, no vma 03:27:19 executing program 3: setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r0 = socket(0x2, 0x3, 0x100000001) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r1 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r1, 0x8001) sendfile(r0, r1, 0x0, 0x400008bca) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:19 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x700, 0x0]}}}], 0x0, 0x0, 0x0}) [ 656.220160][T10913] binder_transaction: 115 callbacks suppressed [ 656.220177][T10913] binder: 10911:10913 transaction failed 29201/-22, size 64-14 line 3202 [ 656.322335][T10920] binder: 10919:10920 transaction failed 29201/-22, size 40-16 line 3242 [ 656.400211][T10924] binder: 10919:10924 transaction failed 29189/-22, size 40-16 line 2995 03:27:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x6000}], 0x1c3, 0x0) 03:27:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x4800000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:20 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x11, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:20 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x2000, 0x0]}}}], 0x0, 0x0, 0x0}) [ 656.533966][T10928] binder: 10927:10928 transaction failed 29201/-22, size 64-17 line 3202 [ 656.547225][T10931] binder: 10930:10931 transaction failed 29201/-22, size 40-16 line 3242 [ 656.556386][T10934] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 656.569797][T10938] binder: 10937:10938 transaction failed 29201/-22, size 40-16 line 3242 03:27:20 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 656.585848][T10940] binder: 10927:10940 transaction failed 29201/-22, size 64-17 line 3202 [ 656.592152][T10942] binder: 10937:10942 transaction failed 29201/-22, size 40-16 line 3242 [ 656.616774][T10945] binder: 10930:10945 transaction failed 29201/-22, size 40-16 line 3242 03:27:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x4c00000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x12, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x3f00, 0x0]}}}], 0x0, 0x0, 0x0}) [ 656.753002][T10953] binder: 10949:10953 transaction failed 29201/-22, size 64-18 line 3202 [ 656.763834][ T7860] binder_release_work: 116 callbacks suppressed [ 656.763842][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 03:27:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x6000000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 656.818019][T10953] binder: BINDER_SET_CONTEXT_MGR already set [ 656.853649][T10953] binder: 10949:10953 ioctl 40046207 0 returned -16 [ 656.856374][T10962] binder_alloc: 10949: binder_alloc_buf, no vma [ 656.867498][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 [ 656.881914][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 03:27:20 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 656.912653][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 656.940768][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 656.968881][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 657.000202][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 657.033445][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 03:27:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xc201}], 0x1c3, 0x0) 03:27:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2f, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x6800000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x4800, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:20 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:20 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:20 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 657.221576][T10989] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 657.232950][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 [ 657.246012][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 03:27:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x4c00, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x6c00000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x42, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 657.374105][T11006] binder_alloc: 10982: binder_alloc_buf, no vma 03:27:21 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x7400000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 657.664310][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 657.670309][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 657.674358][ C0] protocol 88fb is buggy, dev hsr_slave_0 03:27:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xe803}], 0x1c3, 0x0) 03:27:21 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x6000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x50, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x7a00000000000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:21 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:21 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0xfdfdffff00000000, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 657.802637][T11034] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 657.830659][T11035] binder: 11029:11035 got transaction with invalid parent offset or type 03:27:21 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x6800, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:21 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 657.922912][T11035] binder: BINDER_SET_CONTEXT_MGR already set [ 657.964981][T11035] binder: 11029:11035 ioctl 40046207 0 returned -16 03:27:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:21 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x6c00, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x5e, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 658.139750][T11065] binder_transaction: 20 callbacks suppressed [ 658.139761][T11065] binder: 11063:11065 got transaction with invalid offsets size, 94 [ 658.214915][T11070] binder: 11063:11070 got transaction with invalid offsets size, 94 03:27:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xf401}], 0x1c3, 0x0) 03:27:21 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:21 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x7400, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:21 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x63, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 658.348759][T11076] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x7a00, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:22 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x3000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 658.419709][T11088] binder: 11087:11088 got transaction with invalid offsets size, 99 [ 658.455591][T11091] binder: 11087:11091 got transaction with invalid offsets size, 99 03:27:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000002, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x223, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x1000000, 0x0]}}}], 0x0, 0x0, 0x0}) [ 658.682349][T11111] binder: 11110:11111 got transaction with invalid offsets size, 547 [ 658.759213][T11119] binder: 11110:11119 got transaction with invalid offsets size, 547 03:27:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x34000}], 0x1c3, 0x0) 03:27:22 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:22 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000003, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x2000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x5f5e0ff, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000004, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 658.916754][T11130] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 658.939351][T11129] binder_alloc: 11124: binder_alloc_buf size 100000064 failed, no address space [ 658.984799][T11129] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:27:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x3000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:22 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 659.032540][T11139] binder_alloc: 11124: binder_alloc_buf size 100000064 failed, no address space [ 659.064732][T11139] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:27:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000005, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x200005d0, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x4000000, 0x0]}}}], 0x0, 0x0, 0x0}) [ 659.280036][T11161] binder_alloc: 11160: binder_alloc_buf size 536872464 failed, no address space [ 659.328578][T11161] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 659.369709][T11165] binder_alloc: 11160: binder_alloc_buf size 536872464 failed, no address space [ 659.408032][T11165] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:27:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x40000}], 0x1c3, 0x0) 03:27:23 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000006, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:23 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x5000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x66642a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000007, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 659.515946][T11172] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 659.544052][T11176] binder: 11175:11176 got transaction with fd, 0, but target does not allow fds 03:27:23 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x6000000, 0x0]}}}], 0x0, 0x0, 0x0}) [ 659.600635][T11185] binder: 11175:11185 got transaction with fd, 0, but target does not allow fds 03:27:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x400000a, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x7000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x66646185}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 659.863535][T11208] binder: 11207:11208 got transaction with invalid parent offset or type [ 659.922833][T11209] binder: 11207:11209 got transaction with invalid parent offset or type 03:27:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x400300}], 0x1c3, 0x0) 03:27:23 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0), 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x20000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000010, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:23 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x70742a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 660.089487][T11223] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 660.105202][T11224] binder_transaction: 28 callbacks suppressed [ 660.105217][T11224] binder: 11220:11224 got transaction with invalid offset (24, min 40 max 64) or object. [ 660.106163][T11229] binder: 11221:11229 got transaction with invalid offset (0, min 40 max 40) or object. [ 660.133795][T11230] binder: 11220:11230 got transaction with invalid offset (24, min 40 max 64) or object. 03:27:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x3f000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:23 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 660.245609][T11237] binder: 11235:11237 got transaction with invalid offset (1056964608, min 0 max 40) or object. 03:27:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000028, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 660.297191][T11241] binder: 11240:11241 got transaction with invalid parent offset or type [ 660.317784][T11242] binder: 11235:11242 got transaction with invalid offset (1056964608, min 0 max 40) or object. 03:27:23 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 660.366135][T11245] binder: 11244:11245 got transaction with invalid offset (0, min 40 max 40) or object. [ 660.380956][T11247] binder: 11240:11247 got transaction with invalid parent offset or type 03:27:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x48000000, 0x0]}}}], 0x0, 0x0, 0x0}) [ 660.438802][T11249] binder: 11244:11249 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x1000000}], 0x1c3, 0x0) 03:27:24 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:24 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000038, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 660.551021][T11256] binder: 11255:11256 got transaction with invalid offset (1207959552, min 0 max 40) or object. [ 660.602408][T11262] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x4c000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:24 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 660.672723][T11272] binder: 11267:11272 got transaction with invalid handle, 0 [ 660.690489][T11273] binder: 11264:11273 got transaction with invalid offset (0, min 40 max 40) or object. [ 660.712718][T11275] binder: 11267:11275 got transaction with invalid handle, 0 03:27:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000048, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:24 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x60000000, 0x0]}}}], 0x0, 0x0, 0x0}) [ 660.901763][T11287] binder: 11286:11287 got transaction with invalid handle, 0 [ 660.909509][T11289] binder: 11285:11289 got transaction with invalid offset (0, min 40 max 40) or object. [ 660.969966][T11290] binder: 11286:11290 got transaction with invalid handle, 0 03:27:24 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x4000000}], 0x1c3, 0x0) 03:27:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x400004c, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:24 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x68000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x2}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 661.107532][T11306] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 661.197546][T11312] binder: 11311:11312 got transaction with invalid parent offset or type 03:27:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x6c000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:24 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 661.241384][T11312] binder_transaction: 114 callbacks suppressed [ 661.241401][T11312] binder: 11311:11312 transaction failed 29201/-22, size 64-16 line 3389 03:27:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000060, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 661.309249][T11312] binder: BINDER_SET_CONTEXT_MGR already set [ 661.347799][T11312] binder: 11311:11312 ioctl 40046207 0 returned -16 [ 661.370689][T11327] binder: 11324:11327 transaction failed 29189/-22, size 40-16 line 2995 [ 661.389054][T11323] binder: 11311:11323 transaction failed 29189/-22, size 64-16 line 2995 03:27:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x3}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:25 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:25 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 661.414472][T11331] binder: 11324:11331 transaction failed 29189/-22, size 40-16 line 2995 [ 661.428027][T11330] binder: 11328:11330 transaction failed 29189/-22, size 40-16 line 2995 [ 661.459544][T11332] binder: 11328:11332 transaction failed 29189/-22, size 40-16 line 2995 03:27:25 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000068, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 661.532457][T11337] binder: 11336:11337 got transaction with invalid parent offset or type [ 661.571259][T11339] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 661.594785][T11337] binder: 11336:11337 transaction failed 29201/-22, size 64-16 line 3389 [ 661.637845][T11337] binder: BINDER_SET_CONTEXT_MGR already set [ 661.643874][T11337] binder: 11336:11337 ioctl 40046207 0 returned -16 [ 661.674488][T11348] binder: 11347:11348 transaction failed 29189/-22, size 40-16 line 2995 [ 661.678415][T11346] binder: 11336:11346 transaction failed 29189/-22, size 64-16 line 2995 [ 661.719086][T11350] binder: 11347:11350 transaction failed 29189/-22, size 40-16 line 2995 03:27:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x7000000}], 0x1c3, 0x0) 03:27:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x74000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:25 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:25 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x400006c, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 661.860763][T11358] binder: 11356:11358 got transaction with invalid parent offset or type [ 661.881919][ T2916] binder_release_work: 115 callbacks suppressed [ 661.881927][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 03:27:25 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 661.909569][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 03:27:25 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 661.931769][T11358] binder: BINDER_SET_CONTEXT_MGR already set [ 661.948364][T11358] binder: 11356:11358 ioctl 40046207 0 returned -16 [ 661.953533][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 661.969344][T11369] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:25 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000074, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x7a000000, 0x0]}}}], 0x0, 0x0, 0x0}) [ 661.984681][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 661.990894][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 662.009641][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 03:27:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x5}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 662.073772][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 662.090103][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 662.113795][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 03:27:25 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:25 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x400007a, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 662.144557][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 662.147437][T11384] binder: 11383:11384 got transaction with invalid parent offset or type [ 662.269845][T11393] binder: 11383:11393 got transaction with invalid parent offset or type 03:27:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x9000000}], 0x1c3, 0x0) 03:27:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0xfdfdffff, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:25 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000300, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:25 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:25 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:26 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000500, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 662.461428][T11405] binder: 11403:11405 got transaction with invalid parent offset or type [ 662.486007][T11411] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:26 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0xfffffdfd, 0x0]}}}], 0x0, 0x0, 0x0}) [ 662.534747][T11405] binder: BINDER_SET_CONTEXT_MGR already set [ 662.574697][T11405] binder: 11403:11405 ioctl 40046207 0 returned -16 [ 662.595375][T11414] binder_alloc: 11403: binder_alloc_buf, no vma 03:27:26 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x100000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 662.704268][ C1] net_ratelimit: 17 callbacks suppressed [ 662.704278][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 662.715766][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 662.721587][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 662.727417][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 662.752461][T11433] binder: 11431:11433 got transaction with invalid parent offset or type [ 662.829323][T11439] binder_alloc: 11431: binder_alloc_buf, no vma [ 662.833212][T11433] binder: BINDER_SET_CONTEXT_MGR already set [ 662.861642][T11433] binder: 11431:11433 ioctl 40046207 0 returned -16 03:27:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xe000000}], 0x1c3, 0x0) 03:27:26 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000600, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x200000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:26 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0xa}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:26 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 663.006043][T11450] binder: 11446:11450 got transaction with invalid parent offset or type [ 663.018576][T11454] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:26 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 663.050456][T11461] binder: 11446:11461 got transaction with invalid parent offset or type 03:27:26 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000700, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:26 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x10}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x300000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:26 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000a00, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 663.248999][T11479] binder: 11474:11479 got transaction with invalid parent offset or type [ 663.311396][T11482] binder: 11474:11482 got transaction with invalid parent offset or type 03:27:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x11000000}], 0x1c3, 0x0) 03:27:27 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x400000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4002000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x28}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:27 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 663.558762][T11501] binder: 11495:11501 got transaction with invalid parent offset or type [ 663.563942][T11496] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:27 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4002800, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x500000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) [ 663.620945][T11504] binder: 11495:11504 got transaction with invalid parent offset or type 03:27:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x38}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x600000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:27 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 663.803419][T11521] binder: 11520:11521 got transaction with invalid parent offset or type [ 663.865014][T11521] binder: BINDER_SET_CONTEXT_MGR already set [ 663.892726][T11521] binder: 11520:11521 ioctl 40046207 0 returned -16 [ 663.904286][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 663.904296][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 663.904352][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 663.910132][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 663.915957][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 663.921662][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 663.948037][T11526] binder: 11520:11526 got transaction with invalid parent offset or type 03:27:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x1c000000}], 0x1c3, 0x0) 03:27:27 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4003800, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x700000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:27 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x48}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 664.160756][T11543] binder: 11542:11543 got transaction with invalid parent offset or type [ 664.171828][T11545] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x2000000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) [ 664.212817][T11552] binder: 11542:11552 got transaction with invalid parent offset or type 03:27:27 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x0, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4003f00, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4c}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4004800, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x3f00000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x20000000}], 0x1c3, 0x0) 03:27:28 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x0, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x50}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x4800000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:28 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4004c00, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 664.737535][T11589] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 664.748127][T11595] binder_alloc: 11590: binder_alloc_buf failed to map pages in userspace, no vma 03:27:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4006000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x60}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 664.785097][T11596] binder_alloc: 11590: binder_alloc_buf failed to map pages in userspace, no vma 03:27:28 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x0, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x4c00000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4006800, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x68}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:28 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x0, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x6000000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:28 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4006c00, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6c}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x3f000000}], 0x1c3, 0x0) [ 665.318373][T11640] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4007400, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x6800000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) [ 665.362063][T11643] binder: BINDER_SET_CONTEXT_MGR already set [ 665.394899][T11643] binder: 11642:11643 ioctl 40046207 0 returned -16 [ 665.439115][T11658] binder_transaction: 31 callbacks suppressed [ 665.439129][T11658] binder: 11657:11658 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:29 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x0, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x74}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 665.481929][T11661] binder: 11660:11661 got transaction with invalid offset (7493989779944505344, min 0 max 40) or object. [ 665.510358][T11662] binder: 11660:11662 got transaction with invalid offset (7493989779944505344, min 0 max 40) or object. 03:27:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4007a00, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x6c00000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:29 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x0, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7a}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 665.712349][T11676] binder: 11675:11676 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:29 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x7400000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x5000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 665.864981][T11698] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x60000000}], 0x1c3, 0x0) 03:27:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x300}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:29 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x6000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x7a00000000000000, 0x0]}}}], 0x0, 0x0, 0x0}) [ 666.059677][T11717] binder_alloc: 11711: binder_alloc_buf, no vma 03:27:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x500}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0xfdfdffff00000000, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:29 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 666.268898][T11735] binder_transaction: 116 callbacks suppressed [ 666.268931][T11735] binder: 11731:11735 transaction failed 29189/-22, size 40-16 line 2995 [ 666.291748][T11737] binder: 11734:11737 transaction failed 29201/-22, size 64-16 line 3389 [ 666.295023][T11736] binder: 11732:11736 got transaction with invalid offset (-144678142324244480, min 0 max 40) or object. [ 666.333512][T11742] binder: 11734:11742 transaction failed 29201/-22, size 64-16 line 3389 [ 666.346963][T11736] binder: 11732:11736 transaction failed 29201/-22, size 40-16 line 3242 [ 666.378157][T11745] binder: 11731:11745 got transaction with invalid offset (0, min 40 max 40) or object. [ 666.389402][T11746] binder: 11732:11746 got transaction with invalid offset (-144678142324244480, min 0 max 40) or object. [ 666.408908][T11746] binder: 11732:11746 transaction failed 29201/-22, size 40-16 line 3242 03:27:29 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x600}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 666.423234][T11745] binder: 11731:11745 transaction failed 29201/-22, size 40-16 line 3242 03:27:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xc2010000}], 0x1c3, 0x0) 03:27:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x2]}}}], 0x0, 0x0, 0x0}) 03:27:30 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x12000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 666.507042][T11753] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 666.540255][T11755] binder: 11754:11755 transaction failed 29201/-22, size 64-16 line 3389 [ 666.563986][T11760] binder: 11757:11760 got transaction with invalid offset (2, min 40 max 40) or object. [ 666.584498][T11762] binder: 11754:11762 transaction failed 29201/-22, size 64-16 line 3389 [ 666.597007][T11760] binder: 11757:11760 transaction failed 29201/-22, size 40-16 line 3242 [ 666.617769][T11764] binder: 11763:11764 got transaction with invalid offset (0, min 40 max 40) or object. [ 666.644070][T11768] binder: 11757:11768 got transaction with invalid offset (2, min 40 max 40) or object. 03:27:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x700}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 666.669241][T11764] binder: 11763:11764 transaction failed 29201/-22, size 40-16 line 3242 03:27:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x43000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:30 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x3]}}}], 0x0, 0x0, 0x0}) 03:27:30 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 666.848421][T11778] binder: BINDER_SET_CONTEXT_MGR already set 03:27:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x5c000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 666.900334][T11785] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 666.906814][ T7851] binder_release_work: 119 callbacks suppressed [ 666.906821][ T7851] binder: undelivered TRANSACTION_ERROR: 29201 [ 666.924859][T11787] binder_alloc: 11774: binder_alloc_buf, no vma [ 666.936377][T11778] binder: 11774:11778 ioctl 40046207 0 returned -16 03:27:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0xa00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 666.960016][T11792] binder_alloc: 11774: binder_alloc_buf, no vma [ 666.963191][ T7851] binder: undelivered TRANSACTION_ERROR: 29189 [ 666.979448][T11794] binder_alloc: 11774: binder_alloc_buf, no vma [ 666.986760][ T7851] binder: undelivered TRANSACTION_ERROR: 29189 [ 666.992977][ T7851] binder: undelivered TRANSACTION_ERROR: 29201 [ 666.997511][T11795] binder_alloc: 11774: binder_alloc_buf, no vma [ 667.043549][ T7851] binder: undelivered TRANSACTION_ERROR: 29189 [ 667.068220][ T7851] binder: undelivered TRANSACTION_ERROR: 29189 [ 667.080573][ T7851] binder: undelivered TRANSACTION_ERROR: 29201 03:27:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x4]}}}], 0x0, 0x0, 0x0}) [ 667.089464][T11798] binder: BINDER_SET_CONTEXT_MGR already set [ 667.107418][T11798] binder: 11797:11798 ioctl 40046207 0 returned -16 [ 667.160161][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 [ 667.192032][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 [ 667.218554][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 03:27:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xe8030000}], 0x1c3, 0x0) 03:27:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x6b000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:30 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:30 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x2000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x5]}}}], 0x0, 0x0, 0x0}) [ 667.361372][T11816] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x2800}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x2, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x6]}}}], 0x0, 0x0, 0x0}) 03:27:31 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x3, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x7]}}}], 0x0, 0x0, 0x0}) 03:27:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xeffdffff}], 0x1c3, 0x0) 03:27:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x3800}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x4, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 667.851084][T11824] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:31 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:31 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, 0x0, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x48]}}}], 0x0, 0x0, 0x0}) 03:27:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x5, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 668.064278][ C1] net_ratelimit: 6 callbacks suppressed [ 668.064286][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 668.064308][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 668.069959][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 668.075745][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 668.081641][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 668.087363][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 668.093209][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:27:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x6, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 668.161831][T11877] binder_fixup_parent: 26 callbacks suppressed [ 668.161842][T11877] binder: 11876:11877 got transaction with invalid parent offset or type [ 668.169928][T11879] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:31 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, 0x0, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x4c]}}}], 0x0, 0x0, 0x0}) [ 668.229765][T11882] binder_alloc: 11876: binder_alloc_buf, no vma [ 668.236548][T11877] binder: BINDER_SET_CONTEXT_MGR already set 03:27:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xf4010000}], 0x1c3, 0x0) [ 668.304439][T11877] binder: 11876:11877 ioctl 40046207 0 returned -16 [ 668.316849][T11890] binder_alloc: 11876: binder_alloc_buf, no vma 03:27:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x7, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x60]}}}], 0x0, 0x0, 0x0}) 03:27:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4800}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 668.470641][T11903] binder: 11902:11903 got transaction with invalid parent offset or type [ 668.513756][T11909] binder: 11902:11909 got transaction with invalid parent offset or type 03:27:32 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:32 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, 0x0, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x68]}}}], 0x0, 0x0, 0x0}) 03:27:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0xa, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4c00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x10, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 668.705877][T11919] binder: 11918:11919 got transaction with invalid parent offset or type [ 668.725565][T11925] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 668.738736][T11926] binder: 11918:11926 got transaction with invalid parent offset or type 03:27:32 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x5000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 668.908076][T11939] binder: 11938:11939 got transaction with invalid parent offset or type [ 668.940848][T11940] binder: 11938:11940 got transaction with invalid parent offset or type 03:27:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xffff0000}], 0x1c3, 0x0) 03:27:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x6c]}}}], 0x0, 0x0, 0x0}) 03:27:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x28, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:32 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:32 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x74]}}}], 0x0, 0x0, 0x0}) 03:27:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x38, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:32 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 669.240782][T11962] binder: 11961:11962 got transaction with invalid parent offset or type [ 669.253396][T11965] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x48, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x7a]}}}], 0x0, 0x0, 0x0}) [ 669.315324][T11974] binder: 11961:11974 got transaction with invalid parent offset or type 03:27:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x4c, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x1c3, 0x0) 03:27:33 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, 0x0, 0x0) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x300]}}}], 0x0, 0x0, 0x0}) 03:27:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x60, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6800}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:33 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 669.727222][T11996] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 669.737646][T12003] binder: 11994:12003 got transaction with invalid parent offset or type 03:27:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x500]}}}], 0x0, 0x0, 0x0}) 03:27:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x68, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6c00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:33 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, 0x0, 0x0) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x600]}}}], 0x0, 0x0, 0x0}) 03:27:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x6c, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 670.144294][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 670.144299][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 670.144346][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:27:33 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, 0x0, 0x0) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7400}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:33 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x74, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xffffff7f}], 0x1c3, 0x0) 03:27:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x700]}}}], 0x0, 0x0, 0x0}) [ 670.313442][T12047] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x2000]}}}], 0x0, 0x0, 0x0}) 03:27:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x7a, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:33 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(0x0, 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7a00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x1000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:34 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x300, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x3f00]}}}], 0x0, 0x0, 0x0}) 03:27:34 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(0x0, 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 670.686985][T12080] binder_transaction: 29 callbacks suppressed [ 670.686999][T12080] binder: 12079:12080 got transaction with invalid offset (0, min 40 max 40) or object. [ 670.738917][T12084] binder: 12083:12084 got transaction with invalid offset (16128, min 40 max 40) or object. 03:27:34 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x2000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x4800]}}}], 0x0, 0x0, 0x0}) 03:27:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x4000000000000}], 0x1c3, 0x0) 03:27:34 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(0x0, 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:34 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x500, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 670.915074][T12103] binder: 12102:12103 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x4c00]}}}], 0x0, 0x0, 0x0}) 03:27:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x3000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 670.957437][T12108] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:34 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x600, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 671.050448][T12116] binder: 12115:12116 got transaction with invalid offset (19456, min 40 max 40) or object. 03:27:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:34 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x0, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x6000]}}}], 0x0, 0x0, 0x0}) 03:27:34 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:34 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x700, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x5000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 671.323506][T12131] binder: 12130:12131 got transaction with invalid offset (24576, min 40 max 40) or object. [ 671.383010][T12137] binder_transaction: 122 callbacks suppressed [ 671.383026][T12137] binder: 12136:12137 transaction failed 29189/-22, size 40-16 line 2995 [ 671.420959][T12142] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 671.426864][T12131] binder: 12130:12131 transaction failed 29201/-22, size 40-16 line 3242 [ 671.436368][T12143] binder: 12136:12143 transaction failed 29189/-22, size 40-16 line 2995 03:27:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x40030000000000}], 0x1c3, 0x0) 03:27:35 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x0, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:35 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0xa00, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 671.479311][T12147] binder: 12130:12147 transaction failed 29189/-22, size 40-16 line 2995 [ 671.508649][T12146] binder: 12145:12146 transaction failed 29201/-22, size 64-16 line 3389 03:27:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x6800]}}}], 0x0, 0x0, 0x0}) [ 671.591439][T12154] binder_alloc: 12145: binder_alloc_buf, no vma [ 671.613883][T12154] binder: 12145:12154 transaction failed 29189/-3, size 64-16 line 3148 03:27:35 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x0, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 671.646246][T12159] binder: 12158:12159 got transaction with invalid offset (26624, min 40 max 40) or object. [ 671.672407][T12160] binder: 12155:12160 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 671.726747][T12159] binder: 12158:12159 transaction failed 29201/-22, size 40-16 line 3242 [ 671.755779][T12160] binder: 12155:12160 transaction failed 29201/-22, size 40-16 line 3242 03:27:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 671.787598][T12165] binder: 12158:12165 transaction failed 29189/-22, size 40-16 line 2995 [ 671.820304][T12167] binder: 12166:12167 transaction failed 29201/-22, size 64-16 line 3389 03:27:35 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 671.898087][T12173] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x6c00]}}}], 0x0, 0x0, 0x0}) 03:27:35 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(0xffffffffffffffff, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 671.943344][ T7854] binder_release_work: 120 callbacks suppressed [ 671.943352][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 671.978329][T12175] binder: BINDER_SET_CONTEXT_MGR already set 03:27:35 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x2000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 672.003385][T12175] binder: 12174:12175 ioctl 40046207 0 returned -16 [ 672.043405][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 [ 672.069467][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 672.093683][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 03:27:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0xa000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 672.121718][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 672.146249][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 03:27:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x100000000000000}], 0x1c3, 0x0) 03:27:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x7400]}}}], 0x0, 0x0, 0x0}) 03:27:35 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x2800, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:35 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(0xffffffffffffffff, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x7a00]}}}], 0x0, 0x0, 0x0}) [ 672.260720][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 [ 672.285488][T12201] binder: 12199:12201 got transaction with invalid offset (0, min 40 max 40) or object. [ 672.303526][T12204] binder: BINDER_SET_CONTEXT_MGR already set [ 672.324998][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 672.332657][T12204] binder: 12194:12204 ioctl 40046207 0 returned -16 [ 672.347801][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 03:27:35 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(0xffffffffffffffff, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 672.372357][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 03:27:35 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x10000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:36 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x3800, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x1000000]}}}], 0x0, 0x0, 0x0}) 03:27:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x2000000]}}}], 0x0, 0x0, 0x0}) 03:27:36 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x0) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 672.547882][T12226] binder: 12223:12226 got transaction with invalid offset (0, min 40 max 40) or object. [ 672.563939][T12228] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 672.655584][T12235] binder: 12223:12235 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x400000000000000}], 0x1c3, 0x0) 03:27:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x20000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x3000000]}}}], 0x0, 0x0, 0x0}) 03:27:36 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x3f00, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:36 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x0) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x4000000]}}}], 0x0, 0x0, 0x0}) 03:27:36 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x28000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:36 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x4800, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:36 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x0) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x5000000]}}}], 0x0, 0x0, 0x0}) [ 673.104282][ C1] net_ratelimit: 9 callbacks suppressed [ 673.104291][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 673.115778][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 673.121649][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 673.127675][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 673.134176][T12272] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:36 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x4c00, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x700000000000000}], 0x1c3, 0x0) 03:27:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x38000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x6000000]}}}], 0x0, 0x0, 0x0}) 03:27:36 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x6000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 673.383085][T12297] binder_fixup_parent: 24 callbacks suppressed [ 673.383109][T12297] binder: 12296:12297 got transaction with invalid parent offset or type 03:27:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x7000000]}}}], 0x0, 0x0, 0x0}) 03:27:37 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(0xffffffffffffffff, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:37 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x6800, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x40000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 673.511797][T12301] binder: 12296:12301 got transaction with invalid parent offset or type 03:27:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x20000000]}}}], 0x0, 0x0, 0x0}) 03:27:37 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(0xffffffffffffffff, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 673.619676][T12314] binder: 12313:12314 got transaction with invalid parent offset or type [ 673.647861][T12319] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x6c00, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 673.714670][T12325] binder: 12313:12325 got transaction with invalid parent offset or type 03:27:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x900000000000000}], 0x1c3, 0x0) 03:27:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x3f000000]}}}], 0x0, 0x0, 0x0}) 03:27:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x7400, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x48000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:37 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(0xffffffffffffffff, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 673.961924][T12324] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x48000000]}}}], 0x0, 0x0, 0x0}) [ 674.032046][T12346] binder: 12344:12346 got transaction with invalid parent offset or type [ 674.070605][T12349] binder: 12344:12349 got transaction with invalid parent offset or type 03:27:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x7a00, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:37 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, 0xffffffffffffffff, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:37 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x4c000000]}}}], 0x0, 0x0, 0x0}) 03:27:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4c000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x1000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 674.258740][T12367] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 674.304277][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 674.304284][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 674.304325][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 674.310079][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 674.310184][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 674.315945][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 674.357956][T12373] binder: 12372:12373 got transaction with invalid parent offset or type [ 674.403173][T12376] binder: 12372:12376 got transaction with invalid parent offset or type 03:27:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xe00000000000000}], 0x1c3, 0x0) 03:27:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x60000000]}}}], 0x0, 0x0, 0x0}) 03:27:38 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, 0xffffffffffffffff, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x50000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x2000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 674.586349][T12387] binder: 12386:12387 got transaction with invalid parent offset or type 03:27:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x68000000]}}}], 0x0, 0x0, 0x0}) 03:27:38 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, 0xffffffffffffffff, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x3000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 674.651922][T12397] binder: 12386:12397 got transaction with invalid parent offset or type 03:27:38 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x60000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x6c000000]}}}], 0x0, 0x0, 0x0}) 03:27:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x4000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 674.850862][T12415] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x1100000000000000}], 0x1c3, 0x0) 03:27:38 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x68000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x74000000]}}}], 0x0, 0x0, 0x0}) 03:27:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x5000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x7a000000]}}}], 0x0, 0x0, 0x0}) [ 675.131883][T12441] binder: BINDER_SET_CONTEXT_MGR already set [ 675.158580][T12441] binder: 12440:12441 ioctl 40046207 0 returned -16 03:27:38 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x2, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x6000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:38 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6c000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0xfdfdffff]}}}], 0x0, 0x0, 0x0}) [ 675.280064][T12452] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x7000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x1c00000000000000}], 0x1c3, 0x0) 03:27:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0xfffffdfd]}}}], 0x0, 0x0, 0x0}) 03:27:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x74000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:39 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0xa000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:39 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:39 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x3, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x100000000000000]}}}], 0x0, 0x0, 0x0}) 03:27:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7a000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 675.726238][T12489] binder_transaction: 35 callbacks suppressed [ 675.726253][T12489] binder: 12486:12489 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:39 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x200000000000000]}}}], 0x0, 0x0, 0x0}) [ 675.820232][T12498] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 675.841055][T12501] binder: 12486:12501 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:39 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x10000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0xfdfdffff}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 675.993162][T12510] binder: 12509:12510 got transaction with invalid offset (0, min 40 max 40) or object. [ 676.068368][T12515] binder: 12509:12515 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:39 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x2000000000000000}], 0x1c3, 0x0) 03:27:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x300000000000000]}}}], 0x0, 0x0, 0x0}) 03:27:39 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) 03:27:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0xfffffdfd}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:39 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x20000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:39 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x4, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:39 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x28000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x100000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:39 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 676.315259][T12535] binder: 12534:12535 got transaction with invalid offset (216172782113783808, min 40 max 40) or object. [ 676.329498][T12538] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 676.388290][T12542] binder_transaction: 124 callbacks suppressed [ 676.388308][T12542] binder: 12534:12542 transaction failed 29189/-22, size 40-16 line 2995 [ 676.416824][T12548] binder: 12546:12548 transaction failed 29189/-22, size 40-16 line 2995 03:27:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x400000000000000]}}}], 0x0, 0x0, 0x0}) [ 676.433374][T12545] binder: 12543:12545 transaction failed 29201/-22, size 64-16 line 3389 [ 676.470874][T12551] binder: 12546:12551 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:40 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, 0x0, 0x0) [ 676.514817][T12552] binder: 12543:12552 transaction failed 29201/-22, size 64-16 line 3389 [ 676.540359][T12551] binder: 12546:12551 transaction failed 29201/-22, size 40-16 line 3242 03:27:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x200000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 676.584507][T12558] binder: 12556:12558 got transaction with invalid offset (288230376151711744, min 40 max 40) or object. [ 676.663526][T12562] binder: 12561:12562 transaction failed 29201/-22, size 64-16 line 3389 [ 676.664763][T12558] binder: 12556:12558 transaction failed 29201/-22, size 40-16 line 3242 [ 676.730233][T12564] binder: 12561:12564 transaction failed 29201/-22, size 64-16 line 3389 [ 676.742208][T12565] binder: 12556:12565 got transaction with invalid offset (288230376151711744, min 40 max 40) or object. [ 676.805096][T12565] binder: 12556:12565 transaction failed 29201/-22, size 40-16 line 3242 03:27:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x3f00000000000000}], 0x1c3, 0x0) 03:27:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x500000000000000]}}}], 0x0, 0x0, 0x0}) 03:27:40 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, 0x0, 0x0) 03:27:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x38000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:40 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x5, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x300000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 676.911087][T12574] binder: 12573:12574 transaction failed 29201/-22, size 64-16 line 3389 [ 676.920784][T12572] binder: 12571:12572 got transaction with invalid offset (0, min 40 max 40) or object. [ 676.931248][T12578] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 676.939333][T12580] binder: 12579:12580 got transaction with invalid offset (360287970189639680, min 40 max 40) or object. [ 676.966192][ T7854] binder_release_work: 122 callbacks suppressed [ 676.966200][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 676.981812][T12585] binder_alloc: 12573: binder_alloc_buf, no vma [ 676.988354][T12574] binder: BINDER_SET_CONTEXT_MGR already set [ 677.007913][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 03:27:40 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, 0x0, 0x0) 03:27:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x600000000000000]}}}], 0x0, 0x0, 0x0}) [ 677.016156][T12574] binder: 12573:12574 ioctl 40046207 0 returned -16 [ 677.027520][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 [ 677.047752][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 03:27:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x3f000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 677.078326][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 677.108824][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 03:27:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x400000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 677.132769][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 [ 677.150634][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 03:27:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x700000000000000]}}}], 0x0, 0x0, 0x0}) 03:27:40 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32], 0x4) [ 677.196599][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 [ 677.230776][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 677.430199][T12578] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x6000000000000000}], 0x1c3, 0x0) 03:27:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x48000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x500000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x2000000000000000]}}}], 0x0, 0x0, 0x0}) 03:27:41 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32], 0x4) 03:27:41 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x600000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x3f00000000000000]}}}], 0x0, 0x0, 0x0}) [ 677.595216][T12622] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 677.618902][T12623] binder_alloc: 12616: binder_alloc_buf failed to map pages in userspace, no vma 03:27:41 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32], 0x4) 03:27:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x4c000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x4800000000000000]}}}], 0x0, 0x0, 0x0}) 03:27:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x700000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xc201000000000000}], 0x1c3, 0x0) 03:27:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x60000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:41 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES16=0x0], 0x2) 03:27:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x4c00000000000000]}}}], 0x0, 0x0, 0x0}) 03:27:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0xa00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:41 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x7, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x6000000000000000]}}}], 0x0, 0x0, 0x0}) 03:27:41 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES16=0x0], 0x2) [ 678.165622][T12671] binder: BINDER_SET_CONTEXT_MGR already set [ 678.188279][T12671] binder: 12664:12671 ioctl 40046207 0 returned -16 03:27:41 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x68000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x6800000000000000]}}}], 0x0, 0x0, 0x0}) 03:27:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x1000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:41 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES16=0x0], 0x2) [ 678.464302][ C0] net_ratelimit: 10 callbacks suppressed [ 678.464309][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 678.464341][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 678.470024][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 678.475862][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 678.481554][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 678.487271][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 678.492969][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 678.528063][T12696] binder_fixup_parent: 28 callbacks suppressed [ 678.528074][T12696] binder: 12693:12696 got transaction with invalid parent offset or type [ 678.587341][T12696] binder: BINDER_SET_CONTEXT_MGR already set [ 678.602934][T12696] binder: 12693:12696 ioctl 40046207 0 returned -16 03:27:42 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x6c00000000000000]}}}], 0x0, 0x0, 0x0}) 03:27:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x6c000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:42 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xa, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:42 executing program 3: unshare(0x8000400) mq_open(&(0x7f0000000040)='.selinux\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0) getpeername$inet(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) pselect6(0x40, &(0x7f0000000100)={0xb}, 0x0, 0x0, 0x0, 0x0) 03:27:42 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xe803000000000000}], 0x1c3, 0x0) 03:27:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x2000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 678.779659][T12709] __nla_parse: 1 callbacks suppressed [ 678.779672][T12709] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 678.781810][T12713] binder: 12712:12713 got transaction with invalid parent offset or type 03:27:42 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x7400000000000000]}}}], 0x0, 0x0, 0x0}) 03:27:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x74000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:42 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) setxattr$security_smack_transmute(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000200)='TRUE', 0x4, 0x0) dup2(r0, 0xffffffffffffffff) ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, 0x0) perf_event_open(&(0x7f0000000240)={0x6, 0x70, 0x5, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x3, 0xfffffffffffffff7, 0x3, 0x7, 0x0, 0x3, 0x7, 0x40, 0x0, 0x10000, 0x0, 0x3ff, 0x68f1, 0xfffffffffffffeff, 0xff, 0x9, 0xff, 0x3, 0x39, 0x0, 0x0, 0x3, 0x1, 0x10000, 0x0, 0x4aa, 0x10, 0x0, 0x0, 0xffff, 0x0, @perf_bp={0x0}, 0x41, 0xff, 0x0, 0x0, 0x0, 0x79}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x8) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x28) bind$alg(r0, &(0x7f0000002640)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(cfb(twofish),rmd128-generic)\x00'}, 0x58) ioctl$sock_bt_cmtp_CMTPCONNDEL(r1, 0x400443c9, &(0x7f0000000040)={{0x7, 0x0, 0xff7aec2c0000, 0x101, 0x4, 0x6}}) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001400)="b7d9288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r2 = accept$alg(r0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RREADLINK(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCSISO7816(r1, 0xc0285443, &(0x7f0000000000)={0x7, 0xe588, 0xffffffffffff5009, 0xd2, 0x3c2}) sendmsg$alg(r2, &(0x7f00000013c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r2, &(0x7f0000008cc0)=[{{0x0, 0xfffffffffffffe06, &(0x7f0000003a40)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1, 0x0, 0x5c}}], 0x1, 0x0, 0x0) [ 678.873131][T12725] binder: 12712:12725 got transaction with invalid parent offset or type 03:27:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x7a000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:42 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x7a00000000000000]}}}], 0x0, 0x0, 0x0}) 03:27:42 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x2800000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 679.024510][T12739] QAT: Invalid ioctl [ 679.030449][T12739] QAT: Invalid ioctl 03:27:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0xfdfdffff, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:42 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0xfdfdffff00000000]}}}], 0x0, 0x0, 0x0}) [ 679.150560][T12751] binder: 12746:12751 got transaction with invalid parent offset or type [ 679.188884][T12755] binder: 12746:12755 got transaction with invalid parent offset or type 03:27:42 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xe, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:42 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0xfffffdfd, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 679.312968][T12735] QAT: Invalid ioctl [ 679.320685][T12735] QAT: Invalid ioctl [ 679.344287][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 679.350102][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 679.356016][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 679.396362][T12773] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xeffdffff00000000}], 0x1c3, 0x0) 03:27:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x2}}], 0x0, 0x0, 0x0}) 03:27:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x3800000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:43 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000300)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[]}}, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fde000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(0xffffffffffffffff, 0x28, 0x2, &(0x7f0000000140)=0xff, 0x8) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000000c0)) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000280)=0x3001) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:27:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x100000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:43 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xf, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x200000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 679.611325][T12790] binder: 12787:12790 got transaction with invalid parent offset or type [ 679.637898][T12793] binder: 12787:12793 got transaction with invalid parent offset or type 03:27:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x3}}], 0x0, 0x0, 0x0}) [ 679.745053][T12800] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 679.784464][T12806] binder: 12805:12806 got transaction with invalid parent offset or type 03:27:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x300000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 679.786662][T12808] binder: 12807:12808 got transaction with unaligned buffers size, 3 [ 679.840971][T12806] binder: BINDER_SET_CONTEXT_MGR already set [ 679.866960][T12806] binder: 12805:12806 ioctl 40046207 0 returned -16 03:27:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x4}}], 0x0, 0x0, 0x0}) 03:27:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4800000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 680.051945][T12824] binder: 12823:12824 got transaction with invalid parent offset or type [ 680.105999][T12826] binder: 12823:12826 got transaction with invalid parent offset or type 03:27:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xf401000000000000}], 0x1c3, 0x0) 03:27:43 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x400000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x5}}], 0x0, 0x0, 0x0}) 03:27:44 executing program 3: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x0, 0x0) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000080)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x1, 0x5, 0x6d, 0x2, 0x0, 0x0}, 0x2c) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000400)={r2, 0x0}, 0x10) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x80000, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@allocspi={0x104, 0x16, 0x317, 0x0, 0x0, {{{@in6=@loopback, @in=@multicast2}, {@in6=@local, 0x0, 0x32}, @in6=@remote}, 0x0, 0x8}, [@mark={0xc}]}, 0x104}}, 0x0) 03:27:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x4c00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:44 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x48, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x500000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:44 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x6}}], 0x0, 0x0, 0x0}) 03:27:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xffff000000000000}], 0x1c3, 0x0) [ 680.610609][T12853] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 680.628343][T12859] binder: BINDER_SET_CONTEXT_MGR already set 03:27:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x600000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:44 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x7}}], 0x0, 0x0, 0x0}) [ 680.665502][T12859] binder: 12846:12859 ioctl 40046207 0 returned -16 03:27:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:27:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x5000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 680.760525][T12870] binder: 12868:12870 got transaction with unaligned buffers size, 7 03:27:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x700000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:44 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x48}}], 0x0, 0x0, 0x0}) 03:27:44 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'bridge_slave_1\x00'}) sendmsg$nl_route(r1, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ffff0f000a000200aaaaaaaa8aaa0000e456c946595c05fbcfd080e84429ff5608cf43c6de1c18d55476f110a4116b59e294b60b813cfee91d4dc2b7372a6bae96d93a5ce7fb453b2254ca0d70f96493c07f846b4126d3d38cfab43daa4d321fd3c35ea2a6acf87f46055541cf7c56f4663f316a9e95611b234cbe5c14b9a2ab4f06624115929867162b0725eb80812eeb761c39a53eaebc0f454fb401d6fabf4a721dc4789cd22446c33f942ef434ece7bf0b17cd0f6e35a0cd1ae0e8e1c1516ab218b22be7f650fd61fdc94d3347dbcc94e68f1540f2c20a8e02c7cf3f4a3a7c6e47feebd61a74c472d307ef61f4bfb253ff09640f87a8d1b7d3379906aa"], 0x1}}, 0x0) 03:27:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 680.913660][T12885] binder_transaction: 26 callbacks suppressed [ 680.913674][T12885] binder: 12884:12885 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:44 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x4c, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:44 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x4c}}], 0x0, 0x0, 0x0}) [ 681.024530][T12897] binder: 12884:12897 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6800000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0xffffff7f00000000}], 0x1c3, 0x0) 03:27:44 executing program 3: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000001340)="fc0000004a000700ab092500090007000aab80ff000000000000369321000100000000000000000000ff000000000000008656aaa79bb94b46fe0000000700020800008c0000036c6c256f1a272f2e117c22ebc205214000000080008934d07302ade01720d7d5bbc91a3e2e80772c74fb2cc56ce1f0f156272f5b00000005defd5a32e2082038f4f8b29d3ef3d92c8334b3863032301748b6e4170e5bbab2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b170083df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48f6f0000080548deac270e33429fd3000175e63fb8d38a873cf10000000000f7", 0xfc) 03:27:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0xa00000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 681.117259][T12904] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:44 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x60}}], 0x0, 0x0, 0x0}) [ 681.212671][T12917] binder: BINDER_SET_CONTEXT_MGR already set [ 681.231110][T12917] binder: 12908:12917 ioctl 40046207 0 returned -16 [ 681.238015][T12920] netlink: 180 bytes leftover after parsing attributes in process `syz-executor.3'. [ 681.251176][T12918] binder: 12916:12918 got transaction with invalid offset (0, min 40 max 40) or object. [ 681.274042][T12923] binder: 12916:12923 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x1000000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x6c00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 681.330866][T12925] binder: 12924:12925 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:44 executing program 3: r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x0) [ 681.396447][T12929] binder_transaction: 112 callbacks suppressed [ 681.396466][T12929] binder: 12924:12929 transaction failed 29189/-22, size 40-16 line 2995 [ 681.428509][T12931] binder: 12930:12931 transaction failed 29189/-22, size 40-16 line 2995 03:27:45 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) pipe2(&(0x7f0000000240), 0x80000) syz_open_dev$loop(&(0x7f00000002c0)='/dev/loop#\x00', 0x2, 0x200000) openat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x801, 0x0) r1 = add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000380)="85144e22abb14558f5ae1bd2b6fb2451df1bc77187cc44eb9eb648ac4eec604b89385e3d0aff13be56df53ad9bfb806e5dec3ae9460dd50f5bbf7d1b1fb878ae14fbedf83eecb9e02e67570a2a4ef5f520a997f56865ed25dcdc47649a93ad8cd423da846b309d9b83f01995f4ae6d3bca5f0675f5ee0381", 0x78, 0xfffffffffffffffc) r2 = request_key(&(0x7f00000005c0)='logon\x00', &(0x7f0000000600)={'syz'}, &(0x7f0000000640)='*\\\x00', 0xfffffffffffffffa) keyctl$negate(0xd, r1, 0x100, r2) openat$null(0xffffffffffffff9c, &(0x7f0000000340)='/dev/null\x00', 0x2, 0x0) ioctl$BLKGETSIZE64(r0, 0x80081272, 0x0) socket(0x0, 0x0, 0x0) dup(0xffffffffffffffff) ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) ptrace$cont(0xffffffffffffffff, 0x0, 0x0, 0x0) fsetxattr$security_selinux(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x41, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) lstat(0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) fchown(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000280)={0x2, 0x4e23}, 0x10) fchdir(0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp\x00') sendfile(r0, r3, &(0x7f0000000500), 0x80000003) [ 681.453028][T12934] binder: 12928:12934 transaction failed 29201/-22, size 64-16 line 3389 [ 681.470321][T12935] binder: 12930:12935 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x68}}], 0x0, 0x0, 0x0}) [ 681.505160][T12937] binder: 12928:12937 transaction failed 29201/-22, size 64-16 line 3389 [ 681.514995][T12935] binder: 12930:12935 transaction failed 29201/-22, size 40-16 line 3242 03:27:45 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x60, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:45 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x2000000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7400000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 681.633635][T12947] binder: 12943:12947 transaction failed 29189/-22, size 40-16 line 2995 [ 681.704545][T12950] binder: 12949:12950 transaction failed 29189/-22, size 40-16 line 2995 [ 681.711685][T12952] binder: 12951:12952 transaction failed 29201/-22, size 64-16 line 3389 [ 681.723036][T12954] binder: 12943:12954 got transaction with invalid offset (0, min 40 max 40) or object. [ 681.753874][T12954] binder: 12943:12954 transaction failed 29201/-22, size 40-16 line 3242 [ 681.758006][T12959] binder: 12951:12959 transaction failed 29201/-22, size 64-16 line 3389 [ 681.762490][T12957] binder: BINDER_SET_CONTEXT_MGR already set [ 681.794447][T12958] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:45 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:45 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x2800000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x6c}}], 0x0, 0x0, 0x0}) [ 681.912151][T12957] binder: 12951:12957 ioctl 40046207 0 returned -16 [ 681.919077][T12961] binder: 12949:12961 got transaction with invalid offset (0, min 40 max 40) or object. [ 681.919212][T12967] binder: BINDER_SET_CONTEXT_MGR already set 03:27:45 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x2800000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 681.962069][T12969] binder: 12965:12969 got transaction with unaligned buffers size, 108 [ 681.972197][T12967] binder: 12966:12967 ioctl 40046207 0 returned -16 [ 681.993862][ T2916] binder_release_work: 114 callbacks suppressed [ 681.993870][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 681.996514][T12972] binder: 12965:12972 got transaction with unaligned buffers size, 108 [ 682.028853][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 03:27:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x7a00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:45 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x1000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:45 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x68, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 682.070601][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 682.075978][T12976] binder: 12975:12976 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x74}}], 0x0, 0x0, 0x0}) [ 682.166614][T12983] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 682.182332][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 682.192966][T12989] binder_alloc: 12980: binder_alloc_buf, no vma [ 682.194543][T12985] binder: BINDER_SET_CONTEXT_MGR already set 03:27:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x7a}}], 0x0, 0x0, 0x0}) [ 682.215951][T12985] binder: 12980:12985 ioctl 40046207 0 returned -16 [ 682.216021][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 03:27:45 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x3800000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:45 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x0, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket(0x2, 0x3, 0x100000001) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r2 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r2, 0x8001) sendfile(r1, r2, 0x0, 0x400008bca) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 682.265581][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 682.302862][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 03:27:45 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x8000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 682.340823][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 682.386856][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 682.407233][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 03:27:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:46 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x3f00000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x300}}], 0x0, 0x0, 0x0}) 03:27:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0xfdfdffff00000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:46 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x6c, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 682.641038][T13022] binder: 13015:13022 got transaction with invalid offset (0, min 40 max 40) or object. [ 682.660296][T13023] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 682.670673][T13025] binder: BINDER_SET_CONTEXT_MGR already set [ 682.687674][T13025] binder: 13024:13025 ioctl 40046207 0 returned -16 03:27:46 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x4800000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x500}}], 0x0, 0x0, 0x0}) [ 682.713653][T13031] binder: 13024:13031 got transaction with invalid handle, 0 03:27:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0xffffffff00000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:46 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x4c00000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x600}}], 0x0, 0x0, 0x0}) [ 682.984798][T13049] binder: 13048:13049 got transaction with invalid handle, 0 03:27:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x2}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:46 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x6000000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x700}}], 0x0, 0x0, 0x0}) 03:27:46 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x74, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 683.212245][T13071] binder: 13064:13071 got transaction with invalid handle, 0 [ 683.220050][T13066] binder: BINDER_SET_CONTEXT_MGR already set [ 683.226832][T13072] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 683.231589][T13066] binder: 13065:13066 ioctl 40046207 0 returned -16 03:27:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:46 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x6800000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x2000}}], 0x0, 0x0, 0x0}) [ 683.264933][T13066] binder: BINDER_SET_CONTEXT_MGR already set [ 683.270960][T13066] binder: 13065:13066 ioctl 40046207 0 returned -16 03:27:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x3}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:46 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x6c00000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:47 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 683.491999][T13096] binder: BINDER_SET_CONTEXT_MGR already set [ 683.504286][ C1] net_ratelimit: 5 callbacks suppressed [ 683.504295][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 683.515733][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 683.521566][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 683.527393][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 683.537647][T13096] binder: 13092:13096 ioctl 40046207 0 returned -16 [ 683.571460][T13100] binder: 13098:13100 got transaction with invalid handle, 0 [ 683.590228][T13097] binder_fixup_parent: 22 callbacks suppressed [ 683.590239][T13097] binder: 13092:13097 got transaction with invalid parent offset or type 03:27:47 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x7400000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:47 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x3f00}}], 0x0, 0x0, 0x0}) 03:27:47 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:47 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x7a, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:47 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 683.806157][T13115] binder: 13110:13115 got transaction with invalid parent offset or type [ 683.816030][T13118] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 683.826787][T13119] binder_alloc: 13110: binder_alloc_buf size 16184 failed, no address space [ 683.839801][T13120] binder: 13110:13120 got transaction with invalid parent offset or type 03:27:47 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x7a00000000000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 683.934036][T13128] binder: 13126:13128 got transaction with invalid handle, 0 [ 683.959942][T13119] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:27:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x5}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:47 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 683.985100][T13132] binder_alloc: 13110: binder_alloc_buf, no vma [ 684.023342][T13135] binder: 13134:13135 got transaction with invalid parent offset or type 03:27:47 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0xfdfdffff00000000, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 684.062929][T13137] binder: 13134:13137 got transaction with invalid parent offset or type 03:27:47 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x4800}}], 0x0, 0x0, 0x0}) [ 684.105461][T13140] binder: 13138:13140 got transaction with invalid handle, 0 03:27:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:47 executing program 3: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:47 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x2, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 684.171359][T13146] binder_alloc: 13134: binder_alloc_buf size 18488 failed, no address space [ 684.249339][T13150] binder: 13149:13150 got transaction with invalid parent offset or type [ 684.271299][T13146] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:27:47 executing program 3: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) [ 684.329464][T13157] binder: 13149:13157 got transaction with invalid parent offset or type [ 684.338272][T13158] binder_alloc: 13149: binder_alloc_buf size 18488 failed, no address space 03:27:47 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xc0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:47 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x3, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 684.430011][T13158] binder_alloc: allocated: 80 (num: 1 largest: 80), free: 12208 (num: 1 largest: 12208) 03:27:48 executing program 3: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:48 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x4c00}}], 0x0, 0x0, 0x0}) [ 684.480465][T13171] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:27:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x4, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:48 executing program 3: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x5, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 684.626779][T13186] binder: 13184:13186 got transaction with invalid parent offset or type [ 684.658882][T13189] binder: 13184:13189 got transaction with invalid parent offset or type [ 684.704271][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 684.704303][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 684.710146][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 684.715877][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 684.721577][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 684.727298][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:27:48 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x6000}}], 0x0, 0x0, 0x0}) 03:27:48 executing program 3: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0xa}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 684.915287][T13209] binder_alloc: 13204: binder_alloc_buf size 24632 failed, no address space [ 684.924447][T13205] binder: 13204:13205 got transaction with invalid parent offset or type [ 684.943693][T13209] binder_alloc: allocated: 80 (num: 1 largest: 80), free: 12208 (num: 1 largest: 12208) [ 684.971156][T13205] binder: BINDER_SET_CONTEXT_MGR already set [ 684.985190][T13205] binder: 13204:13205 ioctl 40046207 0 returned -16 03:27:48 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x6, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:48 executing program 3: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:48 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xf0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:48 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x6800}}], 0x0, 0x0, 0x0}) 03:27:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x10}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:48 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x6c00}}], 0x0, 0x0, 0x0}) 03:27:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x7, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 685.168262][T13223] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 685.185049][T13226] binder: BINDER_SET_CONTEXT_MGR already set [ 685.204956][T13226] binder: 13224:13226 ioctl 40046207 0 returned -16 03:27:48 executing program 3: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x28}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:48 executing program 3: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0xa, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x7400}}], 0x0, 0x0, 0x0}) 03:27:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x38}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:49 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x300, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:49 executing program 3: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x10, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x7a00}}], 0x0, 0x0, 0x0}) [ 685.667244][T13265] binder: BINDER_SET_CONTEXT_MGR already set [ 685.673336][T13265] binder: 13264:13265 ioctl 40046207 0 returned -16 03:27:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x48}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x28, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 03:27:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x1000000}}], 0x0, 0x0, 0x0}) [ 685.801540][T13279] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 685.864067][T13288] binder: 13287:13288 ioctl c0306201 0 returned -14 [ 685.900667][T13294] binder_alloc: 13285: binder_alloc_buf size 16777272 failed, no address space 03:27:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x38, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 685.958459][T13294] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:27:49 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 03:27:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4c}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x48, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x2000000}}], 0x0, 0x0, 0x0}) 03:27:49 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x500, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 686.221671][T13308] binder: 13306:13308 ioctl c0306201 0 returned -14 [ 686.221881][T13315] binder_alloc: 13307: binder_alloc_buf size 33554488 failed, no address space [ 686.239495][T13317] binder_transaction: 21 callbacks suppressed [ 686.239510][T13317] binder: 13311:13317 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x50}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x4c, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:49 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 686.284402][T13315] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:27:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x3000000}}], 0x0, 0x0, 0x0}) 03:27:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x60}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:49 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x600, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 686.403519][T13330] binder: 13329:13330 got transaction with invalid offset (0, min 40 max 40) or object. [ 686.416779][T13332] binder: 13328:13332 ioctl c0306201 0 returned -14 [ 686.469614][T13337] binder_transaction: 125 callbacks suppressed [ 686.469629][T13337] binder: 13336:13337 transaction failed 29189/-22, size 40-16 line 2995 [ 686.506823][T13342] binder: 13341:13342 transaction failed 29201/-22, size 64-16 line 3389 [ 686.520969][T13330] binder: 13329:13330 transaction failed 29201/-22, size 40-16 line 3242 [ 686.533265][T13344] binder: 13329:13344 got transaction with invalid offset (0, min 40 max 40) or object. [ 686.571135][T13346] binder_alloc: 13341: binder_alloc_buf size 50331704 failed, no address space [ 686.599488][T13346] binder_alloc: allocated: 56 (num: 1 largest: 56), free: 12232 (num: 1 largest: 12232) [ 686.623489][T13348] binder: 13341:13348 transaction failed 29201/-22, size 64-16 line 3389 [ 686.632187][T13344] binder: 13329:13344 transaction failed 29201/-22, size 40-16 line 3242 [ 686.643582][T13346] binder: 13336:13346 transaction failed 29201/-28, size 40-16 line 3148 03:27:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:27:50 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x700, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:50 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x60, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x4000000}}], 0x0, 0x0, 0x0}) [ 686.732723][T13354] binder: 13353:13354 got transaction with invalid offset (0, min 40 max 40) or object. [ 686.748367][T13359] binder_alloc: 13341: binder_alloc_buf size 67108920 failed, no address space 03:27:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x68}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 686.806389][T13359] binder_alloc: allocated: 56 (num: 1 largest: 56), free: 12232 (num: 1 largest: 12232) [ 686.845302][T13354] binder: 13353:13354 transaction failed 29201/-22, size 40-16 line 3242 03:27:50 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xa00, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 686.854039][T13359] binder: 13358:13359 transaction failed 29201/-28, size 40-16 line 3148 [ 686.871070][T13367] binder: 13366:13367 transaction failed 29201/-22, size 64-16 line 3389 [ 686.886990][T13370] binder_alloc: 13366: binder_alloc_buf size 67108920 failed, no address space 03:27:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:27:50 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xde6, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 686.909151][T13373] binder: 13366:13373 transaction failed 29201/-22, size 64-16 line 3389 [ 686.935258][T13370] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 686.973909][T13372] binder_alloc: 13366: binder_alloc_buf, no vma [ 687.010840][ T2916] binder_release_work: 125 callbacks suppressed [ 687.010847][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 03:27:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6c}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x5000000}}], 0x0, 0x0, 0x0}) [ 687.142898][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 687.143140][T13390] binder_alloc: 13387: binder_alloc_buf size 83886136 failed, no address space [ 687.150558][T13388] binder: BINDER_SET_CONTEXT_MGR already set [ 687.196479][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 [ 687.202963][T13388] binder: 13387:13388 ioctl 40046207 0 returned -16 [ 687.219363][T13390] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 687.243523][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 687.253455][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 03:27:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:50 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x68, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:50 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xe00, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0}) 03:27:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x74}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x6000000}}], 0x0, 0x0, 0x0}) 03:27:50 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0}) [ 687.381463][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 687.389788][T13409] binder: BINDER_SET_CONTEXT_MGR already set 03:27:51 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xec0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 687.435414][T13408] binder: 13401:13408 got transaction with invalid offset (0, min 40 max 40) or object. [ 687.445504][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 687.468950][T13409] binder: 13406:13409 ioctl 40046207 0 returned -16 [ 687.477943][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 687.484676][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 03:27:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x7000000}}], 0x0, 0x0, 0x0}) 03:27:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0}) [ 687.511987][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 687.512969][T13422] binder: 13401:13422 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7a}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:51 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xf00, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x20000000}}], 0x0, 0x0, 0x0}) 03:27:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x6c, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:51 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x2000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x300}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 687.918794][T13447] binder: 13446:13447 got transaction with invalid offset (0, min 0 max 0) or object. 03:27:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x74, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x500}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x3f000000}}], 0x0, 0x0, 0x0}) 03:27:51 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x4800, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x7a, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 688.168860][T13483] binder: 13482:13483 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x600}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:51 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x4c00, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x48000000}}], 0x0, 0x0, 0x0}) 03:27:51 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:51 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x300, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x500, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:52 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x6000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x4c000000}}], 0x0, 0x0, 0x0}) 03:27:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x700}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x10, &(0x7f0000000580)=[@flat={0x73682a85}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 688.518886][T13512] binder_alloc: 13495: binder_alloc_buf, no vma [ 688.558348][T13516] binder_alloc: 13495: binder_alloc_buf, no vma 03:27:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x600, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 688.578633][T13519] binder_alloc: 13495: binder_alloc_buf, no vma [ 688.602872][T13524] binder: 13522:13524 got transaction with invalid handle, 0 03:27:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0xa00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x60000000}}], 0x0, 0x0, 0x0}) 03:27:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000580), &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:52 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x6800, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x700, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000580), &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:52 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x6c00, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 688.890760][T13543] binder_fixup_parent: 27 callbacks suppressed [ 688.890771][T13543] binder: 13542:13543 got transaction with invalid parent offset or type [ 688.906880][T13547] binder_alloc_new_buf_locked: 4 callbacks suppressed [ 688.906892][T13547] binder_alloc: 13542: binder_alloc_buf size 1610612792 failed, no address space 03:27:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0xa00, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:52 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x7400, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 689.020997][T13547] binder_alloc_new_buf_locked: 4 callbacks suppressed [ 689.021013][T13547] binder_alloc: allocated: 80 (num: 1 largest: 80), free: 12208 (num: 1 largest: 12208) [ 689.051280][T13556] binder: 13555:13556 got transaction with invalid offset (0, min 0 max 0) or object. [ 689.068839][T13564] binder: 13542:13564 got transaction with invalid parent offset or type [ 689.068884][T13563] binder: 13562:13563 got transaction with invalid offset (0, min 40 max 40) or object. [ 689.091743][T13565] binder_alloc: 13542: binder_alloc_buf size 1610612792 failed, no address space 03:27:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000580), &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x2000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 689.154743][T13565] binder_alloc: allocated: 56 (num: 1 largest: 56), free: 12232 (num: 2 largest: 12152) [ 689.243402][T13576] binder: 13573:13576 got transaction with invalid parent offset or type [ 689.285987][T13578] binder: BINDER_SET_CONTEXT_MGR already set [ 689.292017][T13578] binder: 13573:13578 ioctl 40046207 0 returned -16 [ 689.303376][T13579] binder: 13573:13579 got transaction with invalid parent offset or type 03:27:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:52 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x7a00, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x68000000}}], 0x0, 0x0, 0x0}) 03:27:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x2000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:52 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x10, &(0x7f0000000580)=[@flat], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x2800}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:53 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xc000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 689.437503][T13594] binder: 13591:13594 got transaction with invalid parent offset or type [ 689.445959][T13597] binder_alloc: 13591: binder_alloc_buf size 1744830520 failed, no address space 03:27:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x10, &(0x7f0000000580)=[@flat], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x2800, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 689.494445][T13597] binder_alloc: allocated: 80 (num: 1 largest: 80), free: 12208 (num: 1 largest: 12208) 03:27:53 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xc00e, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 689.578955][T13594] binder: BINDER_SET_CONTEXT_MGR already set [ 689.585403][T13607] binder_alloc: 13591: binder_alloc_buf, no vma [ 689.605141][T13594] binder: 13591:13594 ioctl 40046207 0 returned -16 03:27:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x6c000000}}], 0x0, 0x0, 0x0}) 03:27:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x10, &(0x7f0000000580)=[@flat], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 689.744278][ C1] net_ratelimit: 5 callbacks suppressed [ 689.744285][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 689.756173][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 689.762017][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 689.767880][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:27:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x3800}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:53 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xe60d, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x3800, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x74000000}}], 0x0, 0x0, 0x0}) 03:27:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000580)=[@flat={0x73682a85}], 0x0}}}], 0x0, 0x0, 0x0}) 03:27:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x3f00, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 689.946215][T13637] binder: 13630:13637 got transaction with invalid parent offset or type [ 689.955267][T13638] binder_alloc: 13630: binder_alloc_buf size 1946157112 failed, no address space [ 689.964381][ T2916] binder: release 13634:13639 transaction 7735 out, still active [ 689.964392][ T2916] binder: undelivered TRANSACTION_COMPLETE 03:27:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000580)=[@flat={0x73682a85}], 0x0}}}], 0x0, 0x0, 0x0}) 03:27:53 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xf000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 690.066374][T13638] binder_alloc: allocated: 104 (num: 2 largest: 80), free: 12184 (num: 1 largest: 12184) [ 690.103496][ T7851] binder: release 13650:13651 transaction 7738 out, still active 03:27:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x4800, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 690.113560][T13637] binder: BINDER_SET_CONTEXT_MGR already set [ 690.131887][ T7851] binder: undelivered TRANSACTION_COMPLETE [ 690.151858][T13637] binder: 13630:13637 ioctl 40046207 0 returned -16 [ 690.151915][T13654] binder_alloc: 13630: binder_alloc_buf, no vma 03:27:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000580)=[@flat={0x73682a85}], 0x0}}}], 0x0, 0x0, 0x0}) 03:27:53 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xff03, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 690.172759][ T7851] binder: send failed reply for transaction 7735, target dead [ 690.213348][ T7851] binder: send failed reply for transaction 7738, target dead [ 690.248773][T13657] binder_alloc: 13630: binder_alloc_buf, no vma 03:27:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:53 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000580)=[@flat={0x73682a85}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 03:27:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x4c00, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:53 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x33fe0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x7a000000}}], 0x0, 0x0, 0x0}) [ 690.476245][T13683] binder: 13675:13683 got transaction with invalid parent offset or type [ 690.480016][T13679] binder_alloc: 13675: binder_alloc_buf size 2046820408 failed, no address space 03:27:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000580)=[@flat={0x73682a85}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 03:27:54 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x34000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 690.520073][T13679] binder_alloc: allocated: 80 (num: 1 largest: 80), free: 12208 (num: 1 largest: 12208) 03:27:54 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x6000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 690.565636][T13692] binder: 13675:13692 got transaction with invalid parent offset or type [ 690.575468][T13694] binder: 13690:13694 got transaction with invalid handle, 0 [ 690.584593][T13696] binder_alloc: 13675: binder_alloc_buf size 2046820408 failed, no address space 03:27:54 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x40000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000580)=[@flat={0x73682a85}], &(0x7f00000005c0)}}}], 0x0, 0x0, 0x0}) [ 690.688295][T13696] binder_alloc: allocated: 80 (num: 1 largest: 80), free: 12208 (num: 1 largest: 12208) 03:27:54 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0xfdfdffff}}], 0x0, 0x0, 0x0}) [ 690.758576][ T7851] binder: release 13707:13709 transaction 7760 out, still active [ 690.802432][T13712] binder_alloc: 13675: binder_alloc_buf size 4261281848 failed, no address space [ 690.804237][ T7851] binder: undelivered TRANSACTION_COMPLETE [ 690.854788][ T7851] binder: send failed reply for transaction 7760, target dead [ 690.874362][T13712] binder_alloc: allocated: 24 (num: 1 largest: 24), free: 12264 (num: 1 largest: 12264) 03:27:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:54 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x6800, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4800}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:54 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x400300, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000580)=[@flat={0x73682a85}], &(0x7f00000005c0)}}}], 0x0, 0x0, 0x0}) 03:27:54 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0xfffffdfd}}], 0x0, 0x0, 0x0}) 03:27:54 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x100000000000000}}], 0x0, 0x0, 0x0}) 03:27:54 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xf0ffff, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000580)=[@flat={0x73682a85}], &(0x7f00000005c0)}}}], 0x0, 0x0, 0x0}) [ 691.010540][T13733] binder: 13723:13733 got transaction with invalid parent offset or type 03:27:54 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x6c00, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 691.096685][ T7851] binder: release 13736:13739 transaction 7773 out, still active [ 691.116481][T13744] binder: 13723:13744 got transaction with invalid parent offset or type [ 691.131967][ T7851] binder: undelivered TRANSACTION_COMPLETE 03:27:54 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x1000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 691.146351][T13742] binder_alloc: 13723: binder_alloc_buf size 72057594037927992 failed, no address space 03:27:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x2000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 691.232532][T13742] binder_alloc: allocated: 104 (num: 2 largest: 80), free: 12184 (num: 1 largest: 12184) [ 691.251622][T13749] binder_transaction: 8 callbacks suppressed [ 691.251639][T13749] binder: 13748:13749 got transaction with invalid offset (0, min 40 max 40) or object. [ 691.271200][T13756] binder_alloc: 13723: binder_alloc_buf size 72057594037927992 failed, no address space [ 691.300156][ T7851] binder: send failed reply for transaction 7773, target dead [ 691.313073][T13756] binder_alloc: allocated: 80 (num: 2 largest: 56), free: 12208 (num: 2 largest: 12128) [ 691.357596][T13762] binder: 13748:13762 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4c00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:55 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x2000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x66646185}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:55 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x200000000000000}}], 0x0, 0x0, 0x0}) 03:27:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x7400, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 691.545327][T13780] binder_transaction: 108 callbacks suppressed [ 691.545343][T13780] binder: 13773:13780 transaction failed 29189/-22, size 40-16 line 2995 [ 691.548125][T13772] binder: 13771:13772 got transaction with invalid parent offset or type [ 691.569056][T13775] binder: 13774:13775 got transaction with invalid offset (0, min 40 max 40) or object. [ 691.582293][T13781] binder_alloc: 13771: binder_alloc_buf size 144115188075855928 failed, no address space 03:27:55 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x3000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 691.592778][T13779] binder: BINDER_SET_CONTEXT_MGR already set [ 691.608174][T13779] binder: 13776:13779 ioctl 40046207 0 returned -16 [ 691.618665][T13781] binder_alloc: allocated: 136 (num: 2 largest: 80), free: 12152 (num: 1 largest: 12152) [ 691.667536][T13781] binder: 13773:13781 transaction failed 29201/-28, size 40-16 line 3148 [ 691.667592][T13772] binder: 13771:13772 transaction failed 29201/-22, size 64-16 line 3318 [ 691.676302][T13775] binder: 13774:13775 transaction failed 29201/-22, size 40-16 line 3242 [ 691.693323][T13779] binder: 13776:13779 transaction failed 29201/-22, size 64-16 line 3389 03:27:55 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x300000000000000}}], 0x0, 0x0, 0x0}) 03:27:55 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x4000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 691.712430][T13779] binder: BINDER_SET_CONTEXT_MGR already set [ 691.727295][T13788] binder: 13774:13788 got transaction with invalid offset (0, min 40 max 40) or object. [ 691.737434][T13787] binder: 13776:13787 transaction failed 29201/-22, size 64-16 line 3389 [ 691.756545][T13779] binder: 13776:13779 ioctl 40046207 0 returned -16 [ 691.783098][T13788] binder: 13774:13788 transaction failed 29201/-22, size 40-16 line 3242 [ 691.791431][T13791] binder: 13789:13791 transaction failed 29201/-28, size 40-16 line 3148 03:27:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x5000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 691.824273][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 691.830081][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 691.831646][T13795] binder: 13789:13795 transaction failed 29201/-28, size 40-16 line 3148 [ 691.835958][ C1] protocol 88fb is buggy, dev hsr_slave_0 03:27:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x7a00, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x66646185}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:55 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x5000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:55 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x400000000000000}}], 0x0, 0x0, 0x0}) [ 691.937035][T13801] binder: BINDER_SET_CONTEXT_MGR already set [ 691.955110][T13804] binder: 13802:13804 transaction failed 29189/-22, size 40-16 line 2995 [ 691.981039][T13806] binder: 13805:13806 got transaction with invalid parent offset or type [ 691.989709][T13801] binder: 13800:13801 ioctl 40046207 0 returned -16 03:27:55 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x500000000000000}}], 0x0, 0x0, 0x0}) [ 692.031708][ T2916] binder_release_work: 106 callbacks suppressed [ 692.031714][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 692.045937][T13815] binder: 13802:13815 got transaction with invalid offset (0, min 40 max 40) or object. [ 692.066512][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 03:27:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 692.115810][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 692.152249][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 03:27:55 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x6000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x66646185}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x1000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 692.183809][T13822] binder_alloc: 13805: binder_alloc_buf, no vma [ 692.185342][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 692.246513][T13832] binder: BINDER_SET_CONTEXT_MGR already set [ 692.283686][T13832] binder: 13823:13832 ioctl 40046207 0 returned -16 [ 692.290691][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 03:27:55 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x7000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6800}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 692.292484][T13834] binder: BINDER_SET_CONTEXT_MGR already set [ 692.348201][T13834] binder: 13831:13834 ioctl 40046207 0 returned -16 [ 692.360909][T13837] binder_alloc: 13823: binder_alloc_buf, no vma [ 692.364382][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 692.373555][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 692.382682][T13836] binder_alloc: 13823: binder_alloc_buf, no vma 03:27:56 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x600000000000000}}], 0x0, 0x0, 0x0}) [ 692.408590][T13848] binder: 13835:13848 got transaction with invalid offset (0, min 40 max 40) or object. [ 692.421593][T13846] binder: BINDER_SET_CONTEXT_MGR already set [ 692.436985][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 692.443895][T13846] binder: 13844:13846 ioctl 40046207 0 returned -16 [ 692.453910][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 03:27:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x2, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:56 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xa000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x2000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6c00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:56 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x700000000000000}}], 0x0, 0x0, 0x0}) 03:27:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x3000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 692.724783][T13873] binder: 13870:13873 got transaction with invalid offset (24, min 24 max 40) or object. 03:27:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7400}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:56 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xe000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 692.774066][T13882] binder: 13881:13882 got transaction with invalid offset (0, min 40 max 40) or object. 03:27:56 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x2000000000000000}}], 0x0, 0x0, 0x0}) 03:27:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:56 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xf000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 692.830065][T13888] binder: BINDER_SET_CONTEXT_MGR already set [ 692.895352][T13894] binder_alloc: 13870: binder_alloc_buf, no vma [ 692.913891][T13888] binder: 13883:13888 ioctl 40046207 0 returned -16 03:27:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x4000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 692.937440][T13896] binder: 13895:13896 got transaction with invalid offset (24, min 24 max 40) or object. [ 692.981713][T13906] binder: 13905:13906 got transaction with invalid offset (0, min 40 max 40) or object. [ 693.002827][T13894] binder: BINDER_SET_CONTEXT_MGR already set [ 693.024289][ C1] protocol 88fb is buggy, dev hsr_slave_0 03:27:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x5000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 693.027760][T13894] binder: 13883:13894 ioctl 40046207 0 returned -16 [ 693.030120][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 693.030216][ C1] protocol 88fb is buggy, dev hsr_slave_0 03:27:56 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x20000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:56 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x3f00000000000000}}], 0x0, 0x0, 0x0}) 03:27:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7a00}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:56 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 693.254564][T13926] binder: BINDER_SET_CONTEXT_MGR already set [ 693.310585][T13926] binder: 13923:13926 ioctl 40046207 0 returned -16 03:27:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:56 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x48000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x6000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:56 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x4800000000000000}}], 0x0, 0x0, 0x0}) 03:27:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x1000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x7000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:57 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x4c000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 693.487030][T13943] binder: BINDER_SET_CONTEXT_MGR already set [ 693.511963][T13943] binder: 13941:13943 ioctl 40046207 0 returned -16 03:27:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:57 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x4c00000000000000}}], 0x0, 0x0, 0x0}) 03:27:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x2000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0xa000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:57 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x60000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x3000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:57 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x6000000000000000}}], 0x0, 0x0, 0x0}) 03:27:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x10000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 693.968663][T13989] binder_fixup_parent: 16 callbacks suppressed [ 693.968673][T13989] binder: 13988:13989 got transaction with invalid parent offset or type 03:27:57 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x68000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 694.014372][T13985] binder_alloc_new_buf_locked: 10 callbacks suppressed [ 694.014383][T13985] binder_alloc: 13988: binder_alloc_buf size 6917529027641081912 failed, no address space [ 694.017463][T13996] binder: 13988:13996 got transaction with invalid parent offset or type 03:27:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x20000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 694.064372][T13985] binder_alloc_new_buf_locked: 10 callbacks suppressed [ 694.064389][T13985] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:27:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:57 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x6c000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 694.155031][T14009] binder_alloc: 13988: binder_alloc_buf size 6917529027641081912 failed, no address space [ 694.213793][T14009] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 694.254705][T14013] binder: 14012:14013 got transaction with invalid parent offset or type [ 694.322931][T14021] binder: 14012:14021 got transaction with invalid parent offset or type [ 694.361872][T14013] binder: BINDER_SET_CONTEXT_MGR already set [ 694.384036][T14013] binder: 14012:14013 ioctl 40046207 0 returned -16 03:27:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x28000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:58 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x6800000000000000}}], 0x0, 0x0, 0x0}) 03:27:58 executing program 3: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:58 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x74000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x5000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:58 executing program 3: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 694.533180][T14032] binder: 14027:14032 got transaction with invalid parent offset or type [ 694.546296][T14041] binder_alloc: 14027: binder_alloc_buf size 7493989779944505400 failed, no address space 03:27:58 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x7a000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 694.582659][T14041] binder_alloc: allocated: 80 (num: 1 largest: 80), free: 12208 (num: 1 largest: 12208) 03:27:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x38000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:58 executing program 3: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 694.632497][T14032] binder: BINDER_SET_CONTEXT_MGR already set [ 694.694432][T14032] binder: 14027:14032 ioctl 40046207 0 returned -16 [ 694.709362][T14049] binder: 14027:14049 got transaction with invalid parent offset or type 03:27:58 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x6c00000000000000}}], 0x0, 0x0, 0x0}) 03:27:58 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x9effffff, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:58 executing program 3: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x3f000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:58 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x7400000000000000}}], 0x0, 0x0, 0x0}) 03:27:58 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xc0000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:58 executing program 3: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 695.019366][T14081] binder: 14076:14081 got transaction with invalid parent offset or type [ 695.043039][T14084] binder_alloc: 14076: binder_alloc_buf size 8358680908399640632 failed, no address space 03:27:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x48000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 695.081589][T14084] binder_alloc: allocated: 80 (num: 1 largest: 80), free: 12208 (num: 1 largest: 12208) 03:27:58 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xc00e0000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:58 executing program 3: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 695.124094][T14081] binder: BINDER_SET_CONTEXT_MGR already set [ 695.138721][T14081] binder: 14076:14081 ioctl 40046207 0 returned -16 03:27:58 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0x7a00000000000000}}], 0x0, 0x0, 0x0}) 03:27:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 695.335789][T14109] binder: 14108:14109 got transaction with invalid parent offset or type [ 695.355264][T14111] binder_alloc: 14108: binder_alloc_buf size 8791026472627208248 failed, no address space [ 695.374572][T14111] binder_alloc: allocated: 80 (num: 1 largest: 80), free: 12208 (num: 1 largest: 12208) [ 695.413083][T14113] binder: 14108:14113 got transaction with invalid parent offset or type 03:27:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:59 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xe03f0300, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x4c000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:59 executing program 3: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:59 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}, 0xfdfdffff00000000}}], 0x0, 0x0, 0x0}) 03:27:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0xa000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:59 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xe60d0000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 695.576071][T14125] binder: 14124:14125 got transaction with invalid parent offset or type [ 695.585117][T14129] binder_alloc: 14124: binder_alloc_buf size -144678142324244424 failed, no address space 03:27:59 executing program 3: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 695.621482][T14129] binder_alloc: allocated: 80 (num: 1 largest: 80), free: 12208 (num: 1 largest: 12208) 03:27:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x60000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:59 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xeffdffff, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:59 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x2, 0x0, 0x0}) 03:27:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x10000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 695.827153][T14152] binder: 14149:14152 ioctl c0306201 20000780 returned -14 [ 695.866439][T14156] binder: 14149:14156 ioctl c0306201 20000780 returned -14 [ 695.897367][T14158] binder: BINDER_SET_CONTEXT_MGR already set [ 695.914084][T14158] binder: 14155:14158 ioctl 40046207 0 returned -16 [ 695.984292][ C1] net_ratelimit: 9 callbacks suppressed [ 695.984301][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 695.989941][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 696.001491][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 696.007327][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:27:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:27:59 executing program 3: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:59 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xf0ffffff, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x68000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:59 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x3, 0x0, 0x0}) 03:27:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x20000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:27:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x6c000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 696.118756][T14175] binder: BINDER_SET_CONTEXT_MGR already set 03:27:59 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xff030000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:59 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 696.186702][T14175] binder: 14170:14175 ioctl 40046207 0 returned -16 [ 696.186944][T14178] binder: 14166:14178 ioctl c0306201 20000780 returned -14 [ 696.220108][T14186] binder: 14184:14186 ioctl c0306201 0 returned -14 03:27:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x74000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:27:59 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xfffff000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:27:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x28000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 696.301119][T14178] binder: 14166:14178 ioctl c0306201 20000780 returned -14 [ 696.406744][T14205] binder_transaction: 23 callbacks suppressed [ 696.406763][T14205] binder: 14201:14205 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 03:28:00 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x4, 0x0, 0x0}) 03:28:00 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xfffffdef, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x38000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x7a000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 696.603775][T14213] binder_transaction: 116 callbacks suppressed [ 696.603791][T14213] binder: 14212:14213 transaction failed 29189/-22, size 40-16 line 2995 [ 696.605498][T14215] binder: 14214:14215 transaction failed 29189/-22, size 40-16 line 2995 [ 696.616757][T14213] binder: 14212:14213 ioctl c0306201 20000780 returned -14 [ 696.638942][T14219] binder: 14211:14219 ioctl c0306201 0 returned -14 03:28:00 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xffffff7f, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 696.670499][T14220] binder: 14218:14220 transaction failed 29201/-22, size 64-16 line 3389 [ 696.677637][T14224] binder: 14214:14224 got transaction with invalid offset (0, min 40 max 40) or object. [ 696.686513][T14225] binder: 14218:14225 transaction failed 29201/-22, size 64-16 line 3389 [ 696.710800][T14227] binder: 14212:14227 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 696.731191][T14224] binder: 14214:14224 transaction failed 29201/-22, size 40-16 line 3242 03:28:00 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xffffff9e, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 696.784409][T14227] binder: 14212:14227 transaction failed 29201/-22, size 40-16 line 3242 03:28:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x40000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 696.831466][T14235] binder: 14234:14235 ioctl c0306201 0 returned -14 03:28:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0xfdfdffff, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 696.879363][T14227] binder: 14212:14227 ioctl c0306201 20000780 returned -14 03:28:00 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xfffffff0, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 696.921805][T14242] binder: 14240:14242 transaction failed 29201/-22, size 64-16 line 3389 [ 696.934881][T14244] binder: 14243:14244 got transaction with invalid offset (0, min 40 max 40) or object. [ 696.992380][T14244] binder: 14243:14244 transaction failed 29201/-22, size 40-16 line 3242 [ 696.994631][T14248] binder: 14240:14248 transaction failed 29201/-22, size 64-16 line 3389 [ 697.025878][T14251] binder: 14243:14251 got transaction with invalid offset (0, min 40 max 40) or object. [ 697.050776][ T7860] binder_release_work: 115 callbacks suppressed [ 697.050783][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 [ 697.064652][T14251] binder: 14243:14251 transaction failed 29201/-22, size 40-16 line 3242 [ 697.085217][ T7851] binder: undelivered TRANSACTION_ERROR: 29201 03:28:00 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:28:00 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x5, 0x0, 0x0}) 03:28:00 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x4000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x48000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0xfffffdfd, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:00 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x40030000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 697.229329][T14259] binder: 14257:14259 ioctl c0306201 20000780 returned -14 [ 697.232807][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 [ 697.254053][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 697.254777][T14270] binder: 14263:14270 got transaction with invalid offset (0, min 40 max 40) or object. [ 697.271003][T14267] binder: BINDER_SET_CONTEXT_MGR already set 03:28:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 697.308722][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 697.315108][T14273] binder: 14257:14273 ioctl c0306201 20000780 returned -14 [ 697.322856][T14267] binder: 14258:14267 ioctl 40046207 0 returned -16 [ 697.331261][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 03:28:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4c000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 697.354137][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 [ 697.374474][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 03:28:00 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:28:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x100000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:01 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xf0ffffffffffff, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 697.529610][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 [ 697.540793][T14290] binder: BINDER_SET_CONTEXT_MGR already set [ 697.557668][T14290] binder: 14285:14290 ioctl 40046207 0 returned -16 [ 697.578529][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 697.585071][T14293] binder_alloc_new_buf_locked: 2 callbacks suppressed [ 697.585080][T14293] binder_alloc: 14285: binder_alloc_buf, no vma 03:28:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:01 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x6, 0x0, 0x0}) 03:28:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0}) 03:28:01 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x100000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x200000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x50000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 697.796565][T14310] binder: 14303:14310 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x60000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x300000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:01 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x200000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0}) [ 697.845973][T14310] binder: 14303:14310 ioctl c0306201 20000780 returned -14 [ 697.866311][T14319] binder: 14303:14319 ioctl c0306201 20000780 returned -14 03:28:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x68000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 697.945164][T14327] binder: 14324:14327 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:01 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x7, 0x0, 0x0}) [ 698.064271][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 698.070103][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 698.076182][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 698.077458][T14340] binder: 14339:14340 got transaction with invalid offset (0, min 40 max 40) or object. [ 698.081967][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 698.135941][T14340] binder: 14339:14340 ioctl c0306201 20000780 returned -14 03:28:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0}) 03:28:01 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x300000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x400000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6c000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 698.190842][T14345] binder: 14339:14345 ioctl c0306201 20000780 returned -14 03:28:01 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x48, 0x0, 0x0}) 03:28:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x74000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 698.284697][T14358] binder: 14355:14358 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:01 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x400000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:01 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 698.313773][T14362] binder: 14361:14362 ioctl c0306201 20000780 returned -14 [ 698.380872][T14369] binder: 14361:14369 ioctl c0306201 20000780 returned -14 03:28:01 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x500000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 698.421790][T14370] binder: BINDER_SET_CONTEXT_MGR already set 03:28:02 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x4c, 0x0, 0x0}) 03:28:02 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x500000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 698.484664][T14370] binder: 14364:14370 ioctl 40046207 0 returned -16 [ 698.587985][T14388] binder: 14387:14388 ioctl c0306201 20000780 returned -14 [ 698.632748][T14390] binder: 14387:14390 ioctl c0306201 20000780 returned -14 03:28:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x600000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7a000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:02 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x600000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:02 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x60, 0x0, 0x0}) 03:28:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 698.781436][T14396] binder: 14395:14396 ioctl c0306201 20000780 returned -14 [ 698.792846][T14401] binder: BINDER_SET_CONTEXT_MGR already set 03:28:02 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x700000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x700000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 698.831246][T14401] binder: 14400:14401 ioctl 40046207 0 returned -16 [ 698.838081][T14410] binder: 14395:14410 ioctl c0306201 20000780 returned -14 03:28:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0xfdfdffff}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0xa00000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 699.070163][T14427] binder_fixup_parent: 24 callbacks suppressed [ 699.070172][T14427] binder: 14426:14427 got transaction with invalid parent offset or type [ 699.142866][T14435] binder: 14426:14435 got transaction with invalid parent offset or type 03:28:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:02 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xa00000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:02 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x68, 0x0, 0x0}) 03:28:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x1000000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0xfffffdfd}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:02 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xe00000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 699.309367][T14444] binder: 14442:14444 ioctl c0306201 20000780 returned -14 [ 699.319240][T14448] binder: 14445:14448 got transaction with invalid parent offset or type [ 699.348289][T14455] binder: 14442:14455 ioctl c0306201 20000780 returned -14 03:28:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x2000000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:03 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x6c, 0x0, 0x0}) 03:28:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x100000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 699.421416][T14465] binder_alloc: 14445: binder_alloc_buf failed to map pages in userspace, no vma [ 699.458723][T14462] binder_alloc: 14445: binder_alloc_buf failed to map pages in userspace, no vma 03:28:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 699.553415][T14472] binder: 14470:14472 ioctl c0306201 20000780 returned -14 [ 699.583650][T14476] binder: 14475:14476 got transaction with invalid parent offset or type [ 699.612021][T14478] binder: 14470:14478 ioctl c0306201 20000780 returned -14 [ 699.625942][T14479] binder: 14475:14479 got transaction with invalid parent offset or type 03:28:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:03 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xf00000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x2800000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:03 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x74, 0x0, 0x0}) 03:28:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x200000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:03 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x2000000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 699.846291][T14486] binder: 14485:14486 got transaction with invalid parent offset or type [ 699.856248][T14496] binder: 14487:14496 ioctl c0306201 20000780 returned -14 [ 699.886227][T14500] binder: 14485:14500 got transaction with invalid parent offset or type 03:28:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x3800000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 699.901069][T14501] binder: 14487:14501 ioctl c0306201 20000780 returned -14 03:28:03 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x7a, 0x0, 0x0}) 03:28:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x300000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 699.982114][T14510] binder_alloc: 14485: binder_alloc_buf, no vma 03:28:03 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x4800000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 700.039216][T14513] binder_alloc: 14485: binder_alloc_buf, no vma [ 700.060985][T14515] binder: 14514:14515 ioctl c0306201 20000780 returned -14 [ 700.110562][T14521] binder: 14514:14521 ioctl c0306201 20000780 returned -14 [ 700.130014][T14524] binder: 14518:14524 got transaction with invalid parent offset or type [ 700.144267][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 700.150059][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 700.211470][T14527] binder: BINDER_SET_CONTEXT_MGR already set [ 700.246037][T14527] binder: 14518:14527 ioctl 40046207 0 returned -16 [ 700.250510][T14528] binder: 14518:14528 got transaction with invalid parent offset or type 03:28:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x3f00000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:03 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:03 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x300, 0x0, 0x0}) 03:28:03 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x4c00000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x400000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:03 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x4800000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:04 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x500, 0x0, 0x0}) [ 700.386040][T14542] binder: 14535:14542 ioctl c0306201 20000780 returned -14 [ 700.396746][T14540] binder: 14539:14540 got transaction with invalid parent offset or type [ 700.405142][T14548] binder: 14535:14548 ioctl c0306201 20000780 returned -14 03:28:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x0, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], 0x0}}}], 0x0, 0x0, 0x0}) 03:28:04 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x6000000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 700.491771][T14540] binder: BINDER_SET_CONTEXT_MGR already set [ 700.532323][T14540] binder: 14539:14540 ioctl 40046207 0 returned -16 [ 700.565572][T14561] binder: 14559:14561 ioctl c0306201 20000780 returned -14 03:28:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x4c00000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x0, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], 0x0}}}], 0x0, 0x0, 0x0}) [ 700.610599][T14565] binder: 14559:14565 ioctl c0306201 20000780 returned -14 03:28:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x500000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:04 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x6800000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x0, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], 0x0}}}], 0x0, 0x0, 0x0}) 03:28:04 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x600, 0x0, 0x0}) 03:28:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x6000000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 700.899827][T14586] binder: 14580:14586 ioctl c0306201 20000780 returned -14 [ 700.924949][ T7854] binder: release 14584:14590 transaction 8212 out, still active 03:28:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x600000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 700.945647][T14594] binder: 14580:14594 ioctl c0306201 20000780 returned -14 03:28:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x6800000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:04 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) [ 700.976816][T14598] binder: BINDER_SET_CONTEXT_MGR already set [ 700.978943][ T7854] binder: undelivered TRANSACTION_COMPLETE [ 700.982862][T14598] binder: 14597:14598 ioctl 40046207 0 returned -16 03:28:04 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x6c00000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:04 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x700, 0x0, 0x0}) [ 701.026608][T14598] binder_alloc: 14581: binder_alloc_buf, no vma [ 701.059618][T14604] binder_alloc: 14581: binder_alloc_buf, no vma [ 701.067414][ T7854] binder: send failed reply for transaction 8212, target dead 03:28:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x700000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 701.098456][T14602] binder_alloc: 14581: binder_alloc_buf, no vma [ 701.138332][T14613] binder: 14612:14613 ioctl c0306201 20000780 returned -14 [ 701.198328][T14617] binder: 14612:14617 ioctl c0306201 20000780 returned -14 [ 701.230381][T14620] binder: BINDER_SET_CONTEXT_MGR already set [ 701.255902][T14620] binder: 14619:14620 ioctl 40046207 0 returned -16 [ 701.344275][ C1] net_ratelimit: 2 callbacks suppressed [ 701.344284][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 701.344290][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 701.344329][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 701.349967][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 701.355816][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 701.361639][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 701.367517][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 701.373257][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:28:05 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x7400000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 03:28:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x6c00000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0xa00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:05 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x2000, 0x0, 0x0}) [ 701.483398][T14631] binder: 14630:14631 ioctl c0306201 20000780 returned -14 [ 701.515461][T14640] binder_transaction: 18 callbacks suppressed [ 701.515477][T14640] binder: 14635:14640 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0]}}}], 0x0, 0x0, 0x0}) 03:28:05 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x7a00000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 701.532277][T14642] binder: 14630:14642 got transaction with invalid offset (0, min 40 max 40) or object. [ 701.550067][T14642] binder: 14630:14642 ioctl c0306201 20000780 returned -14 03:28:05 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x3f00, 0x0, 0x0}) [ 701.634553][ T7860] binder: release 14647:14649 transaction 8239 out, still active [ 701.643615][ T7860] binder: undelivered TRANSACTION_COMPLETE [ 701.651257][T14640] binder_transaction: 117 callbacks suppressed [ 701.651274][T14640] binder: 14635:14640 transaction failed 29201/-22, size 40-16 line 3242 03:28:05 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x8000000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x1000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 701.684335][ T7860] binder: send failed reply for transaction 8239, target dead [ 701.711788][T14655] binder: 14654:14655 transaction failed 29189/-22, size 40-16 line 2995 03:28:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x7400000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 701.762149][T14659] binder: 14656:14659 transaction failed 29201/-22, size 64-16 line 3389 [ 701.787228][T14655] binder: 14654:14655 ioctl c0306201 20000780 returned -14 03:28:05 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x9effffff00000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 701.813652][T14664] binder: 14654:14664 got transaction with invalid offset (0, min 40 max 40) or object. [ 701.831383][T14659] binder: BINDER_SET_CONTEXT_MGR already set [ 701.840080][T14665] binder_alloc: 14656: binder_alloc_buf, no vma [ 701.855787][T14659] binder: 14656:14659 ioctl 40046207 0 returned -16 [ 701.871062][T14665] binder: 14663:14665 transaction failed 29189/-3, size 40-16 line 3148 [ 701.874280][T14664] binder: 14654:14664 transaction failed 29201/-22, size 40-16 line 3242 [ 701.889348][T14666] binder_alloc: 14656: binder_alloc_buf, no vma [ 701.906773][T14672] binder: 14663:14672 transaction failed 29189/-22, size 40-16 line 2995 03:28:05 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xc000000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 701.925873][T14668] binder_alloc: 14656: binder_alloc_buf, no vma [ 701.933366][T14666] binder: 14656:14666 transaction failed 29189/-3, size 64-16 line 3148 [ 701.941355][T14664] binder: 14654:14664 ioctl c0306201 20000780 returned -14 [ 701.964952][T14668] binder: 14667:14668 transaction failed 29189/-3, size 40-16 line 3148 03:28:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x7a00000000000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 702.062169][ T7860] binder_release_work: 116 callbacks suppressed [ 702.062176][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 702.062474][T14683] binder: 14680:14683 transaction failed 29189/-22, size 40-16 line 2995 [ 702.100976][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 03:28:05 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x2000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:05 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x4800, 0x0, 0x0}) 03:28:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:05 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xc00e000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 702.111108][T14684] binder: 14680:14684 transaction failed 29189/-22, size 40-16 line 2995 [ 702.121243][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 [ 702.173132][T14689] binder: 14688:14689 ioctl c0306201 20000780 returned -14 [ 702.191511][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 702.207343][T14694] binder: BINDER_SET_CONTEXT_MGR already set 03:28:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0xfdfdffff00000000, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 702.246105][T14694] binder: 14693:14694 ioctl 40046207 0 returned -16 [ 702.248898][T14698] binder_alloc: 14693: binder_alloc_buf, no vma [ 702.260210][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 702.278813][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 03:28:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x2800000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 702.299361][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 [ 702.320536][T14698] binder: 14688:14698 ioctl c0306201 20000780 returned -14 [ 702.328707][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 702.342503][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 03:28:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x2, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x18]}}}], 0x0, 0x0, 0x0}) 03:28:05 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xe03f030000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 702.370892][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 03:28:05 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x4c00, 0x0, 0x0}) [ 702.472527][T14719] binder: 14717:14719 got transaction with invalid offset (0, min 40 max 40) or object. [ 702.504175][T14723] binder: 14722:14723 got transaction with invalid offset (0, min 40 max 40) or object. [ 702.504359][T14724] binder: 14712:14724 got transaction with invalid offset (24, min 0 max 40) or object. [ 702.532498][T14726] binder: 14717:14726 got transaction with invalid offset (0, min 40 max 40) or object. [ 702.577767][T14723] binder: 14722:14723 ioctl c0306201 20000780 returned -14 [ 702.609464][T14729] binder: 14722:14729 ioctl c0306201 20000780 returned -14 03:28:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x3800000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:06 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xe60d000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x18]}}}], 0x0, 0x0, 0x0}) 03:28:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x3, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:06 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x6000, 0x0, 0x0}) 03:28:06 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xeffdffff00000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 702.788931][T14739] binder: 14737:14739 got transaction with invalid offset (0, min 40 max 40) or object. [ 702.792537][T14745] binder: 14735:14745 got transaction with invalid offset (24, min 0 max 40) or object. [ 702.816288][T14744] binder: 14742:14744 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x18]}}}], 0x0, 0x0, 0x0}) 03:28:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x4, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 702.913860][T14744] binder: 14742:14744 ioctl c0306201 20000780 returned -14 03:28:06 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xf0ffffff00000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 702.977733][T14757] binder: BINDER_SET_CONTEXT_MGR already set [ 702.994809][T14757] binder: 14751:14757 ioctl 40046207 0 returned -16 [ 703.006483][T14764] binder: 14742:14764 ioctl c0306201 20000780 returned -14 03:28:06 executing program 3: socket$inet6(0xa, 0x10000000000003, 0x3a) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000015c0)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0xb) r2 = dup2(r1, r1) sendmsg$IPVS_CMD_GET_CONFIG(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="b6b6db4967c83eb5831c2e5f660d8c923460b593a404008b666e3ee7bf606b850008000000000000191cfadfd2f3d4b1de080076c1ffff59bcb6d1011df1ad065fdbb4339c8b4eabbdb0e00a1f3535ae1c785c4cafcbe089169c9ba92bfbae51a9439027d34236fffff9657a573f0d55b5d24c3ddf9fed0bfb3014a4e338cd9e0c0d95000000001db45580572275b3830565080e89edb06096ac60dab911ec6d81bafa59b476efd1f210b430956d7a5dab0adb5e5bb18769e6b628c1ac44288cdbc93d27fd005bdebd9a9d48c43ea7f75ae3434267fdbe19ad7f00090000008d"], 0x1}}, 0x44801) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) sendto$inet(r1, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, 0x0) ioctl$VIDIOC_DQEVENT(r2, 0x80785659, &(0x7f00000003c0)={0x0, @ctrl={0x0, 0x0, @value64}}) fgetxattr(r1, &(0x7f0000000040)=@known='com.apple.FinderInfo\x00', &(0x7f00000012c0)=""/184, 0xb8) r3 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000240), 0x0) ioctl$KDSKBLED(r3, 0x4b65, 0x0) r4 = epoll_create1(0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x0, &(0x7f00000000c0)=0x7fff, 0x4) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_DEL_SERVICE(r2, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0}, 0x40) getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, 0x0, 0x0) close(0xffffffffffffffff) ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, 0x0) fcntl$setlease(r0, 0x400, 0x1) ioctl(r4, 0x1000, &(0x7f0000000180)="7448ffa8f12ebf10a38a479be89557aa2639d2973035da7b4eee99287043e4fb3853c70c6d82f26dfaae5bab80c0a1f9e7eeb654fa66ebf3f9840b24bbf775938bfbb171aefd01fb0307669b07359fb1b352804703aa69c8e25893cd4a8e") ioctl$VIDIOC_G_PRIORITY(r3, 0x80045643, 0x1) 03:28:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4800000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:06 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x5, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:06 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x6800, 0x0, 0x0}) 03:28:06 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xff03000000000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1000000}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 703.390558][T14789] binder: 14787:14789 ioctl c0306201 20000780 returned -14 03:28:07 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xffffff7f00000000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 703.453325][T14798] binder: 14787:14798 ioctl c0306201 20000780 returned -14 03:28:07 executing program 3: r0 = socket$inet6(0xa, 0x10000000000003, 0x3a) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="2c0271", 0x3}], 0x1}, 0xc100) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)="d09a0e633a476288b671afdbd53a5994e137381f62021d1951b627b8dda57a5d17d744648c81c5703ed8146ab1", 0x2d}], 0x1}, 0x900000000000000) 03:28:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x6, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x4c00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:07 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x6c00, 0x0, 0x0}) 03:28:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x7, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 703.642213][T14811] IPv6 header not found [ 703.688811][T14811] IPv6 header not found [ 703.690664][T14820] binder: 14816:14820 ioctl c0306201 20000780 returned -14 [ 703.755787][T14824] binder: 14816:14824 ioctl c0306201 20000780 returned -14 03:28:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:07 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0xfffffffffffff000, &(0x7f0000000100)}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x5000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0, 0x500}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0xa, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:07 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x7400, 0x0, 0x0}) 03:28:07 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:07 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x2}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 703.976874][T14839] binder: 14831:14839 ioctl c0306201 20000780 returned -14 03:28:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 704.036443][T14846] binder: BINDER_SET_CONTEXT_MGR already set [ 704.057425][T14849] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 704.068398][T14850] binder: 14831:14850 ioctl c0306201 20000780 returned -14 [ 704.075927][T14846] binder: 14844:14846 ioctl 40046207 0 returned -16 03:28:07 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x10, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:07 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x7a00, 0x0, 0x0}) [ 704.119036][T14855] binder_fixup_parent: 18 callbacks suppressed [ 704.119046][T14855] binder: 14853:14855 got transaction with invalid parent offset or type 03:28:07 executing program 3: r0 = socket$inet6(0xa, 0x10000000000003, 0x3a) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="2c0271", 0x3}], 0x1}, 0xc100) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)="d09a0e633a476288b671afdbd53a5994e137381f62021d1951b627b8dda57a5d17d744648c81c5703ed8146ab1", 0x2d}], 0x1}, 0x7000000) [ 704.187188][T14855] binder: BINDER_SET_CONTEXT_MGR already set [ 704.232379][T14855] binder: 14853:14855 ioctl 40046207 0 returned -16 [ 704.234618][T14864] binder: 14863:14864 ioctl c0306201 20000780 returned -14 [ 704.271804][T14867] IPv6 header not found [ 704.294653][T14867] IPv6 header not found [ 704.304275][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 704.310371][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 704.339612][T14869] binder: 14863:14869 ioctl c0306201 20000780 returned -14 03:28:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6800000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x28, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x5e, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:08 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x1000000, 0x0, 0x0}) 03:28:08 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x3}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 704.580356][T14882] binder: 14880:14882 ioctl c0306201 20000780 returned -14 [ 704.595440][T14883] binder: 14881:14883 got transaction with invalid parent offset or type [ 704.604936][T14885] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 704.616796][T14887] binder: 14881:14887 got transaction with invalid parent offset or type 03:28:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x38, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x4, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 704.644546][T14889] binder: 14880:14889 ioctl c0306201 20000780 returned -14 03:28:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x6c00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x48, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:08 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x2000000, 0x0, 0x0}) 03:28:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c00000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 704.829815][T14902] binder: 14901:14902 got transaction with invalid parent offset or type [ 704.905009][T14910] binder: 14907:14910 ioctl c0306201 20000780 returned -14 [ 704.916200][T14909] binder: 14901:14909 got transaction with invalid parent offset or type [ 704.934528][T14911] binder: 14907:14911 ioctl c0306201 20000780 returned -14 03:28:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x4c, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7400000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:08 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x28, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:08 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x3000000, 0x0, 0x0}) 03:28:08 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x4}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 705.191414][T14926] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 705.209217][T14930] binder: 14928:14930 ioctl c0306201 20000780 returned -14 [ 705.219991][T14927] binder: 14925:14927 got transaction with invalid parent offset or type [ 705.229348][T14931] binder: BINDER_SET_CONTEXT_MGR already set 03:28:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x60, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 705.242151][T14931] binder: 14929:14931 ioctl 40046207 0 returned -16 [ 705.256280][T14935] binder: 14928:14935 ioctl c0306201 20000780 returned -14 [ 705.275544][T14931] binder: 14929:14931 got transaction with invalid parent offset or type 03:28:08 executing program 3 (fault-call:1 fault-nth:0): r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 705.310549][T14931] binder: BINDER_SET_CONTEXT_MGR already set [ 705.346128][T14931] binder: 14929:14931 ioctl 40046207 0 returned -16 03:28:08 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x4000000, 0x0, 0x0}) [ 705.376632][T14944] FAULT_INJECTION: forcing a failure. [ 705.376632][T14944] name failslab, interval 1, probability 0, space 0, times 0 [ 705.441064][T14947] binder: 14946:14947 ioctl c0306201 20000780 returned -14 [ 705.446004][T14944] CPU: 0 PID: 14944 Comm: syz-executor.3 Not tainted 5.1.0-rc5+ #71 [ 705.456305][T14944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 705.466405][T14944] Call Trace: [ 705.469731][T14944] dump_stack+0x172/0x1f0 [ 705.474090][T14944] should_fail.cold+0xa/0x15 [ 705.475234][T14948] binder: 14946:14948 ioctl c0306201 20000780 returned -14 [ 705.478713][T14944] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 705.478734][T14944] ? ___might_sleep+0x163/0x280 [ 705.478759][T14944] __should_failslab+0x121/0x190 [ 705.501740][T14944] should_failslab+0x9/0x14 [ 705.506257][T14944] kmem_cache_alloc_trace+0x2d1/0x760 [ 705.511738][T14944] ? kasan_check_read+0x11/0x20 [ 705.516602][T14944] ? do_raw_spin_unlock+0x57/0x270 [ 705.521785][T14944] ? _raw_spin_unlock+0x2d/0x50 [ 705.526649][T14944] binder_get_thread+0x1db/0x7c0 [ 705.531606][T14944] ? __might_sleep+0x95/0x190 [ 705.536291][T14944] binder_ioctl+0x1e5/0x183b [ 705.536309][T14944] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 705.536326][T14944] ? binder_thread_write+0x2820/0x2820 [ 705.536339][T14944] ? tomoyo_path_number_perm+0x263/0x520 [ 705.536354][T14944] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 705.536376][T14944] ? __fget+0x35a/0x550 [ 705.536397][T14944] ? binder_thread_write+0x2820/0x2820 [ 705.536415][T14944] do_vfs_ioctl+0xd6e/0x1390 [ 705.536434][T14944] ? ioctl_preallocate+0x210/0x210 [ 705.536448][T14944] ? __fget+0x381/0x550 [ 705.536469][T14944] ? ksys_dup3+0x3e0/0x3e0 [ 705.536499][T14944] ? tomoyo_file_ioctl+0x23/0x30 [ 705.564301][T14944] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 705.564320][T14944] ? security_file_ioctl+0x93/0xc0 [ 705.564339][T14944] ksys_ioctl+0xab/0xd0 [ 705.564358][T14944] __x64_sys_ioctl+0x73/0xb0 [ 705.564380][T14944] do_syscall_64+0x103/0x610 [ 705.573985][T14944] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 705.573999][T14944] RIP: 0033:0x458c29 03:28:09 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x5000000, 0x0, 0x0}) 03:28:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x7a00000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x68, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 705.574015][T14944] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 705.574022][T14944] RSP: 002b:00007f1dc2d74c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 705.592298][T14944] RAX: ffffffffffffffda RBX: 00007f1dc2d74c90 RCX: 0000000000458c29 [ 705.608636][T14944] RDX: 0000000020000780 RSI: 00000000c0306201 RDI: 0000000000000003 [ 705.608645][T14944] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 705.608654][T14944] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1dc2d756d4 [ 705.608663][T14944] R13: 00000000004bff7b R14: 00000000004d22e8 R15: 0000000000000004 [ 705.639500][T14944] binder: 14943:14944 ioctl c0306201 20000780 returned -12 [ 705.718260][T14956] binder: 14953:14956 ioctl c0306201 20000780 returned -14 [ 705.728204][T14957] binder: 14954:14957 got transaction with invalid parent offset or type [ 705.739312][T14960] binder: 14953:14960 ioctl c0306201 20000780 returned -14 [ 705.753807][T14962] binder: 14954:14962 got transaction with invalid parent offset or type 03:28:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x6c, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:09 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x6000000, 0x0, 0x0}) 03:28:09 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x5}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:09 executing program 3 (fault-call:1 fault-nth:1): r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0x8000000000000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 705.886668][T14971] binder: 14970:14971 ioctl c0306201 20000780 returned -14 [ 705.921688][T14976] binder: 14970:14976 ioctl c0306201 20000780 returned -14 03:28:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x74, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 705.935269][T14975] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:28:09 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x7000000, 0x0, 0x0}) 03:28:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 706.002844][T14985] binder: 14983:14985 got transaction with invalid parent offset or type 03:28:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x7a, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x2, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 706.103848][T14991] binder: 14989:14991 ioctl c0306201 20000780 returned -14 03:28:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0xfdfdffff00000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 706.150228][T14997] binder_alloc: 14983: binder_alloc_buf, no vma [ 706.190359][T15000] binder: 14989:15000 ioctl c0306201 20000780 returned -14 03:28:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:09 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x300, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:09 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 706.381056][T14984] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:28:10 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x6}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85, 0x0, 0x0, 0xffffffff00000000}, @ptr={0x70742a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:10 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x20000000, 0x0, 0x0}) 03:28:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5450, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x500, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 706.610279][T15028] binder_transaction: 29 callbacks suppressed [ 706.610294][T15028] binder: 15025:15028 got transaction with invalid offset (0, min 40 max 40) or object. [ 706.612062][T15030] binder: 15029:15030 got transaction with invalid offset (0, min 40 max 40) or object. [ 706.650316][T15032] binder: 15025:15032 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5451, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x66642a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 706.665009][T15034] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 706.680077][T15030] binder_transaction: 111 callbacks suppressed [ 706.680093][T15030] binder: 15029:15030 transaction failed 29201/-22, size 40-16 line 3242 [ 706.693005][T15032] binder: 15025:15032 transaction failed 29201/-22, size 40-16 line 3242 [ 706.705154][T15030] binder: 15029:15030 ioctl c0306201 20000780 returned -14 [ 706.743039][T15040] binder: 15038:15040 got transaction with fd, 0, but target does not allow fds 03:28:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x600, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5452, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 706.805673][T15040] binder: 15038:15040 transaction failed 29201/-1, size 64-16 line 3292 [ 706.816419][T15044] binder: 15029:15044 got transaction with invalid offset (0, min 40 max 40) or object. [ 706.829543][T15044] binder: 15029:15044 transaction failed 29201/-22, size 40-16 line 3242 [ 706.870067][T15040] binder: BINDER_SET_CONTEXT_MGR already set [ 706.883594][T15044] binder: 15029:15044 ioctl c0306201 20000780 returned -14 [ 706.901760][T15049] binder: 15048:15049 transaction failed 29189/-22, size 40-16 line 2995 [ 706.911863][T15046] binder: 15038:15046 transaction failed 29189/-22, size 64-16 line 2995 [ 706.936719][T15040] binder: 15038:15040 ioctl 40046207 0 returned -16 03:28:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:10 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x7}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x5460, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:10 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x3f000000, 0x0, 0x0}) 03:28:10 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x700, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x66646185, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 707.194563][T15060] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 707.223548][T15068] binder: 15067:15068 got transaction with invalid parent offset or type [ 707.238007][T15064] binder: 15063:15064 got transaction with invalid offset (0, min 40 max 40) or object. [ 707.249343][T15066] binder: 15065:15066 got transaction with invalid offset (0, min 40 max 40) or object. [ 707.267599][T15068] binder: 15067:15068 transaction failed 29201/-22, size 64-16 line 3318 03:28:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 707.288812][T15064] binder: 15063:15064 transaction failed 29201/-22, size 40-16 line 3242 [ 707.319417][T15066] binder: 15065:15066 transaction failed 29201/-22, size 40-16 line 3242 [ 707.351875][ T7854] binder_release_work: 110 callbacks suppressed [ 707.351917][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 707.366760][T15076] binder: 15067:15076 got transaction with invalid parent offset or type [ 707.377349][T15077] binder: 15065:15077 got transaction with invalid offset (0, min 40 max 40) or object. [ 707.387482][T15076] binder: 15067:15076 transaction failed 29201/-22, size 64-16 line 3318 [ 707.403179][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 707.410787][T15064] binder: 15063:15064 ioctl c0306201 20000780 returned -14 03:28:10 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046207, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 707.427414][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 707.462634][T15079] binder: 15063:15079 got transaction with invalid offset (0, min 40 max 40) or object. [ 707.463274][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 03:28:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0xa00, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x73622a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 707.499131][T15081] binder: BINDER_SET_CONTEXT_MGR already set [ 707.548400][T15081] binder: 15080:15081 ioctl 40046207 20000780 returned -16 [ 707.559661][T15079] binder: 15063:15079 ioctl c0306201 20000780 returned -14 [ 707.570250][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 707.586782][T15085] binder_alloc: 15067: binder_alloc_buf, no vma [ 707.607215][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 707.636754][T15088] binder_alloc: 15067: binder_alloc_buf, no vma [ 707.644405][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 [ 707.650986][T15087] binder: BINDER_SET_CONTEXT_MGR already set [ 707.664349][ C0] net_ratelimit: 2 callbacks suppressed [ 707.664357][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 707.674315][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 707.675767][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 707.681540][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 707.687303][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 707.693022][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 707.698770][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:28:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:11 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x48000000, 0x0, 0x0}) [ 707.704499][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 707.749759][T15087] binder: 15086:15087 ioctl 40046207 0 returned -16 [ 707.749799][T15089] binder_alloc: 15067: binder_alloc_buf, no vma [ 707.762919][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 [ 707.789878][T15095] binder: 15093:15095 ioctl c0306201 20000780 returned -14 [ 707.830115][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 707.840513][T15097] binder: 15093:15097 ioctl c0306201 20000780 returned -14 [ 707.872402][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 03:28:11 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x2000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40049409, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:11 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xa}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 707.931051][ T7854] binder: release 15086:15089 transaction 8467 out, still active [ 707.952357][ T7854] binder: unexpected work type, 4, not freed 03:28:11 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x4c000000, 0x0, 0x0}) 03:28:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x73682a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 707.998250][T15109] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 708.014877][T15104] binder: 15103:15104 got transaction with invalid offset (0, min 40 max 40) or object. [ 708.035385][ T7854] binder: undelivered TRANSACTION_COMPLETE [ 708.073641][ T7854] binder: send failed reply for transaction 8467, target dead [ 708.092711][T15114] binder: 15113:15114 ioctl c0306201 20000780 returned -14 03:28:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4018620d, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 708.126758][T15119] binder: 15117:15119 got transaction with invalid handle, 0 [ 708.158801][T15121] binder: BINDER_SET_CONTEXT_MGR already set 03:28:11 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x2800, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 708.187075][T15122] binder: 15113:15122 got transaction with invalid offset (0, min 40 max 40) or object. [ 708.197400][T15123] binder_alloc: 15117: binder_alloc_buf, no vma [ 708.209690][T15121] binder: 15120:15121 ioctl 4018620d 20000780 returned -16 [ 708.241557][T15122] binder: 15113:15122 ioctl c0306201 20000780 returned -14 [ 708.250520][T15126] binder_alloc: 15117: binder_alloc_buf failed to map pages in userspace, no vma 03:28:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x77622a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 708.301535][T15127] binder_alloc: 15117: binder_alloc_buf failed to map pages in userspace, no vma 03:28:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x4020940d, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:11 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x60000000, 0x0, 0x0}) [ 708.411871][ T7860] binder: release 15130:15131 transaction 8483 out, still active [ 708.423502][T15131] binder: BINDER_SET_CONTEXT_MGR already set [ 708.429745][ T7860] binder: unexpected work type, 4, not freed [ 708.454039][ T7860] binder: undelivered TRANSACTION_COMPLETE [ 708.465011][T15131] binder: 15130:15131 ioctl 40046207 0 returned -16 [ 708.478286][T15137] binder_alloc: 15130: binder_alloc_buf, no vma [ 708.480871][ T7860] binder: send failed reply for transaction 8483, target dead 03:28:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 708.520311][T15137] binder: 15136:15137 ioctl c0306201 20000780 returned -14 [ 708.552949][T15140] binder: 15136:15140 ioctl c0306201 20000780 returned -14 03:28:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x3800, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:12 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xe}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x77682a85, 0xffffff7f, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:12 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x68000000, 0x0, 0x0}) [ 708.725401][T15153] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 708.757326][T15157] binder: 15155:15157 got transaction with invalid handle, 0 03:28:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x3f00, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 708.775025][T15160] binder: 15158:15160 ioctl c0306201 20000780 returned -14 [ 708.790335][T15161] binder: 15155:15161 got transaction with invalid handle, 0 03:28:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0x1000000, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 708.835666][T15166] binder: 15158:15166 ioctl c0306201 20000780 returned -14 03:28:12 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x6c000000, 0x0, 0x0}) 03:28:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620b, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x4800, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 708.964295][ T7854] binder: release 15173:15174 transaction 8504 out, still active [ 708.972060][ T7854] binder: unexpected work type, 4, not freed [ 708.984739][T15174] binder: BINDER_SET_CONTEXT_MGR already set [ 709.005751][ T7854] binder: undelivered TRANSACTION_COMPLETE [ 709.042218][T15174] binder: 15173:15174 ioctl 40046207 0 returned -16 [ 709.042252][T15180] binder_alloc: 15173: binder_alloc_buf, no vma [ 709.058959][ T7854] binder: send failed reply for transaction 8504, target dead [ 709.098359][T15180] binder: 15177:15180 ioctl c0306201 20000780 returned -14 [ 709.166951][T15187] binder: 15177:15187 ioctl c0306201 20000780 returned -14 03:28:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc018620c, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x4c00, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x2}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:12 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x74000000, 0x0, 0x0}) 03:28:12 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xf}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 709.326751][T15200] binder: 15193:15200 ioctl c0306201 20000780 returned -14 [ 709.338110][T15195] binder: 15194 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero. [ 709.338128][T15195] binder: 15194:15195 ioctl c018620c 20000780 returned -22 [ 709.342657][T15199] binder: 15198:15199 got transaction with too large buffer [ 709.348945][T15197] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:28:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x6000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:13 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x7a000000, 0x0, 0x0}) [ 709.376014][T15206] binder: 15193:15206 ioctl c0306201 20000780 returned -14 [ 709.394795][T15208] binder: 15198:15208 got transaction with too large buffer 03:28:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0189436, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x3}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 709.502982][T15217] binder: 15216:15217 ioctl c0306201 20000780 returned -14 03:28:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x6800, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 709.565940][T15222] binder: 15216:15222 ioctl c0306201 20000780 returned -14 03:28:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc020660b, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 709.629750][T15225] binder: 15223:15225 got transaction with too large buffer [ 709.675753][T15230] binder: 15223:15230 got transaction with too large buffer [ 709.744279][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 709.744307][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:28:13 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:13 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0xfdfdffff, 0x0, 0x0}) 03:28:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x6c00, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x2, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:13 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x48}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 709.929475][T15243] binder: 15242:15243 unknown command 16456 [ 709.954989][T15243] binder: 15242:15243 ioctl c0306201 20000780 returned -22 [ 709.964901][T15244] binder: 15240:15244 got transaction with too large buffer 03:28:13 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x4c}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x10, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 709.976613][T15251] binder: 15246:15251 ioctl c0306201 20000780 returned -14 [ 709.994759][T15253] binder: 15246:15253 ioctl c0306201 20000780 returned -14 [ 709.998993][T15254] binder: 15240:15254 got transaction with too large buffer 03:28:13 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0xfffffdfd, 0x0, 0x0}) 03:28:13 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x7400, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 710.125496][T15262] binder: 15260:15262 unknown command 0 [ 710.145449][T15262] binder: 15260:15262 ioctl c0306201 20000780 returned -22 03:28:13 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x28, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x5}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 710.173806][T15268] binder: 15267:15268 ioctl c0306201 20000780 returned -14 [ 710.220017][T15272] binder: 15267:15272 ioctl c0306201 20000780 returned -14 [ 710.252075][T15277] binder: 15274:15277 unknown command 0 [ 710.259252][T15276] binder: 15273:15276 got transaction with too large buffer [ 710.292383][T15277] binder: 15274:15277 ioctl c0306201 20000780 returned -22 [ 710.327273][T15281] binder: 15273:15281 got transaction with too large buffer 03:28:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:14 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x60}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x7a00, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:14 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x100000000000000, 0x0, 0x0}) 03:28:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x38, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 710.513704][T15297] binder: 15286:15297 unknown command 0 [ 710.515337][T15293] binder: 15291:15293 got transaction with too large buffer [ 710.520358][T15296] binder: 15289:15296 ioctl c0306201 20000780 returned -14 [ 710.532123][T15298] binder: 15291:15298 got transaction with too large buffer 03:28:14 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x68}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x1000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 710.574346][T15297] binder: 15286:15297 ioctl c0306201 20000780 returned -22 [ 710.643605][T15304] binder: BINDER_SET_CONTEXT_MGR already set [ 710.682425][T15311] binder: 15289:15311 ioctl c0306201 20000780 returned -14 03:28:14 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x6c}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x2800, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x2000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 710.693087][T15304] binder: 15302:15304 ioctl 40046207 0 returned -16 03:28:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:14 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x200000000000000, 0x0, 0x0}) 03:28:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0xa}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:14 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x74}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x3000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x3800, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:14 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x7a}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:14 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x4000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 711.051646][T15341] binder: 15334:15341 ioctl c0306201 20000780 returned -14 03:28:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x1000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x10}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 711.108794][T15346] binder: 15334:15346 ioctl c0306201 20000780 returned -14 03:28:14 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x300000000000000, 0x0, 0x0}) 03:28:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x2000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 711.308211][T15366] binder: 15364:15366 ioctl c0306201 20000780 returned -14 [ 711.352625][T15371] binder: 15364:15371 ioctl c0306201 20000780 returned -14 03:28:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x5000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:15 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xc0}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x28}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x10000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x400000000000000, 0x0, 0x0}) [ 711.529464][T15377] binder: 15376:15377 ioctl c0306201 20000780 returned -14 03:28:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x6000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x28000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 711.575648][T15389] binder: BINDER_SET_CONTEXT_MGR already set [ 711.612110][T15389] binder: 15381:15389 ioctl 40046207 0 returned -16 03:28:15 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xf0}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 711.624576][T15391] binder_transaction: 23 callbacks suppressed [ 711.624591][T15391] binder: 15376:15391 got transaction with invalid offset (0, min 40 max 40) or object. [ 711.651356][T15393] binder: 15392:15393 got transaction with invalid offset (0, min 40 max 40) or object. [ 711.686444][T15393] binder_transaction: 84 callbacks suppressed [ 711.686462][T15393] binder: 15392:15393 transaction failed 29201/-22, size 40-16 line 3242 [ 711.716810][T15391] binder: 15376:15391 transaction failed 29201/-22, size 40-16 line 3242 03:28:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x38}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x38000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 711.738683][T15391] binder: 15376:15391 ioctl c0306201 20000780 returned -14 [ 711.753306][T15405] binder: 15392:15405 transaction failed 29189/-22, size 40-16 line 2995 03:28:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x500000000000000, 0x0, 0x0}) [ 711.871496][T15412] binder: 15411:15412 transaction failed 29201/-22, size 64-16 line 3357 [ 711.905096][T15415] binder: 15410:15415 got transaction with invalid offset (0, min 40 max 40) or object. [ 711.922919][T15417] binder: 15411:15417 transaction failed 29201/-22, size 64-16 line 3357 [ 711.933763][T15415] binder: 15410:15415 transaction failed 29201/-22, size 40-16 line 3242 [ 711.963802][T15415] binder: 15410:15415 ioctl c0306201 20000780 returned -14 [ 712.003552][T15419] binder: 15410:15419 transaction failed 29189/-22, size 40-16 line 2995 [ 712.003580][T15419] binder: 15410:15419 ioctl c0306201 20000780 returned -14 03:28:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:15 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x300}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x7000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x66642a85, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x48}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x600000000000000, 0x0, 0x0}) [ 712.114760][T15432] binder: 15426:15432 transaction failed 29189/-22, size 40-16 line 2995 [ 712.116885][T15431] binder: 15424:15431 transaction failed 29201/-22, size 64-16 line 3357 [ 712.131313][T15433] binder: 15425:15433 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x66646185, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:15 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x500}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 712.161782][T15436] binder: 15424:15436 transaction failed 29201/-22, size 64-16 line 3357 [ 712.179495][T15433] binder: 15425:15433 ioctl c0306201 20000780 returned -14 [ 712.194546][T15440] binder: 15426:15440 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4c}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 712.234423][T15445] binder: 15425:15445 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:15 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x600}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:15 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x70742a85, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0xa000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 712.358976][ T2916] binder_release_work: 90 callbacks suppressed [ 712.358985][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 712.375147][T15451] binder: BINDER_SET_CONTEXT_MGR already set [ 712.394041][T15445] binder: 15425:15445 ioctl c0306201 20000780 returned -14 [ 712.404380][T15451] binder: 15450:15451 ioctl 40046207 0 returned -16 [ 712.438426][T15462] binder: 15456:15462 got transaction with invalid offset (0, min 40 max 40) or object. [ 712.449252][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 712.497325][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 712.511358][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 712.517874][T15464] binder: 15456:15464 got transaction with invalid offset (0, min 40 max 40) or object. [ 712.599246][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 03:28:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x73622a85, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x50}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:16 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x700}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:16 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x700000000000000, 0x0, 0x0}) 03:28:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x10000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 712.691157][ T7854] binder: undelivered TRANSACTION_ERROR: 29189 [ 712.700536][T15481] binder: 15474:15481 got transaction with invalid offset (0, min 40 max 40) or object. [ 712.714439][T15479] binder: 15478:15479 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x73682a85, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:16 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xa00}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 712.738200][T15471] binder: BINDER_SET_CONTEXT_MGR already set [ 712.747264][T15471] binder: 15470:15471 ioctl 40046207 0 returned -16 [ 712.757088][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 712.763377][T15479] binder: 15478:15479 ioctl c0306201 20000780 returned -14 [ 712.766564][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 03:28:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x60}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 712.804126][T15487] binder: 15478:15487 ioctl c0306201 20000780 returned -14 [ 712.827150][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 712.833416][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 03:28:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x20000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:16 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x2000000000000000, 0x0, 0x0}) 03:28:16 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xde6}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 713.004859][T15504] binder: 15503:15504 ioctl c0306201 20000780 returned -14 [ 713.036643][T15511] binder: 15503:15511 ioctl c0306201 20000780 returned -14 03:28:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x68}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x77622a85, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:16 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xe00}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x28000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:16 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x3f00000000000000, 0x0, 0x0}) [ 713.212478][T15523] binder: 15522:15523 ioctl c0306201 20000780 returned -14 [ 713.235958][T15531] binder: 15522:15531 ioctl c0306201 20000780 returned -14 03:28:16 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x77682a85, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:16 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xec0}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:16 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x38000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6c}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:16 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x4800000000000000, 0x0, 0x0}) 03:28:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x3f000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:17 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xf00}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a6273, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 713.436152][T15546] binder: BINDER_SET_CONTEXT_MGR already set [ 713.469232][T15546] binder: 15545:15546 ioctl 40046207 0 returned -16 [ 713.531855][T15554] binder: 15553:15554 ioctl c0306201 20000780 returned -14 03:28:17 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x2000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a6277, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 713.607695][T15565] binder: 15553:15565 ioctl c0306201 20000780 returned -14 03:28:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x74}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a6466, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x48000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:17 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x4c00000000000000, 0x0, 0x0}) 03:28:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:17 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x4800}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 713.830287][T15583] binder: 15582:15583 ioctl c0306201 20000780 returned -14 03:28:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x4c000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a6873, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7a}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 713.870885][T15592] binder_alloc: 15578: binder_alloc_buf failed to map pages in userspace, no vma 03:28:17 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x4c00}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 713.919836][T15592] binder: 15582:15592 ioctl c0306201 20000780 returned -14 03:28:17 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x6000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:17 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x6000000000000000, 0x0, 0x0}) 03:28:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x60000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x300}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a6877, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 714.161256][T15621] binder: 15617:15621 ioctl c0306201 20000780 returned -14 [ 714.197314][T15626] binder: 15617:15626 ioctl c0306201 20000780 returned -14 [ 714.205339][T15622] binder: BINDER_SET_CONTEXT_MGR already set 03:28:17 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x6800}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 714.224466][T15622] binder: 15620:15622 ioctl 40046207 0 returned -16 03:28:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:17 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x6800000000000000, 0x0, 0x0}) 03:28:17 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x68000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:17 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a7470, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x500}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:17 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x6c00}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 714.441926][T15640] binder_transaction: 23 callbacks suppressed [ 714.441935][T15640] binder: 15639:15640 got transaction with too large buffer [ 714.444902][T15642] binder: 15641:15642 ioctl c0306201 20000780 returned -14 03:28:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x6c000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x85616466, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 714.483884][T15653] binder: 15639:15653 got transaction with too large buffer 03:28:18 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x7400}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 714.542797][T15659] binder: 15641:15659 ioctl c0306201 20000780 returned -14 03:28:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x74000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:18 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x6c00000000000000, 0x0, 0x0}) 03:28:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0xfdfdffff, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 714.704270][ C1] net_ratelimit: 11 callbacks suppressed [ 714.704279][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 714.715771][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 714.721604][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 714.727432][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 714.786043][T15677] binder: 15676:15677 ioctl c0306201 20000780 returned -14 [ 714.811573][T15679] binder: 15676:15679 ioctl c0306201 20000780 returned -14 03:28:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x600}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:18 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x7a00}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0xfffffdfd, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x7a000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:18 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x7400000000000000, 0x0, 0x0}) 03:28:18 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xc000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 714.935396][T15690] binder: 15688:15690 got transaction with too large buffer [ 714.967882][T15698] binder: 15687:15698 ioctl c0306201 20000780 returned -14 03:28:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x100000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 714.999932][T15700] binder: 15688:15700 got transaction with too large buffer [ 715.014481][T15704] binder: 15687:15704 ioctl c0306201 20000780 returned -14 03:28:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0xfdfdffff, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:18 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xc00e}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x700}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x200000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 715.166579][T15716] binder: 15714:15716 got transaction with too large buffer [ 715.221763][T15721] binder: 15714:15721 got transaction with too large buffer 03:28:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}, 0x0}], 0x1c3, 0x0) 03:28:18 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x7a00000000000000, 0x0, 0x0}) 03:28:18 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0xfffffdfd, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:18 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xe60d}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x1000000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0xa00}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 715.427153][T15730] binder: 15729:15730 ioctl c0306201 20000780 returned -14 [ 715.455261][T15732] binder: 15731:15732 got transaction with too large buffer 03:28:19 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xf000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x100000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 715.476286][T15744] binder: 15729:15744 ioctl c0306201 20000780 returned -14 [ 715.485782][T15732] binder: BINDER_SET_CONTEXT_MGR already set [ 715.501022][T15732] binder: 15731:15732 ioctl 40046207 0 returned -16 03:28:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x2800000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:19 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0xfdfdffff00000000, 0x0, 0x0}) [ 715.562600][T15743] binder: 15731:15743 got transaction with too large buffer 03:28:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x200000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:19 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xff03}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 715.659803][T15759] binder: 15758:15759 ioctl c0306201 20000780 returned -14 [ 715.733902][T15764] binder: 15758:15764 ioctl c0306201 20000780 returned -14 03:28:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x2, 0x0) 03:28:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x3800000000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x300000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:19 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x2, 0x0}) 03:28:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x2000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:19 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x33fe0}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:19 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x34000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a627300000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 715.952773][T15783] binder: 15781:15783 got transaction with too large buffer [ 716.026255][T15791] binder: 15781:15791 got transaction with too large buffer 03:28:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x400000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:19 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x3, 0x0}) 03:28:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x2800}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a627700000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:19 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x40000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x3, 0x0) 03:28:19 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x500000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:19 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x4, 0x0}) 03:28:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x3800}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:19 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x400300}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a646600000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x4, 0x0) 03:28:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x5, 0x0}) 03:28:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x600000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a687300000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:20 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xf0ffff}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x6, 0x0}) 03:28:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x5, 0x0) 03:28:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x700000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a687700000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4800}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 716.672135][T15869] binder_alloc: 15858: binder_alloc_buf failed to map pages in userspace, no vma [ 716.743476][T15878] binder_transaction: 107 callbacks suppressed [ 716.743493][T15878] binder: 15876:15878 transaction failed 29189/-22, size 40-16 line 2995 [ 716.782323][T15869] binder: 15868:15869 transaction failed 29189/-3, size 40-16 line 3148 03:28:20 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x1000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x852a747000000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x6, 0x0) [ 716.786864][T15882] binder: 15881:15882 transaction failed 29201/-22, size 64-16 line 3357 [ 716.839866][T15887] binder_transaction: 21 callbacks suppressed [ 716.839881][T15887] binder: 15868:15887 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:20 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x2000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 716.893305][T15894] binder: 15876:15894 got transaction with invalid offset (0, min 40 max 40) or object. [ 716.894910][T15895] binder: 15881:15895 transaction failed 29201/-22, size 64-16 line 3357 03:28:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x8561646600000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:20 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x3000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x7, 0x0) [ 717.009035][T15894] binder: 15876:15894 transaction failed 29201/-22, size 40-16 line 3242 [ 717.093994][T15887] binder: 15868:15887 transaction failed 29201/-22, size 40-16 line 3242 03:28:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x7, 0x0}) 03:28:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4c00}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0xfdfdffff00000000, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:20 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x4000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:20 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0xa00000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x8, 0x0) [ 717.200310][T15922] binder: 15916:15922 transaction failed 29201/-22, size 64-16 line 3357 [ 717.236637][T15929] binder: 15928:15929 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x630b, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:20 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x5000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 717.238946][T15927] binder: 15920:15927 got transaction with invalid offset (0, min 40 max 40) or object. [ 717.259846][T15931] binder: 15916:15931 transaction failed 29201/-22, size 64-16 line 3357 [ 717.280385][T15929] binder: 15928:15929 transaction failed 29201/-22, size 40-16 line 3242 [ 717.312205][T15934] binder: 15928:15934 got transaction with invalid offset (0, min 40 max 40) or object. [ 717.330832][T15937] binder: 15936:15937 ERROR: BC_REGISTER_LOOPER called without request [ 717.340301][T15934] binder: 15928:15934 transaction failed 29201/-22, size 40-16 line 3242 [ 717.357085][T15937] binder: 15936:15937 unknown command 0 03:28:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x5000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x48, 0x0}) [ 717.367241][ T7854] binder_release_work: 104 callbacks suppressed [ 717.367248][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 [ 717.390166][T15937] binder: 15936:15937 ioctl c0306201 20000780 returned -22 03:28:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x9, 0x0) 03:28:21 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x6000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x630c, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 717.480417][T15946] binder: BINDER_SET_CONTEXT_MGR already set [ 717.518090][T15946] binder: 15945:15946 ioctl 40046207 0 returned -16 [ 717.518172][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 03:28:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x1000000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 717.561446][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 717.575244][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 717.581634][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 717.593303][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 03:28:21 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x4c, 0x0}) 03:28:21 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x7000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 717.611512][T15960] binder: 15958:15960 unknown command 0 [ 717.634931][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 717.643978][T15960] binder: 15958:15960 ioctl c0306201 20000780 returned -22 [ 717.695390][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 717.721930][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 717.734991][T15976] binder: BINDER_SET_CONTEXT_MGR already set 03:28:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x630d, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x2000000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:21 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x60, 0x0}) 03:28:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0xa, 0x0) [ 717.741044][T15976] binder: 15973:15976 ioctl 40046207 0 returned -16 [ 717.760698][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 03:28:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x2800000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:21 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xa000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 717.831169][T15987] binder: 15986:15987 unknown command 0 [ 717.871212][T15987] binder: 15986:15987 ioctl c0306201 20000780 returned -22 03:28:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6800}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0xb, 0x0) 03:28:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40046302, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:21 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x68, 0x0}) [ 718.047262][T16014] binder: 16013:16014 got transaction with invalid offset (0, min 40 max 40) or object. [ 718.064315][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 718.064350][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 718.070157][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 718.076022][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 718.081865][ C0] protocol 88fb is buggy, dev hsr_slave_0 03:28:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x3800000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 718.087560][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 718.098553][T16016] binder: BC_ACQUIRE_RESULT not supported 03:28:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6c00}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:21 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xe000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 718.148705][T16016] binder: 16015:16016 ioctl c0306201 20000780 returned -22 03:28:21 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x6c, 0x0}) 03:28:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0xc, 0x0) 03:28:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40046304, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x3f00000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7400}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:21 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xf000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 718.349184][T16043] binder: 16042:16043 IncRefs 0 refcount change on invalid ref 0 ret -22 03:28:21 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x4800000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 718.401385][T16049] binder: BINDER_SET_CONTEXT_MGR already set [ 718.408368][T16043] binder: 16042:16043 unknown command 0 [ 718.435468][T16049] binder: 16048:16049 ioctl 40046207 0 returned -16 03:28:22 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x20000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 718.444897][T16043] binder: 16042:16043 ioctl c0306201 20000780 returned -22 03:28:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x74, 0x0}) [ 718.475375][T16057] binder: 16056:16057 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7a00}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0xd, 0x0) [ 718.517016][T16061] binder: 16060:16061 got transaction with invalid offset (0, min 40 max 40) or object. [ 718.542673][T16065] binder: 16056:16065 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40046307, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:22 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x48000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x7a, 0x0}) 03:28:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x4c00000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 718.640914][T16075] binder_alloc: 16071: binder_alloc_buf, no vma [ 718.680054][T16078] binder: 16077:16078 DecRefs 0 refcount change on invalid ref 0 ret -22 03:28:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0xe, 0x0) 03:28:22 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x4c000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 718.762754][T16078] binder: 16077:16078 unknown command 0 [ 718.774785][T16078] binder: 16077:16078 ioctl c0306201 20000780 returned -22 03:28:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x1000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x300, 0x0}) 03:28:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x6000000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40086303, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 718.908575][T16106] binder: 16104:16106 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0xf, 0x0) 03:28:22 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x60000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x2000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 719.005767][T16116] binder: 16115:16116 BC_FREE_BUFFER u0000000000000000 no match 03:28:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x6800000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 719.052099][T16116] binder: 16115:16116 unknown command 0 [ 719.085055][T16116] binder: 16115:16116 ioctl c0306201 20000780 returned -22 03:28:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x500, 0x0}) 03:28:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x10, 0x0) 03:28:22 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x68000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x6c00000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x4008630a, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x3000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x600, 0x0}) 03:28:22 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x7400000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x11, 0x0) 03:28:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 719.316495][T16152] binder: BC_ATTEMPT_ACQUIRE not supported [ 719.355380][T16152] binder: 16151:16152 ioctl c0306201 20000780 returned -22 03:28:22 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x6c000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x700, 0x0}) 03:28:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x7a00000000000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:23 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x74000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40086310, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 719.498870][T16170] binder_transaction: 24 callbacks suppressed [ 719.498880][T16170] binder: 16163:16170 got transaction with too large buffer 03:28:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0xfdfdffff00000000, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 719.589963][T16180] binder: 16179:16180 BC_DEAD_BINDER_DONE 0000000000000000 not found [ 719.605715][T16185] binder: 16163:16185 got transaction with too large buffer 03:28:23 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x7a000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x12, 0x0) [ 719.664081][T16180] binder: 16179:16180 unknown command 0 03:28:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x2000, 0x0}) 03:28:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x5000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x3, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 719.734722][T16180] binder: 16179:16180 ioctl c0306201 20000780 returned -22 03:28:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x400c630e, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 719.841736][T16208] binder: 16206:16208 got transaction with too large buffer 03:28:23 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x9effffff}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x3f00, 0x0}) 03:28:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x13, 0x0) [ 719.883879][T16212] binder: 16206:16212 got transaction with too large buffer 03:28:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x9, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 719.984415][T16225] binder: 16215:16225 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 720.024483][T16225] binder: 16215:16225 unknown command 0 03:28:23 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xc0000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0xa, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 720.038243][T16225] binder: 16215:16225 ioctl c0306201 20000780 returned -22 03:28:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x4800, 0x0}) 03:28:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x14, 0x0) 03:28:23 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x400c630f, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 720.139814][T16241] binder: 16240:16241 got transaction with too large buffer 03:28:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x25, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:23 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xc00e0000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 720.226709][T16241] binder: BINDER_SET_CONTEXT_MGR already set [ 720.240176][T16253] binder: 16252:16253 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 03:28:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x4c00, 0x0}) [ 720.271313][T16241] binder: 16240:16241 ioctl 40046207 0 returned -16 [ 720.291966][T16253] binder: 16252:16253 unknown command 0 [ 720.312412][T16253] binder: 16252:16253 ioctl c0306201 20000780 returned -22 03:28:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:23 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xe03f0300}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:23 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x2f, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40106308, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 720.431254][T16273] binder: 16272:16273 got transaction with too large buffer 03:28:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x15, 0x0) 03:28:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x30, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x6000, 0x0}) 03:28:24 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xe60d0000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 720.528701][T16283] binder: 16282:16283 BC_INCREFS_DONE u0000000000000000 no match 03:28:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0xa000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 720.574421][T16283] binder: 16282:16283 unknown command 0 [ 720.580027][T16283] binder: 16282:16283 ioctl c0306201 20000780 returned -22 [ 720.592801][T16290] binder_alloc: 16272: binder_alloc_buf failed to map pages in userspace, no vma 03:28:24 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xeffdffff}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40106309, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x38, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 720.680415][T16301] binder: 16300:16301 got transaction with too large buffer [ 720.703093][T16302] binder: 16300:16302 got transaction with too large buffer 03:28:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x16, 0x0) 03:28:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x6800, 0x0}) [ 720.760009][T16309] binder: 16307:16309 BC_ACQUIRE_DONE u0000000000000000 no match 03:28:24 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xf0ffffff}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x10000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 720.830891][T16309] binder: 16307:16309 unknown command 0 03:28:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x43, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 720.874661][T16309] binder: 16307:16309 ioctl c0306201 20000780 returned -22 [ 720.918678][T16326] binder: 16325:16326 got transaction with too large buffer [ 720.944266][ C1] net_ratelimit: 1 callbacks suppressed [ 720.944274][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 720.955693][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 720.961554][ C1] protocol 88fb is buggy, dev hsr_slave_0 03:28:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40406300, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 720.967360][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:28:24 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xff030000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x6c00, 0x0}) 03:28:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x17, 0x0) 03:28:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x5c, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 721.035833][T16335] binder: 16325:16335 got transaction with too large buffer 03:28:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40406301, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x20000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x7400, 0x0}) 03:28:24 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xfffff000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x63, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x18, 0x0) [ 721.252294][T16362] binder: 16361:16362 got reply transaction with no transaction stack 03:28:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x28000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x7a00, 0x0}) 03:28:24 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486312, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:24 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x6b, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x19, 0x0) 03:28:25 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xfffffdef}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 721.467148][T16380] binder: BINDER_SET_CONTEXT_MGR already set [ 721.473741][T16392] binder: 16390:16392 got reply transaction with no transaction stack 03:28:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x1000000, 0x0}) 03:28:25 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x5f5e0ff, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 721.534884][T16380] binder: 16377:16380 ioctl 40046207 0 returned -16 03:28:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x38000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x1a, 0x0) 03:28:25 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xffffff7f}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:25 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x200005a8, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x2000000, 0x0}) [ 721.745106][T16419] binder_transaction: 8 callbacks suppressed [ 721.745117][T16419] binder: 16418:16419 got transaction to invalid handle 03:28:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x40000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 721.793359][T16426] binder_alloc: 16412: binder_alloc_buf size 536872376 failed, no address space [ 721.821787][T16419] binder_transaction: 131 callbacks suppressed [ 721.821807][T16419] binder: 16418:16419 transaction failed 29201/-22, size 40-16 line 2995 03:28:25 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xffffff9e}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 721.849236][T16429] binder: 16428:16429 transaction failed 29189/-22, size 40-16 line 2995 [ 721.849683][T16426] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 721.867066][T16432] binder: 16428:16432 transaction failed 29189/-22, size 40-16 line 2995 [ 721.879213][T16426] binder: 16423:16426 transaction failed 29201/-28, size 536872360-16 line 3148 03:28:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x1b, 0x0) 03:28:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 721.906111][T16435] binder: 16433:16435 transaction failed 29201/-22, size 64-16 line 3357 [ 721.936210][T16439] binder_alloc: 16433: binder_alloc_buf size 536872376 failed, no address space 03:28:25 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xfffffff0}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x3000000, 0x0}) [ 722.007895][T16446] binder: 16444:16446 got transaction to invalid handle [ 722.016984][T16439] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 722.027244][T16446] binder: 16444:16446 transaction failed 29201/-22, size 40-16 line 2995 [ 722.052589][T16442] binder: 16433:16442 transaction failed 29201/-22, size 64-16 line 3357 [ 722.072324][T16439] binder: 16423:16439 transaction failed 29201/-28, size 536872360-16 line 3148 03:28:25 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x4000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 722.098881][T16455] binder_transaction: 39 callbacks suppressed [ 722.098896][T16455] binder: 16454:16455 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x48000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x1c, 0x0) 03:28:25 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x2, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 722.203245][T16455] binder: 16454:16455 transaction failed 29201/-22, size 40-16 line 3242 [ 722.240287][T16467] binder: 16466:16467 got transaction to invalid handle [ 722.245425][T16462] binder: 16461:16462 transaction failed 29201/-22, size 64-16 line 3357 03:28:25 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x40030000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:25 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 722.276461][T16469] binder: 16454:16469 got transaction with invalid offset (0, min 40 max 40) or object. [ 722.300659][T16474] binder: 16470:16474 got transaction with invalid offsets size, 2 03:28:25 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xf0ffffffffffff}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 722.378146][ T2916] binder_release_work: 134 callbacks suppressed [ 722.378154][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 722.394368][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 722.404522][T16481] binder: 16470:16481 got transaction with invalid offsets size, 2 [ 722.420062][T16484] binder: 16480:16484 got transaction to invalid handle 03:28:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4c000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x4000000, 0x0}) [ 722.441103][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 722.479145][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 03:28:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x2800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x1d, 0x0) 03:28:26 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x3, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 722.509877][T16492] binder: BINDER_SET_CONTEXT_MGR already set [ 722.526299][T16492] binder: 16488:16492 ioctl 40046207 0 returned -16 [ 722.538084][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 722.551218][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 03:28:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x5000000, 0x0}) [ 722.590774][T16502] binder: 16497:16502 got transaction to invalid handle [ 722.606294][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 [ 722.625007][ T2916] binder: undelivered TRANSACTION_ERROR: 29189 03:28:26 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x100000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 722.653640][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 [ 722.677774][ T2916] binder: undelivered TRANSACTION_ERROR: 29201 03:28:26 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x4, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x3800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 722.702806][T16512] binder: 16511:16512 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:26 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x200000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x50000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x1e, 0x0) [ 722.813721][T16525] binder: 16523:16525 got transaction to invalid handle 03:28:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x6000000, 0x0}) 03:28:26 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x5, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:26 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x300000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 722.930734][T16539] binder: 16538:16539 got transaction with invalid offset (0, min 40 max 40) or object. [ 722.985189][T16544] binder: 16543:16544 got transaction with invalid offsets size, 5 [ 723.002343][T16547] binder: 16538:16547 got transaction with invalid offset (0, min 40 max 40) or object. [ 723.019204][T16550] binder: 16543:16550 got transaction with invalid offsets size, 5 03:28:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x60000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 723.031950][T16552] binder: 16549:16552 got transaction to invalid handle 03:28:26 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x400000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x7000000, 0x0}) 03:28:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x21, 0x0) 03:28:26 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x6, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 723.186191][T16562] binder: 16561:16562 got transaction to invalid handle [ 723.225427][T16570] binder: 16569:16570 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x68000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:26 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x500000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 723.256030][T16572] binder: 16568:16572 got transaction with invalid offsets size, 6 [ 723.325108][T16581] binder: 16576:16581 got transaction to invalid handle 03:28:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6c000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x20000000, 0x0}) 03:28:26 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x22, 0x0) 03:28:26 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x600000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x7, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x28000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 723.536194][T16599] binder: BINDER_SET_CONTEXT_MGR already set [ 723.557860][T16599] binder: 16598:16599 ioctl 40046207 0 returned -16 03:28:27 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x700000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x3f000000, 0x0}) 03:28:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x74000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 723.586995][T16611] binder: 16610:16611 got transaction to invalid handle 03:28:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x8, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x23, 0x0) 03:28:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x38000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:27 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xa00000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7a000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x48000000, 0x0}) [ 723.791024][ T7854] binder: release 16626:16630 transaction 9160 out, still active [ 723.804402][ T7854] binder: undelivered TRANSACTION_COMPLETE [ 723.841817][ T7854] binder: send failed reply for transaction 9160, target dead 03:28:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x9, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 723.886047][ T7854] binder: send failed reply for transaction 9161 to 16626:16632 03:28:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x66642a85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:27 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xe00000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 723.934001][ T7854] binder: undelivered TRANSACTION_COMPLETE [ 723.957924][T16650] binder: 16648:16650 got transaction with invalid offsets size, 9 03:28:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x24, 0x0) 03:28:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x4c000000, 0x0}) [ 724.002839][T16654] binder: 16648:16654 got transaction with invalid offsets size, 9 03:28:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0xfdfdffff}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x66646185, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 724.069618][T16661] binder: 16660:16661 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0xa, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:27 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xf00000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 724.182330][T16672] binder: 16660:16672 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0xfffffdfd}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x60000000, 0x0}) [ 724.255824][T16675] binder: 16674:16675 got transaction with invalid offsets size, 10 03:28:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x25, 0x0) 03:28:27 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x2000000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:27 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0xb, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:27 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x73622a85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x100000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 724.405606][T16695] binder: 16689:16695 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0xc, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:28 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x4800000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 724.508878][T16708] binder_transaction: 25 callbacks suppressed [ 724.508888][T16708] binder: 16707:16708 got transaction with too large buffer 03:28:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x73682a85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x26, 0x0) [ 724.559436][T16708] binder: BINDER_SET_CONTEXT_MGR already set [ 724.590897][T16708] binder: 16707:16708 ioctl 40046207 0 returned -16 03:28:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x68000000, 0x0}) 03:28:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0xd, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x77622a85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:28 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x4c00000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x200000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x6c000000, 0x0}) [ 724.791314][T16744] binder: 16743:16744 got transaction with too large buffer 03:28:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0xe, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:28 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x6000000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x77682a85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 724.874083][T16748] binder: 16747:16748 got transaction with invalid offset (0, min 40 max 40) or object. [ 724.915256][T16744] binder: BINDER_SET_CONTEXT_MGR already set [ 724.921334][T16744] binder: 16743:16744 ioctl 40046207 0 returned -16 [ 724.927611][T16753] binder_alloc: 16743: binder_alloc_buf, no vma 03:28:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x74000000, 0x0}) 03:28:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x27, 0x0) 03:28:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x11, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x852a6273, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:28 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x6800000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x300000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:28 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x12, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x7a000000, 0x0}) 03:28:28 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x6c00000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x852a6277, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 725.202306][T16782] binder: 16781:16782 got transaction with too large buffer [ 725.226441][T16788] binder: 16787:16788 got transaction with invalid offsets size, 18 03:28:28 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x852a6466, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x28, 0x0) 03:28:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0xfdfdffff, 0x0}) [ 725.301602][T16798] binder_alloc: 16781: binder_alloc_buf, no vma [ 725.325566][T16800] binder_alloc: 16781: binder_alloc_buf failed to map pages in userspace, no vma 03:28:28 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x7400000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x400000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x2f, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x852a6873, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0xfffffdfd, 0x0}) 03:28:29 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x7a00000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 725.526087][T16820] binder: 16815:16820 got transaction with too large buffer [ 725.535797][T16822] binder: 16818:16822 got transaction with invalid offsets size, 47 03:28:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x29, 0x0) 03:28:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x38, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x852a6877, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 725.630669][T16832] binder: 16815:16832 got transaction with too large buffer 03:28:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x100000000000000, 0x0}) 03:28:29 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x8000000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x500000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x852a7470, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x43, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 725.832895][T16852] binder: 16850:16852 got transaction with too large buffer 03:28:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x2a, 0x0) 03:28:29 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x9effffff00000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x200000000000000, 0x0}) 03:28:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x85616466, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 725.954363][T16852] binder: BINDER_SET_CONTEXT_MGR already set [ 725.960394][T16852] binder: 16850:16852 ioctl 40046207 0 returned -16 [ 725.960417][T16865] binder_alloc: 16850: binder_alloc_buf, no vma 03:28:29 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xc000000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x5c, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x300000000000000, 0x0}) 03:28:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0xfdfdffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x2b, 0x0) 03:28:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x600000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:29 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xc00e000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x400000000000000, 0x0}) [ 726.268758][T16901] binder: 16898:16901 got transaction with too large buffer 03:28:29 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x63, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 726.320389][T16907] binder: 16898:16907 got transaction with too large buffer [ 726.322166][T16905] binder: BINDER_SET_CONTEXT_MGR already set 03:28:29 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:29 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xe03f030000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x6b, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 726.397569][T16905] binder: 16898:16905 ioctl 40046207 0 returned -16 03:28:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x500000000000000, 0x0}) 03:28:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x2c, 0x0) 03:28:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x223, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x700000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:30 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xe60d000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 726.638278][T16943] binder_alloc: 16898: binder_alloc_buf, no vma 03:28:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x1000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x600000000000000, 0x0}) [ 726.696602][T16948] binder: 16947:16948 got transaction with too large buffer 03:28:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x5f5e0ff, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x2d, 0x0) 03:28:30 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xeffdffff00000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 726.806383][T16961] binder: 16947:16961 got transaction with too large buffer [ 726.825510][T16963] binder_alloc: 16947: binder_alloc_buf size 100000040 failed, no address space 03:28:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x2800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:30 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xf0ffffff00000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 726.889452][T16963] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 03:28:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0xa00000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 726.941324][T16969] binder_alloc: 16947: binder_alloc_buf, no vma [ 726.949148][T16963] binder_transaction: 140 callbacks suppressed [ 726.949297][T16963] binder: 16962:16963 transaction failed 29201/-28, size 40-99999999 line 3148 [ 726.956765][T16976] binder: 16974:16976 transaction failed 29189/-22, size 40-16 line 2995 [ 726.978960][T16969] binder: 16968:16969 transaction failed 29189/-3, size 40-16 line 3148 03:28:30 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xff03000000000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x2e, 0x0) [ 726.995851][T16978] binder: 16962:16978 transaction failed 29189/-22, size 40-99999999 line 2995 [ 727.016528][T16982] binder: 16981:16982 transaction failed 29201/-22, size 64-16 line 3357 [ 727.034411][T16984] binder: 16968:16984 transaction failed 29201/-22, size 40-16 line 3242 03:28:30 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x200005d0, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x3800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 727.095462][T16988] binder: 16981:16988 transaction failed 29201/-22, size 64-16 line 3357 03:28:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x700000000000000, 0x0}) 03:28:30 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xffffff7f00000000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 727.162078][T16995] binder_alloc: 16981: binder_alloc_buf size 536872440 failed, no address space [ 727.212302][T16995] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 727.244593][T16995] binder: 16994:16995 transaction failed 29201/-28, size 40-536872400 line 3148 [ 727.244670][T16996] binder_transaction: 14 callbacks suppressed 03:28:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x1000000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:30 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0xfffffffffffff000}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") [ 727.244685][T16996] binder: 16993:16996 got transaction with invalid offset (24, min 40 max 40) or object. [ 727.272790][T17005] binder: 17004:17005 got transaction with invalid offset (0, min 40 max 40) or object. [ 727.280226][T16996] binder: 16993:16996 transaction failed 29201/-22, size 40-16 line 3242 03:28:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x2f, 0x0) [ 727.342948][T17008] binder: 16994:17008 transaction failed 29189/-22, size 40-536872400 line 2995 [ 727.382402][T17015] binder: BINDER_SET_CONTEXT_MGR already set 03:28:30 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x0, 0x2}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:30 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x852a627300000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x2000000000000000, 0x0}) [ 727.438594][T17015] binder: 17009:17015 ioctl 40046207 0 returned -16 [ 727.470564][T17021] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:28:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x66642a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 727.500436][ T7854] binder_release_work: 142 callbacks suppressed [ 727.500444][ T7854] binder: undelivered TRANSACTION_ERROR: 29201 03:28:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x2000000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 727.547009][T17029] binder: 17026:17029 got transaction with invalid offset (24, min 40 max 40) or object. [ 727.559966][T17031] binder: 17030:17031 got transaction with invalid offset (0, min 40 max 40) or object. [ 727.577991][T17032] binder: 17028:17032 got transaction with fd, 0, but target does not allow fds [ 727.604457][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 [ 727.629133][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 03:28:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x852a627700000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x3f00000000000000, 0x0}) [ 727.651005][T17036] binder: BINDER_SET_CONTEXT_MGR already set [ 727.671555][T17036] binder: 17035:17036 ioctl 40046207 0 returned -16 [ 727.671662][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 03:28:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x66646185, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x4800000000000000, 0x0}) 03:28:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x2800000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 727.733922][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 727.768302][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 03:28:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x852a646600000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 727.796834][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 727.827366][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 727.868613][ T7860] binder: undelivered TRANSACTION_ERROR: 29189 [ 727.878508][T17060] binder: 17058:17060 got transaction with invalid offset (24, min 40 max 40) or object. [ 727.889099][T17059] binder_alloc: 17052: binder_alloc_buf, no vma [ 727.896567][ T7860] binder: undelivered TRANSACTION_ERROR: 29201 03:28:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x1c3, 0x4) [ 727.914699][T17061] binder_alloc: 17052: binder_alloc_buf, no vma [ 727.933551][T17063] binder: 17057:17063 got transaction with invalid parent offset or type 03:28:31 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x0, 0x3}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x4c00000000000000, 0x0}) 03:28:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x852a687300000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x3800000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:31 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x73622a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x6000000000000000, 0x0}) [ 728.091786][T17076] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:28:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x852a687700000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 728.159908][T17085] binder: 17084:17085 got transaction with invalid offset (0, min 24 max 40) or object. 03:28:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4000000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 728.200755][T17087] binder: 17083:17087 got transaction with invalid offset (0, min 40 max 40) or object. [ 728.230550][T17090] binder: 17084:17090 got transaction with invalid offset (0, min 24 max 40) or object. 03:28:31 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x852a747000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 728.288508][T17090] binder: transaction release 9367 bad handle 1, ret = -22 03:28:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x6800000000000000, 0x0}) 03:28:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4800000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 728.464283][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 728.464303][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 728.464348][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 728.470139][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 728.475954][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 728.481673][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 728.487365][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 728.493077][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 728.523420][T17107] binder: 17106:17107 got transaction with invalid offset (0, min 40 max 40) or object. [ 728.568823][T17108] binder: 17106:17108 got transaction with invalid offset (0, min 40 max 40) or object. 03:28:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x1c3, 0x7) 03:28:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x73682a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x8561646600000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x4c00000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x6c00000000000000, 0x0}) 03:28:32 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x0, 0x4}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x5000000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 728.745048][T17125] binder: 17113:17125 got transaction with invalid handle, 0 [ 728.758972][T17121] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 728.779985][T17127] binder: 17113:17127 got transaction with invalid handle, 0 03:28:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x7400000000000000, 0x0}) 03:28:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0xfdfdffff00000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x77622a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x1c3, 0x9) [ 728.855980][T17133] binder: BINDER_SET_CONTEXT_MGR already set [ 728.945472][T17133] binder: 17132:17133 ioctl 40046207 0 returned -16 03:28:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x7a00000000000000, 0x0}) 03:28:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x1c3, 0xe) 03:28:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6000000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x77682a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0xfdfdffff00000000, 0x0}) [ 729.193250][T17165] binder: BINDER_SET_CONTEXT_MGR already set [ 729.224904][T17165] binder: 17162:17165 ioctl 40046207 0 returned -16 [ 729.264299][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 729.270150][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:28:32 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x0, 0x5}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:32 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:32 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x2, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6800000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:32 executing program 0: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x8180, 0x0) ioctl$KVM_GET_REGS(r0, 0x8090ae81, &(0x7f0000000080)) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000140)=0x9, 0x4) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x3, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x400000, 0x0) readv(r0, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/75, 0x4b}, {&(0x7f0000000140)=""/54, 0x36}, {&(0x7f0000000180)=""/202, 0xca}], 0x3) setsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000000080)=0x9, 0x4) 03:28:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 729.414896][T17189] binder: BINDER_SET_CONTEXT_MGR already set [ 729.420957][T17189] binder: 17176:17189 ioctl 40046207 0 returned -16 [ 729.431547][T17187] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 729.512138][T17198] binder_fixup_parent: 5 callbacks suppressed [ 729.512149][T17198] binder: 17194:17198 got transaction with invalid parent offset or type 03:28:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x1c3, 0x11) 03:28:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x6c00000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 729.577130][T17204] binder: 17194:17204 got transaction with invalid parent offset or type 03:28:33 executing program 0: syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0x80580, 0x0) ioctl$KVM_SMI(r0, 0xaeb7) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x802) r1 = syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x5, 0x34200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) [ 729.699986][T17214] binder_transaction: 19 callbacks suppressed [ 729.699995][T17214] binder: 17213:17214 got transaction with too large buffer [ 729.739846][T17218] binder: 17213:17218 got transaction with too large buffer 03:28:33 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x0, 0x6}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x4, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x2800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x39, 0x8000) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x8000, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="11634840de8a00000000000000000000000000000000000000000000000000000000000000002800000000000000100000000000", @ANYPTR=&(0x7f0000000580)=ANY=[@ANYBLOB="852a747000"/40], @ANYPTR=&(0x7f00000005c0)=ANY=[@ANYBLOB='\x00'/16], @ANYBLOB="1d00000000f55920"], 0x0, 0x0, 0x0}) 03:28:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7400000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x1c3, 0x1c) 03:28:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x5, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 729.915156][T17234] binder: 17227:17234 got transaction with too large buffer [ 729.917647][T17235] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 729.935279][T17229] binder_transaction: 16 callbacks suppressed [ 729.935290][T17229] binder: 17228:17229 got transaction to invalid handle 03:28:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 729.977694][T17242] binder: 17227:17242 got transaction with too large buffer [ 730.001672][T17244] binder: 17228:17244 got transaction to invalid handle 03:28:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x7a00000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 730.062247][T17248] binder: 17245:17248 got transaction with invalid parent offset or type 03:28:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000028000000000000001000000000000000", @ANYPTR=&(0x7f0000000580)=ANY=[@ANYBLOB="852a747000"/40], @ANYPTR=&(0x7f00000005c0)=ANY=[@ANYBLOB='\x00'/16], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 03:28:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x1c3, 0x60) [ 730.142542][T17256] binder: 17255:17256 got transaction with too large buffer 03:28:33 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x0, 0x7}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x6, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 730.287765][T17269] binder: 17255:17269 got transaction with too large buffer 03:28:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0xfffffffffffffffe) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) socket$tipc(0x1e, 0x2, 0x0) [ 730.334798][T17278] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:28:33 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x7, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x8000000000000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0xffffffce, 0x0, 0x0}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x1, 0x0) statx(r1, &(0x7f0000000080)='./file0\x00', 0x2000, 0x7ff, &(0x7f00000000c0)) 03:28:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x28000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:34 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0xa, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 730.532532][T17293] binder: 17290:17293 got transaction with too large buffer [ 730.563307][T17296] binder: 17295:17296 ioctl c0306201 200001c0 returned -14 [ 730.572225][T17297] binder: 17290:17297 got transaction with too large buffer 03:28:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0xfdfdffff00000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x1c3, 0x1c2) [ 730.636817][T17296] binder: 17295:17296 ioctl c0306201 200001c0 returned -14 [ 730.762181][T17313] binder: 17312:17313 got transaction with too large buffer [ 730.806289][T17317] binder: 17312:17317 got transaction with too large buffer [ 730.839680][T17280] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. 03:28:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x38000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0xd2, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0}) 03:28:34 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x10, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:34 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x0, 0xa}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0xffffffff00000000}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 731.007144][T17324] binder: 17322:17324 unknown command 0 [ 731.045548][T17332] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 731.049940][T17324] binder: 17322:17324 ioctl c0306201 20000040 returned -22 [ 731.071586][T17328] binder: BINDER_SET_CONTEXT_MGR already set [ 731.093284][T17328] binder: 17321:17328 ioctl 40046207 0 returned -16 03:28:34 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x28, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 731.107243][T17335] binder: 17322:17335 unknown command 0 03:28:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x66642a85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x1c3, 0x1f4) [ 731.130105][T17335] binder: 17322:17335 ioctl c0306201 20000040 returned -22 03:28:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10, &(0x7f0000000580)=[@flat={0x77622a85}, @ptr={0x70742a85, 0xffffff7f, 0x0, 0x0, 0x2}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:34 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) r1 = getpgrp(0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2400, 0x0) perf_event_open(&(0x7f0000000080)={0x4, 0x70, 0x9, 0x8, 0x7fffffff, 0x3, 0x0, 0x7fff, 0x2, 0x0, 0x9, 0x2, 0x7f, 0x6, 0x5, 0xf8f8, 0x8, 0x40, 0x6, 0xffffffff, 0x3ff, 0x6, 0x5, 0x2, 0x100000001, 0x5, 0x20, 0xf72, 0x0, 0x89, 0x0, 0x4, 0x7, 0x0, 0xfe91, 0x2, 0x36, 0x3, 0x0, 0x1, 0x1, @perf_bp={&(0x7f0000000040), 0x4}, 0x80, 0xffffffffffffffa9, 0xfffffffffffffa08, 0x7, 0xffffffff, 0xab40000000000000, 0x8}, r1, 0x3, r2, 0xb) ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0106426, &(0x7f0000000180)={0x1, &(0x7f0000000140)=[{}]}) 03:28:34 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x38, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) 03:28:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x66646185, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 731.320235][T17352] ------------[ cut here ]------------ [ 731.326089][T17352] kernel BUG at drivers/android/binder_alloc.c:1139! [ 731.354342][T17352] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 731.360458][T17352] CPU: 0 PID: 17352 Comm: syz-executor.2 Not tainted 5.1.0-rc5+ #71 [ 731.368433][T17352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 731.378607][T17352] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 [ 731.385116][T17352] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 ef 89 23 fc 4c 89 e6 4c 89 ef e8 04 8b 23 fc 4d 39 e5 76 07 e8 da 89 23 fc <0f> 0b e8 d3 89 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 e1 [ 731.405227][T17352] RSP: 0018:ffff8880586cf4e0 EFLAGS: 00010216 [ 731.411373][T17352] RAX: 0000000000040000 RBX: 0000000020001000 RCX: ffffc9000a21d000 [ 731.419511][T17352] RDX: 0000000000000534 RSI: ffffffff854d02d6 RDI: 0000000000000006 [ 731.427474][T17352] RBP: ffff8880586cf560 R08: ffff88805496e5c0 R09: 0000000000000008 [ 731.435437][T17352] R10: ffffed100b0d9f15 R11: ffff8880586cf8af R12: 0000000000000048 [ 731.443396][T17352] R13: 0000000000000008 R14: 0000000000000050 R15: 0000000000000000 [ 731.451365][T17352] FS: 00007f438481e700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 731.460312][T17352] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 731.466991][T17352] CR2: 00000000200000c0 CR3: 000000009b3c8000 CR4: 00000000001426f0 [ 731.475052][T17352] Call Trace: [ 731.478348][T17352] ? find_held_lock+0x35/0x130 [ 731.483134][T17352] binder_alloc_copy_from_buffer+0x37/0x42 [ 731.489064][T17352] binder_validate_ptr+0xcc/0x1d0 [ 731.494092][T17352] ? binder_get_object+0x210/0x210 [ 731.499228][T17352] ? binder_alloc_copy_user_to_buffer+0x312/0x480 [ 731.505656][T17352] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 731.511386][T17352] binder_transaction+0x3e02/0x65c0 [ 731.516602][T17352] ? binder_thread_read+0x3d30/0x3d30 [ 731.521977][T17352] ? __lock_acquire+0x548/0x3fb0 [ 731.526936][T17352] ? __might_fault+0x12b/0x1e0 [ 731.531819][T17352] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 731.538069][T17352] ? _copy_from_user+0xdd/0x150 [ 731.542924][T17352] binder_thread_write+0x87e/0x2820 [ 731.548133][T17352] ? binder_transaction+0x65c0/0x65c0 [ 731.553518][T17352] ? __might_fault+0x12b/0x1e0 [ 731.558289][T17352] ? lock_downgrade+0x880/0x880 [ 731.563151][T17352] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 731.569399][T17352] ? _copy_from_user+0xdd/0x150 [ 731.574258][T17352] binder_ioctl+0x1033/0x183b [ 731.578938][T17352] ? binder_thread_write+0x2820/0x2820 [ 731.585056][T17352] ? tomoyo_path_number_perm+0x263/0x520 [ 731.590777][T17352] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 731.596594][T17352] ? binder_thread_write+0x2820/0x2820 [ 731.602050][T17352] do_vfs_ioctl+0xd6e/0x1390 [ 731.606639][T17352] ? ioctl_preallocate+0x210/0x210 [ 731.611763][T17352] ? __fget+0x381/0x550 [ 731.616007][T17352] ? ksys_dup3+0x3e0/0x3e0 [ 731.620418][T17352] ? nsecs_to_jiffies+0x30/0x30 [ 731.625267][T17352] ? tomoyo_file_ioctl+0x23/0x30 [ 731.630206][T17352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 731.636443][T17352] ? security_file_ioctl+0x93/0xc0 [ 731.641574][T17352] ksys_ioctl+0xab/0xd0 [ 731.645735][T17352] __x64_sys_ioctl+0x73/0xb0 [ 731.650330][T17352] do_syscall_64+0x103/0x610 [ 731.654937][T17352] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 731.660817][T17352] RIP: 0033:0x458c29 [ 731.664730][T17352] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 731.684348][T17352] RSP: 002b:00007f438481dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 731.692754][T17352] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 731.700733][T17352] RDX: 0000000020000780 RSI: 00000000c0306201 RDI: 0000000000000003 [ 731.708692][T17352] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 731.716653][T17352] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f438481e6d4 [ 731.724621][T17352] R13: 00000000004bff7b R14: 00000000004d22e8 R15: 00000000ffffffff [ 731.732613][T17352] Modules linked in: 03:28:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000100)=[@register_looper], 0x22f, 0x0, 0x0}) 03:28:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) 03:28:35 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x48, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 731.772610][ T3876] kobject: 'loop0' (0000000016cb041d): kobject_uevent_env [ 731.788061][ T3876] kobject: 'loop0' (0000000016cb041d): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 731.814642][ T3876] kobject: 'loop4' (00000000f97c7665): kobject_uevent_env 03:28:35 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001200ff09fffefd9567a283b724a600800000000000000068354046002c00120034c41180b598bc593ab6821148a730de33a49868c62b2ca63d89613b6aabf35d4c1cbc882b079881", 0x4c}], 0x1}, 0x0) r0 = socket(0x10, 0x80003, 0x6) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2000, 0x600000000000000, &(0x7f0000000100), 0x0, &(0x7f0000000100), 0x0, 0xe}], 0xff16d902e8240e, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") 03:28:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 731.826351][ T3876] kobject: 'loop4' (00000000f97c7665): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 731.846828][ T3876] kobject: 'loop3' (00000000b1d6047b): kobject_uevent_env 03:28:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x73622a85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x0, 0x0}], &(0x7f00000005c0)=[0x0, 0x18]}}}], 0x0, 0x0, 0x0}) [ 731.874349][T17352] ---[ end trace eace754c39288039 ]--- [ 731.874608][ T3876] kobject: 'loop3' (00000000b1d6047b): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 731.879941][T17352] RIP: 0010:binder_alloc_do_buffer_copy+0xd6/0x510 03:28:35 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x4c, 0x0, &(0x7f0000000600)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x28, 0x10, &(0x7f0000000580)=[@ptr={0x70742a85, 0x4c, 0x0}], &(0x7f00000005c0)=[0x0, 0x0]}}}], 0x0, 0x0, 0x0}) [ 731.916937][ T3876] kobject: 'loop5' (000000005af1254c): kobject_uevent_env [ 731.932185][ T3876] kobject: 'loop5' (000000005af1254c): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 731.934916][T17377] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.5'. [ 731.949365][ T3876] kobject: 'loop0' (0000000016cb041d): kobject_uevent_env [ 731.961965][ T3876] kobject: 'loop0' (0000000016cb041d): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 731.978466][T17352] Code: 02 00 0f 85 20 04 00 00 4d 8b 64 24 58 49 29 dc e8 ef 89 23 fc 4c 89 e6 4c 89 ef e8 04 8b 23 fc 4d 39 e5 76 07 e8 da 89 23 fc <0f> 0b e8 d3 89 23 fc 4c 8b 75 d0 4d 29 ec 4c 89 e6 4c 89 f7 e8 e1 [ 731.980974][T17380] binder_transaction: 124 callbacks suppressed [ 731.980989][T17380] binder: 17379:17380 transaction failed 29201/-22, size 40-16 line 3242 03:28:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x80000006}]}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x4) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r2, &(0x7f0000004e00)=[{{0x0, 0x0, 0x0}}], 0x1c3, 0x3e8) [ 732.013410][T17352] RSP: 0018:ffff8880586cf4e0 EFLAGS: 00010216 [ 732.021520][ T3876] kobject: 'loop3' (00000000b1d6047b): kobject_uevent_env [ 732.028544][T17352] RAX: 0000000000040000 RBX: 0000000020001000 RCX: ffffc9000a21d000 [ 732.032090][ T3876] kobject: 'loop3' (00000000b1d6047b): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 732.044310][T17352] RDX: 0000000000000534 RSI: ffffffff854d02d6 RDI: 0000000000000006 [ 732.061000][ T3876] kobject: 'loop4' (00000000f97c7665): kobject_uevent_env [ 732.079998][ T3876] kobject: 'loop4' (00000000f97c7665): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 732.083657][T17352] RBP: ffff8880586cf560 R08: ffff88805496e5c0 R09: 0000000000000008 [ 732.091211][T17385] binder: 17379:17385 transaction failed 29201/-22, size 40-16 line 3242 [ 732.109910][ T3876] kobject: 'loop0' (0000000016cb041d): kobject_uevent_env [ 732.117566][ T3876] kobject: 'loop0' (0000000016cb041d): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 732.137770][T17352] R10: ffffed100b0d9f15 R11: ffff8880586cf8af R12: 0000000000000048 [ 732.139846][ T3876] kobject: 'loop1' (000000002783ac87): kobject_uevent_env [ 732.159555][ T3876] kobject: 'loop1' (000000002783ac87): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 732.165391][T17352] R13: 0000000000000008 R14: 0000000000000050 R15: 0000000000000000 [ 732.180590][ T3876] kobject: 'loop4' (00000000f97c7665): kobject_uevent_env [ 732.187475][T17352] FS: 00007f438481e700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 732.196192][ T3876] kobject: 'loop4' (00000000f97c7665): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 732.225569][T17352] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 732.251670][T17352] CR2: 0000000000000000 CR3: 000000009b3c8000 CR4: 00000000001426e0 [ 732.281535][T17352] Kernel panic - not syncing: Fatal exception [ 732.288443][T17352] Kernel Offset: disabled [ 732.292768][T17352] Rebooting in 86400 seconds..