], 0x2c}, 0x1, 0x2, 0xfffffffffffff000}, 0x0) [ 2285.241921] binder: 11311:11315 ioctl 40046207 0 returned -16 [ 2285.286168] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2285.300182] binder: 11311:11331 unknown command 1077944576 [ 2285.320253] binder: 11311:11331 ioctl c0306201 20000440 returned -22 04:15:51 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0000f1060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:15:51 executing program 3: r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000050000)='/dev/snd/seq\x00', 0x0, 0x2) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, '\x9e\xdez\x8cZ\xe9^\xc8g,\x934\x0fd:fO\x13\xee\xabe\xc02)\x01\xdck\xd3l\xde,Q\xf0\x1b\x7f\v\x01O\x9f\x91\xee\xb7\xc3|r@\xf4v\xc8\xd7S\xd0\x00\xaa\x8f\xaf\x8f\xb5t\xdb\xcf\xa6\xdcM'}) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x19, 0xfa00, {{0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, {0xa, 0x0, 0x0, @loopback}}}, 0x48) 04:15:51 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:15:51 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x2}, 0x0) 04:15:51 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000032060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:15:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00224040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:15:51 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0000f2060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2287.946170] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2287.953959] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2287.976016] binder: 11340:11345 unknown command 1077944832 [ 2287.981677] binder: 11340:11345 ioctl c0306201 20000440 returned -22 [ 2288.023415] binder_alloc: binder_alloc_mmap_handler: 11340 20001000-20004000 already mapped failed -16 [ 2288.048519] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:15:51 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000013c0)={{{@in, @in6=@ipv4, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@local, 0x0, 0x32}, 0x0, @in6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1000000000}}, 0xe8) connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) sendmmsg(r0, &(0x7f0000000240), 0x5c3, 0x9) 04:15:51 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000033060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2288.069299] binder: BINDER_SET_CONTEXT_MGR already set 04:15:51 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0000f3060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2288.127107] binder: 11340:11345 ioctl 40046207 0 returned -16 [ 2288.127125] binder: 11340:11359 unknown command 1077944832 04:15:51 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x3}, 0x0) [ 2288.177724] binder: 11340:11359 ioctl c0306201 20000440 returned -22 [ 2288.184518] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:15:51 executing program 3 (fault-call:4 fault-nth:0): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:15:51 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0000f4060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:15:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00234040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2288.288912] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2288.351635] FAULT_INJECTION: forcing a failure. [ 2288.351635] name failslab, interval 1, probability 0, space 0, times 0 [ 2288.363363] CPU: 0 PID: 11377 Comm: syz-executor3 Not tainted 4.20.0+ #13 [ 2288.370294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2288.371172] binder: 11375:11379 unknown command 1077945088 [ 2288.379645] Call Trace: [ 2288.385353] binder: 11375:11379 ioctl c0306201 20000440 returned -22 [ 2288.387906] dump_stack+0x1db/0x2d0 [ 2288.397078] binder_alloc: binder_alloc_mmap_handler: 11375 20001000-20004000 already mapped failed -16 [ 2288.398017] ? dump_stack_print_info.cold+0x20/0x20 [ 2288.407614] binder: BINDER_SET_CONTEXT_MGR already set [ 2288.412472] should_fail.cold+0xa/0x15 [ 2288.417804] binder: 11375:11380 unknown command 1077945088 [ 2288.421616] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2288.427270] binder: 11375:11379 ioctl 40046207 0 returned -16 [ 2288.432327] ? __sigqueue_alloc+0x235/0x710 [ 2288.438236] binder: 11375:11380 ioctl c0306201 20000440 returned -22 [ 2288.442505] ? find_held_lock+0x35/0x120 [ 2288.453042] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2288.458627] __should_failslab+0x121/0x190 [ 2288.462871] should_failslab+0x9/0x14 [ 2288.466680] kmem_cache_alloc+0x47/0x710 [ 2288.470757] __sigqueue_alloc+0x3ca/0x710 [ 2288.474918] ? dequeue_signal+0x650/0x650 [ 2288.479104] ? reacquire_held_locks+0xfb/0x520 [ 2288.483705] ? __task_pid_nr_ns+0x314/0x630 [ 2288.488026] ? find_held_lock+0x35/0x120 [ 2288.492078] __send_signal+0xe8f/0x1ae0 [ 2288.496042] ? prepare_signal+0xe10/0xe10 [ 2288.500182] ? __task_pid_nr_ns+0x33b/0x630 [ 2288.504504] ? delayed_put_pid+0x30/0x30 [ 2288.508551] ? zap_other_threads+0x2f0/0x2f0 [ 2288.512954] ? __lock_acquire+0x572/0x4a30 [ 2288.517192] send_signal+0x49/0xd0 [ 2288.520735] do_send_sig_info+0xae/0x160 [ 2288.524797] ? __lock_task_sighand+0x460/0x460 [ 2288.529370] ? __init_waitqueue_head+0x150/0x150 [ 2288.534115] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2288.539144] send_sig+0x56/0x80 [ 2288.542415] sk_stream_error+0xb1/0x110 [ 2288.546403] tcp_sendmsg_locked+0x21cc/0x3e80 [ 2288.550910] ? add_lock_to_list.isra.0+0x450/0x450 [ 2288.555840] ? print_usage_bug+0xd0/0xd0 [ 2288.559893] ? lock_sock_nested+0xac/0x120 [ 2288.564121] ? tcp_sendpage+0x60/0x60 [ 2288.567908] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2288.572483] ? trace_hardirqs_on+0xbd/0x310 [ 2288.576792] ? lock_sock_nested+0xe2/0x120 [ 2288.581014] ? trace_hardirqs_off_caller+0x300/0x300 [ 2288.586107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2288.591645] ? check_preemption_disabled+0x48/0x290 [ 2288.596668] ? lock_sock_nested+0x9a/0x120 [ 2288.600893] ? __local_bh_enable_ip+0x15a/0x270 [ 2288.605551] tcp_sendmsg+0x30/0x50 [ 2288.609081] inet_sendmsg+0x1af/0x740 [ 2288.612869] ? ipip_gro_receive+0x100/0x100 [ 2288.617188] ? apparmor_socket_sendmsg+0x2a/0x30 [ 2288.621959] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2288.627488] ? security_socket_sendmsg+0x93/0xc0 [ 2288.632233] ? ipip_gro_receive+0x100/0x100 [ 2288.636544] sock_sendmsg+0xdd/0x130 [ 2288.640248] ___sys_sendmsg+0x7ec/0x910 [ 2288.644212] ? copy_msghdr_from_user+0x570/0x570 [ 2288.648963] ? iterate_fd+0x4b0/0x4b0 [ 2288.652774] ? lock_downgrade+0x910/0x910 [ 2288.656921] ? __fget_light+0x2db/0x420 [ 2288.660894] ? fget_raw+0x20/0x20 [ 2288.664335] ? __mutex_unlock_slowpath+0x195/0x870 [ 2288.669255] ? wait_for_completion+0x810/0x810 [ 2288.673834] ? __fdget+0x1b/0x20 [ 2288.677209] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2288.682755] ? sockfd_lookup_light+0xc2/0x160 [ 2288.687258] __sys_sendmsg+0x112/0x270 [ 2288.691137] ? __ia32_sys_shutdown+0x80/0x80 [ 2288.695539] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2288.700892] ? trace_hardirqs_off_caller+0x300/0x300 [ 2288.705981] ? ret_from_fork+0x15/0x50 [ 2288.709857] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2288.714601] __x64_sys_sendmsg+0x78/0xb0 [ 2288.718674] do_syscall_64+0x1a3/0x800 [ 2288.722550] ? syscall_return_slowpath+0x5f0/0x5f0 [ 2288.727471] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 2288.732481] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2288.737319] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2288.742494] RIP: 0033:0x457ec9 [ 2288.745688] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2288.764575] RSP: 002b:00007fd6cfe75c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2288.772265] RAX: ffffffffffffffda RBX: 00007fd6cfe75c90 RCX: 0000000000457ec9 [ 2288.779518] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003 [ 2288.786772] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2288.794028] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd6cfe766d4 [ 2288.801281] R13: 00000000004c4e14 R14: 00000000004d8740 R15: 0000000000000004 04:15:54 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(0x0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:15:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00244040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:15:54 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000034060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:15:54 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:15:54 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x4}, 0x0) 04:15:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0000f5060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2291.009851] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2291.031876] binder: 11387:11394 unknown command 1077945344 [ 2291.049336] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2291.057170] binder: 11387:11394 ioctl c0306201 20000440 returned -22 [ 2291.072162] binder_alloc: binder_alloc_mmap_handler: 11387 20001000-20004000 already mapped failed -16 04:15:54 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(0x0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:15:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0000f6060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:15:54 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x800, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) [ 2291.104692] binder: BINDER_SET_CONTEXT_MGR already set 04:15:54 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x5}, 0x0) [ 2291.132912] binder: 11387:11401 unknown command 1077945344 [ 2291.172029] binder: 11387:11394 ioctl 40046207 0 returned -16 04:15:54 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000035060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2291.205691] binder: 11387:11401 ioctl c0306201 20000440 returned -22 04:15:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00254040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:15:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0000f7060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2291.310096] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:15:54 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(0x0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2291.370746] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:15:54 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00000000000000000000000000000000e0cd43b3cce97f5e27ba465169f519746e4af62047f22b16995c676f06d449cfce9d4e9cb467476adc1512bc94572d1f952df29bfa2ad9708546aa6a755bb011acb95ba7ae22171de8fb60e0daba7b07619d89a32a0a805c433cf6c3e0c9d3a7464b915df244"], 0x8, 0x0) prctl$PR_SET_ENDIAN(0x14, 0x2) 04:15:54 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x6}, 0x0) [ 2291.422054] binder: 11423:11426 unknown command 1077945600 [ 2291.451254] binder: 11423:11426 ioctl c0306201 20000440 returned -22 04:15:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0000f8060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:15:54 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000036060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2291.500639] binder_alloc: binder_alloc_mmap_handler: 11423 20001000-20004000 already mapped failed -16 [ 2291.569594] binder: BINDER_SET_CONTEXT_MGR already set [ 2291.570069] binder: 11423:11441 unknown command 1077945600 [ 2291.603511] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:15:54 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000140)={0x0, 0x5a, "62e743342898bd6f763f4ef70a9d53dd29aef1aea0bc9d1a17dd0c7c15e27dec7fd638ac0aae9793af7d4d190348cddbfaf68ba672745e929153f4c2cd546fcadf64ca9b373700825cf3b043e3ab5da1571474822b610ecc9255"}, &(0x7f00000001c0)=0x62) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000200)=@assoc_value={r2}, &(0x7f0000000080)=0x5) ioctl$NBD_SET_BLKSIZE(r1, 0xab01, 0x3) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f00000000c0)={0x0, 0x2d6}, &(0x7f0000000100)=0x8) setsockopt$bt_hci_HCI_DATA_DIR(r1, 0x0, 0x1, &(0x7f0000000040)=0x3, 0x4) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:15:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0000f9060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2291.630898] binder: 11423:11426 ioctl 40046207 0 returned -16 [ 2291.640169] binder: 11423:11441 ioctl c0306201 20000440 returned -22 04:15:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00264040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2291.686339] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:15:54 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x7}, 0x0) 04:15:54 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000037060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:15:55 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0000fa060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:15:55 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0xffffffff, 0x400000) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x200}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) [ 2291.845353] binder: 11457:11462 unknown command 1077945856 [ 2291.870562] binder: 11457:11462 ioctl c0306201 20000440 returned -22 [ 2291.886662] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2291.902828] binder_alloc: binder_alloc_mmap_handler: 11457 20001000-20004000 already mapped failed -16 [ 2291.914641] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2291.925821] binder: BINDER_SET_CONTEXT_MGR already set [ 2291.931225] binder: 11457:11468 unknown command 1077945856 [ 2291.946010] binder: 11457:11462 ioctl 40046207 0 returned -16 [ 2291.955347] binder: 11457:11468 ioctl c0306201 20000440 returned -22 04:15:57 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:15:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00274040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:15:57 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0000fb060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:15:57 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) ioctl$SG_GET_ACCESS_COUNT(r1, 0x2289, &(0x7f0000000080)) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) syz_genetlink_get_family_id$net_dm(&(0x7f0000000040)='NET_DM\x00') msgsnd(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="055b8820c90100030000000000215ab975b65449dfc664f8a163457e817d0ba41dde3a00abf9d9cfacb3c8d623ff83f3d22f0c52fb4a01966d3e07db2d4066da41599607f81982d533b96db50e27b423ab7c61f2dbaff64348d8568459841e745d73fb2f55daca29f4bc8d043b6bc8e5480aa5667ece71109d658223303fd8c8912799af212b9befc907a322ef"], 0x8, 0x0) 04:15:57 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x8}, 0x0) 04:15:57 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000038060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2294.478850] binder: 11481:11487 unknown command 1077946112 [ 2294.499215] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2294.501603] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2294.509986] binder: 11481:11487 ioctl c0306201 20000440 returned -22 04:15:57 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0000fc060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2294.534173] binder_alloc: binder_alloc_mmap_handler: 11481 20001000-20004000 already mapped failed -16 04:15:57 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) getsockopt$inet6_buf(r1, 0x29, 0x2c, &(0x7f0000000040)=""/204, &(0x7f0000000140)=0xcc) 04:15:57 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000039060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:15:57 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xa}, 0x0) 04:15:57 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0000fd060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2294.654830] binder: 11481:11495 unknown command 1077946112 [ 2294.664784] binder: BINDER_SET_CONTEXT_MGR already set [ 2294.671024] binder: 11481:11495 ioctl c0306201 20000440 returned -22 [ 2294.686016] binder: 11481:11505 ioctl 40046207 0 returned -16 04:15:57 executing program 3: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x8800, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000080)={0xc0000000, 0x5, "34b20950d2896fc1748f0573aec399793f005c8bb69b4da7b768e15614531ade", 0x4, 0x4, 0x2, 0x20, 0x1abf, 0x2825, 0x3, 0x401, [0x0, 0x10000, 0x9, 0x3ff]}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) [ 2294.705037] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2294.736418] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2294.836368] Unknown ioctl -1058515353 04:16:00 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00284040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0000fe060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:00 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600003a060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:00 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xe}, 0x0) 04:16:00 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) [ 2297.489912] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2297.514153] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2297.528886] binder: 11525:11534 unknown command 1077946368 04:16:00 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600003b060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:00 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xf}, 0x0) [ 2297.549668] binder: 11525:11534 ioctl c0306201 20000440 returned -22 [ 2297.572880] binder_alloc: binder_alloc_mmap_handler: 11525 20001000-20004000 already mapped failed -16 04:16:00 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x261}}, 0xfffffffffffffffe) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000040)=0x0) fcntl$setown(r1, 0x8, r2) 04:16:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0000ff060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2297.653994] binder: BINDER_SET_CONTEXT_MGR already set 04:16:00 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000001cd7a2dad1adffae6df812514925dbfc13e11b9d035a688295a2"], 0x8, 0x0) [ 2297.681568] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2297.693215] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2297.703398] binder: 11525:11534 ioctl 40046207 0 returned -16 04:16:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00294040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2297.843124] binder: 11558:11559 unknown command 1077946624 [ 2297.865718] binder: 11558:11559 ioctl c0306201 20000440 returned -22 [ 2297.885875] binder_alloc: binder_alloc_mmap_handler: 11558 20001000-20004000 already mapped failed -16 [ 2297.906724] binder: BINDER_SET_CONTEXT_MGR already set [ 2297.924355] binder: 11558:11563 unknown command 1077946624 [ 2297.930204] binder: 11558:11563 ioctl c0306201 20000440 returned -22 [ 2297.946176] binder: 11558:11559 ioctl 40046207 0 returned -16 04:16:03 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:03 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x10}, 0x0) 04:16:03 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100050000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:03 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600003c060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:03 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000e7ae87"], 0x8, 0x0) ioctl$VT_SETMODE(r1, 0x5602, &(0x7f0000000040)={0x3, 0x9, 0xdc0, 0x2, 0x8}) 04:16:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="002a4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2300.589819] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2300.598226] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2300.599646] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2300.617921] binder: 11567:11578 unknown command 1077946880 [ 2300.623586] binder: 11567:11578 ioctl c0306201 20000440 returned -22 04:16:03 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000102060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:03 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000200)={0x0}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000240)={0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001300)={0x4c, 0x0, &(0x7f0000000280)=[@increfs, @enter_looper, @acquire_done={0x40106309, r2, 0x1}, @increfs={0x40046304, 0x1}, @clear_death={0x400c630f, 0x2, 0x4}, @increfs_done={0x40106308, r3, 0x3}], 0x1000, 0x0, &(0x7f0000000300)="111c3f093af91c9eb7fe93a51f91915df1caa287b33a4af81391167f694d9f2bf5a951bebbe1f4992110feb1dc4c364628c35d071471da7cc0ad52f5ad5e549c479d113083f7b3025d8048468e8ab94897410bb5f7acf15bc799102059e225be70ef67aaeaeb944157299a29b6f4579d8a121ac819a62b8803ed8a45b28bcf15bf5ff887100d4becf9fcc8d95030a0b9083ac06fdaaa538ca98abe1a727f87aa79d19bf03a3c9a80f7aa818806f07c926b1df6f11c16d2988985d1ac14a6ea295e0f3e5a67c99d155b8199667c2ccc046fa21f666219ed2f9baffec80ea3220a7dc5148e3a166e5904cf2b72230d1bcecb86024779f0cb4b969cc9ec301113d626d75a0209bf23afb6a92836f44b72638d86e4825e2fc974cc8d7d659264c63e882656f3f434b1dd4c74f65d8b047022868d72e28c660f364af2c47eebdf04b9a9341f7d0e40423e7b2ae39b3dff8cfc8bbdaf8f63bfb7968db191dd2b43a3eb4af45679ca3db5329fbe949c4bf5d25b616b11cf5f83b0198a6cb83fa7943bc4e63e0dad6efabbab83c7fa355bed22f3ea26883cca4187fa5954b02a7bd86db0db8b3576554f9617dbf390c252261e92bb3e1c4b42194ce4cebc37a982053c99e7045bdb9ee2f127395c634bf7214235e5a74b5917b0a70749055dc611dffb0ba52214015058ef2a3ec64ca6aaa0fa0d3b99a1beec11666aed9383caaa308cada8e5ff3d49647ba2af499e1e8c35932601a023869cc4b322b379bb9f462d3b5c0fbd0150e8a34a572ba6e67a93af0d88ff3ee3a2852d084065b6df5fafa9aa3976d257459f5990b351fc9c22f1a72bf56a35b22b7a83c3028950066abfe3259e18cac7e9897f5e6e942157b16fbca194b6ed7c09b41536c8c3b53efdeaea21c805b22accb1531cd129881d958bdddb64884346211e49777c59d5bca793af896991fb560b337d44e57aa29a3fb4352005f1e6402d2246ab5eb1ec14e9a578e48f8123e80737d75aa30d68e5ee9ddaa2c6ac01cc7582ca6af415c4a116d6c7370294dd2e5b67629da00412dfaef6b19804456591efaba4e499b5fce0be26324a73dfd689dbfa86915e156e1b8abb26c2f8cb9fd61b541bfc052780f6b2c5775ef2353ffa8b5039da0ea44de037cb1232aaff2f23646ad6d2e506296ef41eb5b98a4d14cd1db9f3870c0f9129026ccb7875bf781ad0366aa426501be9cd33047e52ccc438bceb9e3379acb287fbb63147b224fd4d251952f32bfc1286e91536fb2abb0ce1703d66f2823cb912c9015b0da7557895b632c08a67c3ee07087490978599a7c055626187f3a63c71faa720ab1527408ab9cbeb14d2970c7fc68257206bfa48600b6bd8794a1c45895fdf78d445fa93f2478be7f0e410c5a88d83d99f8805b9af3b6f3d75eebb0ff9fc03f8bb21281d19f99def5cf7f4b53d5a866361748f7adce73f42bcc08d45bf33e544c406b1fc22ccf5466b5f1a4c189e8ff8c0aafc277a75fd454336618bcbeed307ac43998199123cf84124130213f116c71ed8cd133074bd5a0111ab53d0199418c3f424efd2b92e1f5e74a0935bd432f978215abfb66334b10c5470ee397603c72b7ff2f04bd4809ec1e7f36751cd29f18e5770264e36c963a91fd1e28c199823befb699eaf669e46a657391c18c273ac94837aacbd3410c374dc636010f9b0a08502bb4cd33bd825631144ada630deccbfc4e0ee2a14392a59a9f3eebdee8324ecd75976511420a1a03c005b43734a0040d9f8255fa49ba8b81a6d2e5b346b5e3d28cb4bdbce84e7b9cec378b78dac8d624c1c7f294d76e1d4d6998ff4f18fa669535ad0a8fe2eeaa06daca12e65acc9d3462a9a0359a34fea78c8003ab67932bf6dacc89cfc3f683a58fa02a1a1b50b094120c8dc0074d9994637f2b00aa3afcb633d5e02dc19a2f4b60d8c12f64bdf8ca3cbaecbcc40c07d73e3bb1e17fbf5f144c031da0a7f31b634d467a0feed61b961bfed7c9c0e5bad6535d49f1de05b9c8d87948ab80d9c48b04940d7abcf52ae0c0f36bb685a2553b6e8631e858dec2154fb947df39fb5eac4f74c2e44fe2ff252c6f308bed90c9f0fc3cba95d62257fe3c12e1443662c5556bb79d8d3257f4fa8e33ae68f7b1323ddf5132544ce57a895518ddc9164260f7c087537d0c403e3d7cf8ca13e2f0cda600a34725ead57a2898da739f4388bb36be219567749b012639bbbdc13d6a734bcb235010edd800fced91ce28f419434fa3e708ebd8f19bac4275b040c3ab556f667f4fea59a712c325e3ac17aefd1d18efb744d376e04235bde1946411ed66281fbcdbff73a0fe63d9fed7ac013ab2098c0fc5aad0fbba0ed6b3ba6d750c26717c09f5573069aa553e258ffb994507fc06849c6b6e4fe3369a1b80947130eadf40419596cc39246d2fbe1efea88b99af3494437517e060e7c13b2f8b2a4ac095bb231c3310b29aee44312c7895c9bf393771499d24ef07cf00a0f64dda6104c2638489271f7e37ab84693a184d5216a5dfa0ed598f063db22420fc2ec55d90273dc196ee8704a059e23a2c87a64921d1e0eb165502b6c1c8378b7bc721e9234a75aa008da9b36876bd9edd0fdb477e33418f5a94c0e1d5a07f438c17d37faaea22999a5f91bcd418610022988f3f483196e1f82aa32fcbd49b18787385cc3a86a1eef66dcded7587e2c8618742cbe430f232a326bc10e5610d8a3471e10fd24e899fab2d3e0ce294cb60838e63f8b1a621961400b7e10dbc61cbe5874932e96b6b318536965b06271c8a49422e907c4bb80170fa54b4f361180c6ae30aa062c7dae675b32476f4bceaeeebd77e35be1ddc25230b093c58a6dd1c0aed6e4090028671732792deb7e048495c8727aefc095670ff362c3a5f089ef02fcfba929d753c01893638512b8d6b7bf0262a13f9dfac00b5d6c17629dcc912b61a28603a2e1eab70ec776ab50ddb18dfb229f73e8ef2032742d59ebde6ba5bf7d4b10d855d9483d3a77a4b6b2ab94d0ca26a44776b718606969fdffa41113b2405995cd548e4ee17e2f02d5864bf1eb7cc0c3102f8b837466b08cf03af4390999ef1c607bf64524380fecd0dd2f2dba3388b245f8625927b842ec9a9350a7ba14739b968182571807db7dab433a01dd39484664bc912a004fc26e890c408b0ee6b3f84c89c0883f0e4ab4328dd6fffb87c1dbca9fed7a08156beee75cb60a54c60e394b72a17c18c6364a39196cc6d079432664ca69712dcd1778615420bc8ddcdb8027e3c5afc17bb7f50978ec6adeed85b5431c2197f76a116a938ecc88af71a70eaa9b502c833c6996c546e1de59b4bd3d79971af683895db7f39b5aec156ba132eb9a2138b3a36b11d3a325fe4744536d7b354fe81dd62bda7fd8f5ba56bc1fffa7ba53d18748dab4039dc7b4db2ca5ecb3ec6340b432a99c1e58fe03ad5d9b52f7b7892b8c4e02e6135b14e109074e66009593ecee70472d46d7d168ee386a8361e721fcfe21d4102d21a453d14307671fb0f0a1d9c33ad73bf4f5c28815950ceeceda8090dd2e9ac60738c7a48312723c5bacebbbabd0590b436679461997bfffb338e72cdcf53a173313bf433a069954ae8c03bd24454726ff352b1e450d71bc1a7e81c59733c7dbd31dc451b0c6e345e363dcbf66c7072b1bf8b3190e978be1c1cb89f32ab281b5623dba45265502f0885da35c33cf2f203317a18c2f99c73ea2fe3128fdb74836f720f0b588e591f38102302b156610015c9227fa43ee7c44cef5687b815b3e92558fb4bdb85e5f9ca17a5e2ef3603c52cf2ff3157db2a88e94d71a4f7ba854edfc098bfecffc0f3be7d7bc9fb9a7edc57f01d35e551726bcdaddd1276514fde0f26ca23215dcb1f919ff8266681fd3b43e3456942bd8d5bcadffd21f09c6105e86e6e03e49d9a53b79524fe7406a1ed4ba40426193a073ee33a0d024cb97a0363a7020accfccdcb8620d60a06fc890cd67dbcdd3b6d69c1bd605a50b98a1f18a61001264678b712d4e457fd18705bcd31b5f2cab04a9126d066ca3eb0a1bf994011bf43adbea622bcf3bd49f5e189ade6c6d91805360a0749104766a937e08488df9e81bcf56fd92a7132cff3f76199d56b3adcc91090d74b831c3ace20a7088edc7711580f831996666edd38decefcd5fde3f2564c709faedcdfd9a988a258233ad88a8d3ba2c3fa98a5aa3ac339bf048e91ff69f02e7a95c1f8a5f0bca7b90ea7d4818b2c2935c0cc2fba7534094d6d5adc25f5214836c4cea86cb401d22717cf2108339178cc21feeb304c9a5e5695c89933dda9bd05cc5a5df9ee9277d79e99c4a49affaa00982208f416bf8dd7808a25f5817532ec3da5f0b82747ff6b172baad11db1df54c0c78df684570dce67f238928fa73794008ced65cff21ccc30ce203afbd77e66e19f1274ebb63263cfa7b620ed19aea1664b768b0959830cdf12bb0cc86edb44e0195c29ab0daa5087db8182e284113171028d9c4320651ecba1a045e93754ff0d895f02a73e9368c81a0e080ad0bdaf364f05918850fa1520a1924667a66b79158902a316ac7ab599ad53ab8419bf9ce3edbb2585bf56a9210389ea8dc31f569ac8d4ba0c61bccd72312788b062e076252743e7d0391d3ea66896a7bbdb2b125e6ab197a2b7d6ff1a070088d36e2a620993a3d2fad1e93e172e8876339e9d6b83481449846d6ecfc7abdfb9f61d6b67ae75347f55668d9cfe4aad57435c94c48c35cc674a1473434e6c94fd8eab1daa34bdf98e82f55ce63cc5f62d3019faef39358b616c71df687044e43974f3165190fea15f3e55c9a61ad1b2831daad534d23c457d778256698a9bfff66a222088a54a6a05b3ca1640609901d7fb99a6e615c90fa60caefda6d4ce6c60907a6e2555c7b80fa456d7e37a775dbbb6a0f37a92f388fb7311fed0ebf9c9978c61bdb4996cffabdaf730f385283f10a0f3e2da0e26bdaf2ce7492c046be042fb1e9a5ae9a70392daa37a4ba9e9527f88338c76dc84048cc69f25f32c8a5afcf42c7ad9ef3e346b1055100a29e2918db4862214faaf4deea63480edbca92df2766219333d7bee05063c167d67ac3d5ad61f432c23de3fa9b36ea3fae7ca7092888b93599324a280791c3b8b127f64c88ef7673fa91fee3618e14bf2bec609c3c6ed2fc749872f69f3e4497df244e97f391f03ae7399e2c80ebc3d5a2030d73408409712dad2f46cb566ed7d85256d0da84976e1502340fe5cb1987e42a93b818f233da773032edfa8297b2e64f4f968380ee15fc4783ca3b5e6caa79b30984ac5655269b6097e9245061edde3a6f6820657a6addde586aab97547c8df16bb2194b22563ec9bb2f0df820614ddb4a1c98a400d97e438a9aad17e0c3265b7f15d4045d2b2c5d2258cddb0b44694ced0b2a35fa58062e1d14b079b0aa9b78d9e259764131602b5d4c39dfcddb1e13683bbc585c8a3fc0225ea76c30988be9f34fdbdc685685377b61fd2c09d4a538e622c7da39df1c444cc5548401b459212f84826a95960d34cf2d907f22f5321474c4d626458a30f5dd0a3c762b41129c1feef8c9476b223a819483e9c592b94cd982a909d151358a73a4e8138aa3bea2a22ebb8c5f3abaf49a1d3e3b997c53438d66bab7a1276dcfe649b417781eb63593e7e6b5e50724e65d77b098f8cd5894db3b5e5aa9a24960b76f624ab6f9979e39d60b436e05be837eb3a64cfc5b851d0fea6bb3ba84b3cec41cf9fcd38dad34a153243e875536fac385e01b96186b9c363b80e43b075b65edda89edc81a0305e6"}) r4 = msgget(0x1, 0x8) msgsnd(r4, &(0x7f0000001500)={0x1, "718d21d62ddd1898eca5fe0a24acf95009de11ea372010ecd21398d61fc57647ca43fc219a5a914ae38e88d8d2df8afeca000000008239bc2aa805351cca6d28730e6155010a623f6b8480b240d32cb2d379357ad74f3ccbb4ef2a1e310059badcfdcb25d41254839dbab1ffe44dc610cb7520e392d50ad767f24e120500000000000000cb4cb0ee2248483b0fbf696cf9b03dec7f7c0000000000000000000000"}, 0xfffffffffffffd5b, 0x800) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000140)={r1, &(0x7f0000000040)="dd6118c44ebd6674c84355f5cf582dd67fd2ed4434ad2a358c506d817792546164460b9a23825b97c991cdab2d42b0d1b4803902b883630c5b1f072cd064ff6a354948522ea7ef76117e333bc0e38b541194e4b51831025d146e1545094144f6fa8b2a9cf035a2fb2168b599c48448158fa47ede476c48b4fa92a6e1157ffac40caa153a9724d467284443317aae6d5ab361a1873c0f2283fbb5e675ebc34f49050438b49e0a11c44aaf52df10494dc58c27fafe4c1d54983ee5adc5da54a1d2de7a4b0d9c4abb493b1bbc48dd6a34a9db2caa62ce3ea0b271e1eaf6d53c0e2b9da7e19156eb311cdc"}, 0x10) [ 2300.682283] binder_alloc: binder_alloc_mmap_handler: 11567 20001000-20004000 already mapped failed -16 04:16:03 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x48}, 0x0) 04:16:03 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600003d060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2300.723810] binder: BINDER_SET_CONTEXT_MGR already set [ 2300.729890] binder: 11567:11580 unknown command 1077946880 04:16:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="002b4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2300.769163] binder: 11567:11578 ioctl 40046207 0 returned -16 [ 2300.800055] binder: 11567:11580 ioctl c0306201 20000440 returned -22 04:16:04 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) [ 2300.937711] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2300.945808] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2300.960065] binder: 11592:11593 unknown command 1077947136 [ 2300.976569] binder: 11592:11593 ioctl c0306201 20000440 returned -22 [ 2301.011584] binder_alloc: binder_alloc_mmap_handler: 11592 20001000-20004000 already mapped failed -16 [ 2301.029773] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2301.063886] binder: 11592:11603 unknown command 1077947136 [ 2301.094420] binder: BINDER_SET_CONTEXT_MGR already set [ 2301.119329] binder: 11592:11603 ioctl c0306201 20000440 returned -22 [ 2301.135545] binder: 11592:11605 ioctl 40046207 0 returned -16 [ 2303.546269] device bridge_slave_1 left promiscuous mode [ 2303.551882] bridge0: port 2(bridge_slave_1) entered disabled state [ 2303.607047] device bridge_slave_0 left promiscuous mode [ 2303.612568] bridge0: port 1(bridge_slave_0) entered disabled state 04:16:07 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:07 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000103060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:07 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600003e060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="002c4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:07 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x4c}, 0x0) 04:16:07 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x8, 0x0) [ 2304.022037] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2304.045396] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2304.059604] binder: 11616:11622 unknown command 1077947392 [ 2304.085779] binder: 11616:11622 ioctl c0306201 20000440 returned -22 [ 2304.116925] binder_alloc: binder_alloc_mmap_handler: 11616 20001000-20004000 already mapped failed -16 04:16:07 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000104060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:07 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600003f060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2304.136114] binder: BINDER_SET_CONTEXT_MGR already set [ 2304.153010] binder: 11616:11624 ioctl 40046207 0 returned -16 04:16:07 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x60}, 0x0) 04:16:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="002d4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2304.297392] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2304.309328] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:16:07 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000105060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2304.343685] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2304.379480] binder: 11638:11640 unknown command 1077947648 04:16:07 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x68}, 0x0) [ 2304.399282] binder: 11638:11640 ioctl c0306201 20000440 returned -22 [ 2304.436526] binder_alloc: binder_alloc_mmap_handler: 11638 20001000-20004000 already mapped failed -16 [ 2304.475402] binder: BINDER_SET_CONTEXT_MGR already set [ 2304.480918] binder: 11638:11643 unknown command 1077947648 [ 2304.516127] binder: 11638:11640 ioctl 40046207 0 returned -16 [ 2304.548103] binder: 11638:11643 ioctl c0306201 20000440 returned -22 [ 2304.583209] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2304.642593] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2307.868026] device hsr_slave_1 left promiscuous mode [ 2307.941186] device hsr_slave_0 left promiscuous mode [ 2308.000296] team0 (unregistering): Port device team_slave_1 removed [ 2308.011659] team0 (unregistering): Port device team_slave_0 removed [ 2308.023064] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 2308.061697] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 2308.152456] bond0 (unregistering): Released all slaves 04:16:11 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:11 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000040060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000106060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="002e4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:11 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x6c}, 0x0) [ 2308.276868] IPVS: ftp: loaded support on port[0] = 21 [ 2308.344812] binder: 11652:11656 unknown command 1077947904 [ 2308.364312] binder: 11652:11656 ioctl c0306201 20000440 returned -22 [ 2308.371756] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2308.374014] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2308.404529] binder_alloc: binder_alloc_mmap_handler: 11652 20001000-20004000 already mapped failed -16 [ 2308.404656] binder: BINDER_SET_CONTEXT_MGR already set [ 2308.422784] binder: 11652:11663 unknown command 1077947904 [ 2308.434109] binder: 11652:11663 ioctl c0306201 20000440 returned -22 [ 2308.443370] binder: 11652:11656 ioctl 40046207 0 returned -16 [ 2308.617186] chnl_net:caif_netlink_parms(): no params data found [ 2308.663882] bridge0: port 1(bridge_slave_0) entered blocking state [ 2308.671685] bridge0: port 1(bridge_slave_0) entered disabled state [ 2308.679528] device bridge_slave_0 entered promiscuous mode [ 2308.687570] bridge0: port 2(bridge_slave_1) entered blocking state [ 2308.694002] bridge0: port 2(bridge_slave_1) entered disabled state [ 2308.701893] device bridge_slave_1 entered promiscuous mode [ 2308.727343] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2308.737311] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2308.760422] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2308.768665] team0: Port device team_slave_0 added [ 2308.774320] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2308.782159] team0: Port device team_slave_1 added [ 2308.787873] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 2308.795665] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 2308.863013] device hsr_slave_0 entered promiscuous mode [ 2308.925572] device hsr_slave_1 entered promiscuous mode [ 2309.025974] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 2309.033032] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 2309.063430] bridge0: port 2(bridge_slave_1) entered blocking state [ 2309.069871] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2309.076591] bridge0: port 1(bridge_slave_0) entered blocking state [ 2309.082962] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2309.161094] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2309.179415] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2309.194424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2309.211656] bridge0: port 1(bridge_slave_0) entered disabled state [ 2309.231770] bridge0: port 2(bridge_slave_1) entered disabled state [ 2309.247982] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 2309.254056] 8021q: adding VLAN 0 to HW filter on device team0 [ 2309.275622] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2309.283370] bridge0: port 1(bridge_slave_0) entered blocking state [ 2309.289989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2309.307590] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 2309.322502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2309.331310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2309.345823] bridge0: port 2(bridge_slave_1) entered blocking state [ 2309.352184] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2309.366921] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 2309.375780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2309.386263] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 2309.397149] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 2309.404016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2309.413681] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2309.422917] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2309.434226] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 2309.442213] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2309.450392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2309.460761] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2309.477907] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 2309.494117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2309.502795] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2309.519975] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 2309.534632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2309.550379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2309.563556] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 2309.571311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 04:16:12 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1b16e40400ea02fc0100000000000000"], 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x2000}) ioctl$SIOCAX25CTLCON(r1, 0x89e8, &(0x7f0000000040)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xb, 0x0, 0x7, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) 04:16:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000107060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="002f4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:12 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000041060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:12 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x74}, 0x0) [ 2309.590423] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 2309.614343] 8021q: adding VLAN 0 to HW filter on device batadv0 04:16:12 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000042060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2309.702026] binder: 11675:11677 unknown command 1077948160 [ 2309.708842] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2309.717484] binder: 11675:11677 ioctl c0306201 20000440 returned -22 [ 2309.718818] binder_alloc: binder_alloc_mmap_handler: 11675 20001000-20004000 already mapped failed -16 [ 2309.743497] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2309.782960] binder: BINDER_SET_CONTEXT_MGR already set 04:16:13 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000108060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2309.825299] binder: 11675:11683 unknown command 1077948160 [ 2309.830989] binder: 11675:11683 ioctl c0306201 20000440 returned -22 [ 2309.874564] binder: 11675:11677 ioctl 40046207 0 returned -16 [ 2309.896736] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:16:14 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:14 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) connect$tipc(r1, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x2, {0x43, 0x1, 0x1}}, 0x10) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:16:14 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x7a}, 0x0) 04:16:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00304040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:14 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000043060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:14 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010a060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2311.369237] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2311.383654] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2311.395794] binder: 11701:11708 unknown command 1077948416 04:16:14 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010e060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2311.419754] binder: 11701:11708 ioctl c0306201 20000440 returned -22 04:16:14 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup3(r0, r0, 0x80000) sendto$inet(r1, &(0x7f00000004c0)="7cf3b6c92c389a36211ba63aecf038fa6ef02858fda3d66330cbd95f00634e3f8510562a26f129b916ef69fa0aecd68a28c1ec55f291a7a832d5575caa88ce8afb9bf7614e8f6346c06b3123d510e01993ace9ab641c145b3bce10ab85dab3a7960605572199090fa05477430acb07f1cd78a2aea99378d3e2ca5800dbb5f797672f43b24dc9ea183cdf2203f09b14883dacf21465fd3e82133e533a628c3f9420183a5ba013aa25519fbc249adda4db05de541c939486dac721b869856ff26bbbf75c89ca875b3c7cd894e70577eb84adc371e70913c7cddea228817f6f305fb4a1a31cfbbe596105057ba5f451fb3f0a1031dcc51b4d886c2e8986bfd6a5babe3094304347df6f3b121a77880ece82f45f858bd3039f8d84334691159345ac6875bc7508ecc51ea2053ff200173cb71009406a19089df8b52a38a509c9554383d9fed9d56ee057f2da3d41fee2ce85c0e08c28a01fc4a5640d8f0858ca996a6fa6984991f323057076468afca5f7e00c2988136d0eaaa95eecedd5f8b7db30f17d6c2931a1cdfd216064f69745a0a7bcb4d9fcf7ce0b0e7e6f29f646be470a0c59883756c1ad0fc7193e8a9a87ea3acd92adef24aea0450bba1b8a6cc7b78053bcce6f3377a023c5ca1e6ba44764545f81481ccbdd8e1f94139fbced2c5e966c5fe903a20b748aeb6d3978f65fa01e7cdf425dfa6837fc71d7a594e01c760ebe9befb0a3c01de8b8dd04a03625c5169e700a4e4abcb1daa0afaaf692a7b37633739dc103273abeef3590267587d9d2f5e1bff6c7775e661a8826af67264c250a4d402903bbb90de3ab3a546dc6bd6003a1c8c31b8ae5f28d1d9c3c440bb64b7876aab9603a55e6c10b477bf990c5085b98ff95ec675654d149d647ee4ae57df16354ae0497c7c098c8e7f7c2cf4104f1ddd35ebad84900d278bc0f7f65cf9c43b415278c5a15cb7ab092fe0726d7dbb6f504ed546a1ce8ddd8c5c3654e2f8041d2e9ce882ebe419a83fd265574b984f9f66b7703ac4a82ed1dcaf9219cdfcb84a23495e6b6f5cbffb616905801b49b425f744e01e08d88c93ea79b0536f4c137b73ae270a48d889c2dfc407284f87bec13b88244299be50a704689102991810dfbfad5d5a6f82eb23497af6d7e2c613aa45ba7d5caf5186117b70f96a6e68e7499fdbbb521d9646c952e1b00626556363b2a06455043253b6d32fa2a13807b9097d10c0bfbfa2005a794254b138daaabfe027dbc00c8da1a079c5c0e3e3d2d7e170e0782b286f95a103bd65f2a01f58631cd6db6a2907cebd06df0c11712c5ddf0b7a8cd9a2f3cda0fb9baf14eeb907dd0dcb546500079d909b8eac9a09147824e3e96e0786f8d5f2463c2695c2e3caac9e657dc33d71c2e8859f5de31a5ab01651f9c19d0a96be25214613ec1449b805d9f2b64f1c4743b28ac5d4e9f0cc0f5cb96ca10afef55a207c84223f071c153e5a65f9011ea9843b8b7680829054b38bb83ebf9e54c61af28dcebd1747df0025517c5b363c58d4152f184dccc1498c123a8fdb34a55e0869a90ad6f37c5626db6f7f723ed1d4b3c11290e37767124f125eccdc76338fb023f0d681fef291eec9be51cc8bcd69ad0af9d27ccff89c01e48c005a5f7bfb80fab2d12e4e811320f3d0ed57fe119a08280bfa3fdab500c43c75bd1286faf74282525dbb67e771567a6b4d233b28dbd59764cfec6a799640627893cf09c37c1852084b27b8ea9ece081e42bfe37cd40d6356b510d4fda1f9ffe77ebeea4f470e4157f1bc420359688d4c3da7563d07be49f6193c70e5e884f95842b8679bc3e24cd26b383267bc3b6fab9eb352c98cd2d68cb2d905270b2943db32f8d4f52841c41de0dddc1adfe42a432869844683a7e7a22fe88b040019337eafd7ba82fc44358e24986916757f73572a9de41d31e1e2d3696e463f8fc19a899679cb076ba7838529b932ff25d37aaa730f76348436c49c91d91b1713719e671bbc2c1eb88cf675f0ba5f860c36579ef96d09b1020cfc6bac4b9ca7685cc0df8c3f658458535b09cbf05620186486dcda1216c95eae15a1f4fef36fa07ad38b2bfce2dd39264ee9b97115452446208a4453db97651c8227d93f0b8bc2704ee8966dd84312750120cca7b0e4560516d6c2e8d7e21df4152064132d7e513873f7c9174a59faa8b9d5a53e1b29edb582c4bcb7c87f39648ddb8f054156efd11f4919a63a4b9f7f1902a358abf8f1a7b7a949062646b810c7537bd3e826cae6461404c5741b04b8d92dc61bfcc4bc05f33634eee401d6aedf0b531e993515d238e008259cd967526e770598655254ce1c0072a798649b97230a15ac4997b2a18ba95a11644c4f86b49359a920fa2738c31ac241f884e2cdac0ec3bd8ba9121e70d77a3e0257c96bb60742afb7e2de33cc3041bb014a382975ebfd3357687f3ac343b94045a679829eec33f3f1855e7a393547b7ba4c8a342021568969b14708c220e4a3dfc7185fcf634627b02ebcb6412c30847f725b4a810b50975cc1b8828ac3e959d3cf24904662ebcc0aaed4cb93b12b0430262f821d79c20fb7b16a502e1693c68b34878b7cd8f347efe024e7ff61f90d131e5902d5ce1378464de2e19f365823457d550968c90fcdd7319f582283cb6b028bd94eaee26a4701d559b56e45fe9c8ab7f413814a4395864560757dc7a35aff19bc4ddf11500acf708b98995ef9479cc0b65fa513d7e1b7198bece4b412ee67e7f42738e47bd4ad21136ab772e28cd4e4c9284bd0a73cc401289575ab755e4b3449ac3f1f7588ef47b478bd62aa1cc27ce1cbae9fa530327d4be9d546533f84d9dd4e1f30c55f0b04f6fce144e173d662d980aa10dbb61f65e7ae97cb9dee64d1c414cb7bbee2cf288b7d85dd6ba618d7d5a6544cfbb6c775363f6f64e5f013326d4a324b51df3bbb29a856cfbe1dd1694c6e6bd6fad744dbf79aea727a6f5de05119a346080ec3a25063d085dfd15035836a33a275d46cac5309b8521f201553616a29ccec3d3c387a035ffb9b05b4fd34932444108560ef8adc7a2afdb70bb42c71ff104f94fc66268fce976deda69e98c5508279fbf3b1283331d2552f9e44d18da320e7c008820fc200f98997096c90cd54fef078a969370690ec61d68eab93a833aeff3061e9d351757dc10237a296a82344b7eaeb3405d079200a32715e0414d5b43bfed7f52ed7933f57b77bc46091d178d9e649324dca07a386d9f8c930859f7dde676f2184687611f990462e3d8a1c0e2b66c5ad5c47add7887ce050f14b924180532f36aff98328b52ba69cb50c26663f43548a2552edae77786a6bad6c8fc26054989bd4c9cbcf264a266640208cf96dc82d7068a190110a5f43ab7004659439c2a6152eddcda1bbf2ef49e3b7cd0598e6dc01040dc48affdb3be48f421ce653c836db4fb8e30de188fb934f995af2582f75115e15e1b79480fbffa16e93740ab039e6a2c7798a05aa9ce35e4a56b2eebf0197da3255cc548c12e2ab4fafcf36025df31ea55c9f78ec9e72cf24e277447585d26f512918c8c01be3f065b9735f875b66dc9f2f727796f327adb938bd95f31853d2039bb61dcfaf6ffb99765d5d87176cacf54cea205bcec1e18c6636aa926887c6fa03eb6034d48fda7c9991870abe8a2619ba47e44ae9c22cafeb3781b2d06b20854fd6583a0583dad43cfbb54a585b770697cf124deb43ec478d6b787fca703a7c9559bd8b1bea7b0bac3bdc3cf0b8fdee7f0bb713271941c441614af137ec549e32a3a1cf254c8425f32ed4d49205b95acd82a8d1348852fb2907cd98a42e762a2b6d6d4f695cbcf2df63012bd1d5852e9bb198e4b67f59d5010958775c9ce05b1998ba1b0dfe4d881732f01af77bab3a3de0d219895775df83c044a6e1e8df98c05a5684a0baf4be35221c30dbac522de886f66f6ea4a940f8236f434883aa1e71849205ebd4b550da107dae751825d30d155d272c403d509876c5f6e05e733dd1aec0bf07526a253b55671c8c3be93c77d4fd97e76b27fdb1517c724eb45aaf49b48a65a8fde6f264172659b80f42b3b4a79dc3fe6615bc4d06d20e8c96257eba2ea90b071bc97bc55bc2e7a14ee8b08e9ef9f3a949649719c7a2a1ea4d009bc6077897742864d415d1c47a27e7e5d7b6e7df486bea58ba8c3272395ec75896f944fb033ce1f4e2cd895c562488f831f941a783a5a97d39ec4d2b3eac3a77253fa600dc803683cf694acbfe8c8b6abe0cd58b9964f1a60a9da019cc2bfb897fb53dbc0dfe08a992b5e7987b823191c2a6a1d35227f0444fb09d41815239c233e57d17f26f00133cc502e3a939eb4b13a8772f2ee93a1f0c13b8df7f365f4a8b9f51916009d78fed1fce7913fa0ef3cfdd5a9b5f31c6874cac8fcaeceeeb8d02553095097be7d0e16100d8d7d91b537a11b14b8d9d56a71faffa1a3ebd8a02de79d2674d33e9ff9c099a9df97b298b6268ea8a67dcf8a82fa27ffe3b6f6848ecabfed3ce8373b60e38a0c2512c0066bae3ba52626990d8401b978494d5486d25be1f21e4cc36be85a6417cca94d5ddf0661b82d6572939724e460916d66ef58d9ba6ccc37e20b52965c88a1be79a28f620e6c937f5c20ad520b43c03eae129ad61ae94b0e5e917a9297274bbd1d54646f25e0ef0864103c29a83704ca9f85bbd2003e13caed4e323a2b1b91356e7585df58e51de61c8e524461d7a40362a4654ac52922d2d36b2263f03d3c6fae189786c617b1ac78fa713ad54756afcd9a7b41a23ef4c1a3674cc6eb8b0a699311965995baff3be2538c914d054115b7329d50ea3c7375242b781301da88f56e35d1fe3c6f9938d614a9812df917e47ee676d1139a981ca371dd375198c7a6758a4b0b19986bb29bb61776fa513010576afa06f7e1ffb5040833c6741f13c94280c21cd5bd3104ae1f30b9c885ff960ba54881f1f2699f210a4fede112dba65bf1f841c85aa761ce2c7cee1087a7468e825eefd998e3d605aa620a6e52e63ebc0c8e09540e6f09b3e93a3db9babd3732a7c4f9bfd614bd27b23c15bf6e9a4c5923a550ed79796e62c0edf70dde0555dde0c9804065ae204f5884e6f121c06dba0d8433a37ebf72ec3414fd658dfffb274514ea6286f692361126cfb45d007ac9e9c4e65ed76074c6e762559b04a12d05b750ee2a14e0f03c161fddc08898dfc9696d24c2dd2a061614ecb4a0f9ceeeea16efc618537036b0d4e5a569bf39b8d3bbe34b7bc98db485183ba5340067b65f45b09f1569302930a9cd278387cec2c68f0c161bafbad42076033367180aec6a6f686042499170a4a8e0c962a71cb22fc2ccd729986f3829a40576ecc5c8d12ae9bbb72e0542de9c2f1007fa3599684df931999400be7ce48aac1c83b8a03bc58e676ffb725b33749c439f5586640b9411ae25b1ec3b8650bfd7207551db003cb1fd5fbdb9b15c7ab4574a80af9c7ff76c42d7ecd4e50a41fcab9029b15f6e8055e49e1dee8d1d0367c7ab25b14a1d508bb53acb528f5ba3733acf07b8279fff85bbc42572a14dc3f8228e712d390fa28b97a8d347fbfc7e8e5a81b4658cfa842fb3324de5affe723978ddf1dd687c07829cb5decaffe831220fbbedc06f06524ffd858a6f8a301cd1df27313e69fbc8f69e455915a5127cbd3b1b2dc59c85f563dff7528e25df009989050df00d78213b6da5d0db8168844d2a0dc37a8c9b98a593df71c2b513aa06dc560fb46b3d5c76f5d5509ab7dd95b4a50a582b46f1d247ff287b94b5c2851750203b9782e3bc87ab", 0x1000, 0x40040, &(0x7f0000000240)={0x2, 0x4e22, @empty}, 0x10) r2 = accept$inet(0xffffffffffffff9c, &(0x7f0000000040)={0x2, 0x0, @local}, &(0x7f0000000080)=0x10) ioctl$sock_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000280)) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f00000000c0)={'HL\x00'}, &(0x7f0000000100)=0x1e) r3 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) setsockopt$netrom_NETROM_T2(r3, 0x103, 0x2, &(0x7f0000000180)=0x69, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000000000000"], 0x8, 0x0) write$UHID_INPUT(r1, &(0x7f00000014c0)={0x8, "a268d127f62b02555b1c6fcfaaeab5a30719e310f01c7b0e5e38ad8cf741073da48166e3e87dc414847411e010b70edf89fa3da10580c3a5d5a83e9fe1040eb0f0306c778217ef6b0bd70e81684b5503744ba274d34708086256b10d579c328736dd6af1d98fc21c6dff3cd45c36f958f1c418ed3a38ef16355b5ceae450187f277a2bd26b6fb318e4c95a3a05e1289c9afba3c5a566ef6287a2d47d953bf3ec4d2afedbdef78e110286f84012323c6af394cdfd325f577bf10ea8fe773a2be6ac1056766acb830c150a3f80c4e88762dc289227ed0c81df5e1bd73669d539884ab7384683ec5224e7ed86be9e1cb3336eb9b341074b327db4bd378754b4019617997efb222220aeed21cafc43b7af99fe9d9e6b8f432433eff01c2e4c8e7461bf8ad2844bb5abe27d59ab08c06bde4bddfa07caee7d8f723a36614c666176e500fe4b18a24131c0049362effc5bb866fb70df09f679833243f7acf38ca94700949efd02e3539ceca67f453e2b5b03f9335b8fb50e291b77563852cb30ffaa3428f97c3f8d3abeabdb5bcefe38a7493a0d99a765e20efa4ac1b81056378370821d4e6130c02995a294d588837b08756bc93f076757e6792bc6e050f82844544c25e1543c0385af54017b7e332f930c0b0ddd4ec07133c122516e1fe49341a5c27e09ee2fade27060d6b0aafc15696ec28d58a746bea528c0c9b7c907262269de4132343fdd9ff0c55d267fed9bfebbdeec264dea387e9815833dbc82dad86c54a457c9e55d628b245b6b84d1f1d1a6c482fb225467073d561fab87221313103457014f233a9f5b22125251ecaaf801239f324f424f95762586bff77d6f85525bcfcd97d634f8cfdf4eb3c757de424d4f1a77afed1e5e61fa25540c3c7f3299a87a993e7732d33ea0ec671862833edf332e659a82bf51df935419faaf034758396b7a102a7cd27a0622cf3a78a18c87e5cebfc23477c931f7f945e3e01fad8fac493431e1f71a02e72b03b5ad2f229d46103dce8f75f39be5b05e6662844713348538b0ba2f254ca6ebaca924c5bcdd3fbe21cf93959c44f803aa2d3f380855bcec8c34863d4db62b46c2f8dc3a638d5d720e2f679f341be2d40524f728c7e467ee439db8b5bc8aae20c2be806a613b487d377eb6f2de41e93f33a1eea72a59f17cba41a641b92c2544a569253ec6467fee0b43576f6c1d0fdf4ad9a6a1ab8e18bc1d2e72657043634650bb3a351f1f51f96e382719582cbfd06ae113e652a40dd9ecfcfaa3ca40df54d15ccca85d7e76a281642df5c14678d74db47fc4f924df32797e3dc3f111e427b709f60bbbae53a94a8307a3ff04bdfecec3c722e88d1b83cbc2a58713b6d8763e840e3b23a7c308d8e9400a1391581f7dcee6add957c53f8d7c5cc9339e77407e5d9e09cd8221cd2d9d92c82a6f0d5ffc02e0a8353ffa8e20528fbc2a3ed9cd8b2ea947ae741ffbf4f38c6cb7797d0c96ba20218eafb23ec74b33ec4e881d5d5239548a34d2f1443d040feb77dedc1c3fa651c21024b9516b662b99623f189ae930b65716ece64a2400004b6a79f5dc0dad9048a8a487b1224a20f660327b365f3774a45c897a3f0a0867f0fe86c7a103d39613a174c3a8c2539689a57d882a543cd2e48c172608fc416302e020608adbf36fe0b892d678f2a59fcd51e459ca29395e77c51cc31282bcced23a1697a31f34797c5e177d204120b7ff73df5271c525a1096f38a79333b8e104e90ddb2c827b0440d4cb215c47501c1349b47ec038e052248c0d852bda0f3bada9c7f3913b2e60e66107ed9bde571964423092dd9974a36d2f1b0dba5154c958ee22381eb06c4d56d75abd542dd6eba66e9fa580c243ea43bed5bfef0d56c1268834387bc4b4bd9c9e69572af5f83334371dc988c6646c0d9f50e2db20fffcc7de5a42c2c72969bfadd2d9737eaa3e4e0295c0b8d4eae7f4d5061796e189ea55124206815b565f3b88c378bedcc2be237baca68a5f843ef74ee9f2fa26784574cb8ebdbbcc43e4fd3e7e94e04aa2821d2e056406f4003236263780e1bb49150ceb60c4a3a4cfdb0a06ded9e140f4223f169e5de85f5969999baf10eb59683a102c32afbd53d80bf4ae7d12948f2d5cab45c862ac894f2361bf4b6ea3c17446de5ac18bcb75b8a44b486c40ffa917d32dbf8deeaa9b323a1c94b4b0381ee5fb1969002e61a061978cfa4b9fd87df6dbdc0ec79977a2bfa771fd9a62963d6de1fe38c7be234fa8f0c49a83154d6b6a20f4c5ff74b7d862be8b1ebf3684c787c05ea3457dc58aa60da24c9ade032db0bb2705b728cef170711733cdcece670a17f6c87fa25672f50b76a38745dee1147539dd2fa058baafe1940d7a08b6c2ebae350157c9e631b1464e1b073a5e615112a7b4e328a7ec829afae925c8b8e14aeeed9724e272b48548dbdaaee9a22cdc40753e669724db18733794811ee3e9a7e521c5dd3f60bcf56c0a0d5f58d23feff1df8db45d04fa25bd980bd4850ed5f3303ccba5533da0f92fdcf495c36149614297c2b38cb505d3306a680c7fc2bc77e90d4357310dde14ae983312d5f259d6e46ef9bb72f487426b07c4a1ded2915efbc5eaeaf31bf2a6007c3c1ff7a9e65a812ab2b688f703a1cd7dd120aeef5ca717c9bcb890b0e638481f920c5b14dce1ec038e3622163a2e133dbd5a542f57f608a9493ed5d93a3ec74972f121fba452b086956d00649a5d39c94c63765235a23afd6d16aa640d774b80fd65a5fdaef61fe653cbe08f4b9ebfe69efee25b5d5d18f002f7a6f0d0564247ccc39846632099f08257dcb65c9b791de2f245ca2b163252b844e7f27a3b54fcfb0c3ffaa6a7ca61cd6c689fe4faedbbf3ff597e4b8463bc6e4b702947de22fb169fb4cfb058115f4230ac483ed32f561474767faa5e6d2df886573084e0dd364941edbfb7deb7ffaca03f906747ae4a4844fe2e5a94e611a0a879c5cd93361984d6366e00ed09408e4d977d6b1608bfc7abc2b91e2d38dbec3e82fdafa7ed16ea1120580730d5d657ab632be22055ddd4434579fad7fb5504bd97c378d2ba0d885c33d22633d31770e2b67898e2afc5e3d4885f688551e84d54904f0d8b21d44d61b0e2bc559700fde2cd83c7cb036a3f34ea6d856f54c32cd0916b3658400c807d02100b18841ea72bc59761426e76159b92ff507a16617025ae4fac68111da527d027dea14f0f82599da1a15cd0627704c202e654ddccb8975399502b4909c22e5dbad05e2c17a097f25cabe1d80c20df58961a9f45a98424a260cd87af0a05fd17a25cebd3ab948faa3349f81872b76725d7679cff7cddeb01fb86d452bba9a0173d1d4c7374c5fdac73eb8a2b41ed09e40b62302ad5e6e18b37769af2fd548b0c0c1a60c4fa8f78f387d0e011552269d4dcd0f03d182d88b9414091b888efaa359e50df46f41176b11f05e3d97eaf672ec43021f8be0164fea81f985fece5db7e6eb9e9b0049fd54c94f1da08f2f4fc510d8ad41f53b88d92b3bc10eb95779b49c64f7272e3fa4ee7cb994995fe66d5ac590613c2cd5d7d0400d6288be067369637510100accf718948ace5325d801b7a05ca199fbc262dbdaa19eddccec71c0170f8063b309799279e381011e808a589ba18e84e2f0f4687c3b2ed29a5d0b825bbb6b38fc80161dbfffb47a591fc4ac843b98e3e8cf07b81256f9df5147ef662cb7f32fdcde9468ae6f6738f46bb031f63c18109e2bf3526f4510d8642e1a2d99563738f6c05922ac90ba6f10672cb0bb76a888ebc81e7a87868ae165b9710298bbb87f0e9b96d192089eedc01ccedd8903236f0e79d8b3b7fb23bfd5d55e5d52eb23a61860b98e269be28582698a7949c9cf1c59c4221d2fb3cdef0f3041455583d5fab77ff1cb975d311edc0d9bc15439e4ac877a191125f9d53571d5b99a7d28cda2b33b013f69de386ee6eb4f095ffbca3ea4e0060c196d4ceba80bf31fe375b62199c9ef3b085761c571c03b18a87df4dca670128045df6781c91650ab595d39c07f55ad4dde80521643e4062b87635cc1500edafb187670d644ab8cd72a7e5089ec0e58d1d22813fff6d1841f949205cffb6653de0db113f7c527418bdefc1ee98a979b192d2d52a1aa6213938f434a81c1490a8f2f751bab1f603896e67a23e33224b2c1af1708120cdc2bce89128bb04ced5bb699ff5dcaa85a2e32af5dca6aab5e44afe2609de7dea673af0385fdd0f476896d05804b125adb2a4b3affc60ec541436a9a3dc4d34135cd9f125497b78d900b85df9078c9adc6a0e5b6522e43fd9ed53b1184376d206858a5ed7f485992c98aebb15354272d34a325e4fe96da789244cf4b271dcc1ae7c103e880b7bb5d22a31a76d9562b2cfb74c78d9f95230c4b6e8f49da68b7782671163bca9956a64735ed5b4119001cb75d6990a783679e57176f85d6d9a6be56632d23cc084c5c4eea33837105e0ec7891ab2f14f5b8d97508cdb18eb232884f8fed3d5d80f1da7f0007445c0ffcfea5f47f4eea8c4711d756ca8ee3ef74bae41cccd27f6e1ca249dcd51898f65959fc4258767c42588ee1460a25f1285226588c146ec76e6886aea0b3e50348f205f8c41d054abef4915d99260dcfff6b79778bd5c1e378a1c6e3bbdae1251f2a9cb238664acad3a6532471ad9e7e8e38e66c9439e8e9b12cbdd6529d2635441d427eb5bb91111550ca4c57a187a3e8e690a7bdecffa41ae09eaabf748319161d0c5c3d2697ce8b7f3b5eee3a67b7f82238b8ccc901723c1c9d156c94892f1fda9d21c0ee4f097d4c91b7769fbb83a00ffb6bb0ad656ad62857a46330dcc2c271a2a1665692e9eda2163b79f28ae54687b117914a1923f19c38fc054e9d29007b58d8ead93a672e005787ccee97a66243e0f4d18be2abbbdc55ecd26f310fca341037bb373b23094a1afb1bbf0d3c98fd2aee0be6ea8c4c3dced2bf43bb49f8fd8967e46b108db0f8f011b7cde147b4f364298c53505fdc803dabecc8ab196b0ecbb21e725ff5c6bad689a56af1e9372c06b870c178c67b1083aedb0b9cec39268304af4387b3546c7b0276450db41d12b3b62dc9318ee219d753b96d21d2b643b1baf2f8ecc5b2d031d20559a257ec5752c9fb5f8b2f76190f36d4cddad07195e8d9ae732b2fb639bb72407e18c09c3042e5c7ae6d876300161c9337f31faacd349e81a5abfc355eca9c73be57ea9edd6973b55ee75aa54ad4b945f0cbd110637325ef2ed9be56fdd7a78b4f2905e088a1c9ff26a3c3cdd4578d65282fa0a67f0b3e6e622366134a337d5c68461aa6888a8364eef3437f5599052eaf20032d7575cc893b0bd04525a2c7a060c26d7c713d094511c8a17f9b77f0290c19f134a3a958a8db3ddc96ee6784666bbc9a9e25e2e87ef0e1ce0278f4b36ebe03e84291185910f74dbb2f0a01c9a8f10cc54e5f7f1f191e1af61bdb1b2bc65b5846b6230b87d32313e07373677089b72d213e2fcb3d90c4dc556789b3fdbcf67ec17289198b30361a5ed5c93d70d4634c590957f28d13976cec5c74001e1f66a35cdddebf089158bf82e82d4c6dbe2aebdc064b74f28b8159b6dcc3f98a00f6c77e079b39a69a5d2d62c9d099c2e3bda8b3f3492c3ffee09115dae413443c146e38e08daa62a83e2011006f8bde2d20bbcfb0a1dacbebc3dd099e6aee96ae293b089c5939f0d9f7c8e0f5859112f7b994668ade8d0706a25efd7c7e21a8163d99d2e8c54a27d28f88e6a1d71344eeb0a27c4515a87ae48b76f9b8fcdb39f3a76b86ceae6d9e1fba2", 0x1000}, 0x1006) ioctl$sock_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000140)) ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f00000002c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) ioctl$sock_bt_cmtp_CMTPGETCONNLIST(r3, 0x800443d2, &(0x7f0000000200)={0x2, &(0x7f00000001c0)=[{}, {}]}) 04:16:14 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000044060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:14 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) r2 = request_key(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='\\[/em1selinuxmd5sum#em1\x00', 0xfffffffffffffffb) r3 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$negate(0xd, r2, 0x0, r3) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000180)={0x0, 0x8, 0x4, 0x3f, 0x5, 0x56, 0x81, 0x2f, {0x0, @in6={{0xa, 0x4e20, 0x2, @mcast1, 0x889d}}, 0x7, 0xffffffffffffffaa, 0x100, 0x80000001, 0x1}}, &(0x7f0000000240)=0xb0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000280)={r4, @in6={{0xa, 0x4e23, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7}}, 0xda6c, 0x0, 0x8, 0x10000, 0x1ff}, &(0x7f0000000340)=0x98) bpf$MAP_CREATE(0x0, &(0x7f0000000380)={0x0, 0x1, 0x1, 0x3, 0x8, r1, 0xea4e}, 0x2c) [ 2311.478211] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2311.503037] binder_alloc: binder_alloc_mmap_handler: 11701 20001000-20004000 already mapped failed -16 [ 2311.512047] binder: BINDER_SET_CONTEXT_MGR already set 04:16:14 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010f060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2311.563820] binder: 11701:11724 unknown command 1077948416 [ 2311.588690] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2311.603115] binder: 11701:11708 ioctl 40046207 0 returned -16 04:16:14 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xf0}, 0x0) [ 2311.620646] binder: 11701:11724 ioctl c0306201 20000440 returned -22 [ 2311.670341] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:16:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00314040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:17 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x2800, 0x0) acct(&(0x7f0000000100)='./file0\x00') getsockopt$netlink(r2, 0x10e, 0x7, &(0x7f0000000080)=""/18, &(0x7f00000000c0)=0x12) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:16:17 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x300}, 0x0) 04:16:17 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:17 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000045060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:17 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000110060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:17 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_PPC_GET_PVINFO(r0, 0x4080aea1, &(0x7f0000000000)=""/39) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0100002000000000"], 0x8, 0x0) ioctl$RTC_IRQP_READ(r1, 0x8008700b, &(0x7f0000000080)) ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f00000000c0)) 04:16:17 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000148060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2314.464309] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2314.493379] binder: 11742:11752 unknown command 1077948672 [ 2314.503024] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2314.530170] binder: 11742:11752 ioctl c0306201 20000440 returned -22 [ 2314.566958] binder_alloc: binder_alloc_mmap_handler: 11742 20001000-20004000 already mapped failed -16 04:16:17 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:17 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r1, 0x111, 0x4, 0x0, 0x4) r2 = msgget$private(0x0, 0x50) msgrcv(r2, 0x0, 0xfffffee7, 0xfffffffffffffffe, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x8, 0x0) [ 2314.605266] binder: BINDER_SET_CONTEXT_MGR already set 04:16:17 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x500}, 0x0) [ 2314.636283] binder: 11742:11752 ioctl 40046207 0 returned -16 04:16:17 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00014c060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00324040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:17 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000046060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:17 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2314.791402] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2314.807275] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:16:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000160060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2314.863586] binder: 11783:11785 unknown command 1077948928 [ 2314.880462] binder: 11783:11785 ioctl c0306201 20000440 returned -22 [ 2314.900466] binder_alloc: binder_alloc_mmap_handler: 11783 20001000-20004000 already mapped failed -16 04:16:18 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x600}, 0x0) [ 2314.922068] binder: BINDER_SET_CONTEXT_MGR already set 04:16:18 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000047060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000168060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2314.968765] binder: 11783:11785 ioctl 40046207 0 returned -16 04:16:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00334040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2315.038502] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2315.052713] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:16:18 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000048060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2315.146757] binder: 11803:11804 unknown command 1077949184 [ 2315.179984] binder: 11803:11804 ioctl c0306201 20000440 returned -22 [ 2315.188503] binder_alloc: binder_alloc_mmap_handler: 11803 20001000-20004000 already mapped failed -16 [ 2315.200643] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2315.223230] binder: BINDER_SET_CONTEXT_MGR already set [ 2315.232164] binder: 11803:11808 unknown command 1077949184 [ 2315.237409] binder: 11803:11804 ioctl 40046207 0 returned -16 [ 2315.247098] binder: 11803:11808 ioctl c0306201 20000440 returned -22 04:16:18 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgget$private(0x0, 0x200) msgget$private(0x0, 0x40) msgget(0x0, 0xd) r2 = msgget$private(0x0, 0x80) msgrcv(r2, 0x0, 0xfe6b, 0x3, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000dd618000"], 0x8, 0x0) 04:16:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00016c060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:18 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x700}, 0x0) 04:16:18 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000049060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00344040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2315.572009] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2315.580992] binder: 11817:11822 unknown command 1077949440 [ 2315.586906] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2315.601449] binder: 11817:11822 ioctl c0306201 20000440 returned -22 [ 2315.613414] binder_alloc: binder_alloc_mmap_handler: 11817 20001000-20004000 already mapped failed -16 [ 2315.627250] binder: 11817:11827 unknown command 1077949440 [ 2315.633295] binder: 11817:11827 ioctl c0306201 20000440 returned -22 04:16:21 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:21 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000174060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:21 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xa00}, 0x0) 04:16:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00354040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:21 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600004a060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:21 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x210181, 0x0) ioctl$sock_rose_SIOCRSCLRRT(r1, 0x89e4) getsockopt$inet6_mreq(r1, 0x29, 0x1c, &(0x7f00000000c0)={@loopback, 0x0}, &(0x7f0000000100)=0x14) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000140)={r2, 0x1, 0x6, @random="4c1d65d31529"}, 0x10) ioctl$DRM_IOCTL_MARK_BUFS(r1, 0x40206417, &(0x7f0000000080)={0x81, 0x81, 0x1, 0x80000000, 0x8, 0x40}) r3 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x2f, &(0x7f0000000000)=0x6c0b, 0x4) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="985d000046e0100056d31636f1a4790000"], 0x8, 0x0) [ 2317.950225] binder: 11837:11846 unknown command 1077949696 [ 2317.956486] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2317.964817] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2317.972514] binder: 11837:11846 ioctl c0306201 20000440 returned -22 04:16:21 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00fffffa000008006c16a10d0d11d6b810bc5e06f5b075b229db78acc59d7ddd6e8d2e7eb1b88310b6424ac6c8e4b0b1e361e450c0a7629df54e48646e328f937ea7b3e41504b5f627446c560d2d962ef3d8bd74eee3e250891cd780d32b4e64d39fbd7e9ce996e29dde3f8cf295410570bf5f91698d7688a56ff079eaf06009d3c59716e45861dab7cc4fc51ba086eeefc6e4428149f4756a486d2ee2bcbb199074f784cc0fadf93cf2795ef64ae2573135da3477ea792e6c629ac6dd5f4e39b0d87398d3c10671b736"], 0x8, 0x0) 04:16:21 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600004b060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:21 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00017a060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2317.996796] binder_alloc: binder_alloc_mmap_handler: 11837 20001000-20004000 already mapped failed -16 [ 2318.091594] binder: BINDER_SET_CONTEXT_MGR already set 04:16:21 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xe00}, 0x0) [ 2318.115196] binder: 11837:11858 unknown command 1077949696 [ 2318.142623] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2318.152782] binder: 11837:11846 ioctl 40046207 0 returned -16 04:16:21 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$sock_inet_SIOCDARP(r1, 0x8953, &(0x7f0000000040)={{0x2, 0x4e21, @broadcast}, {0x307, @random="6863cc048494"}, 0x26, {0x2, 0x4e20, @multicast2}, 'veth1_to_bridge\x00'}) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) ioctl$VIDIOC_DQEVENT(r1, 0x80885659, &(0x7f0000000180)={0x0, @frame_sync}) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) rt_sigprocmask(0x2, &(0x7f00000000c0)={0xbade}, &(0x7f0000000100), 0x8) prctl$PR_SVE_GET_VL(0x33, 0x11c4) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000140)={0x5}, 0x1) 04:16:21 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100090000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2318.170626] binder: 11837:11858 ioctl c0306201 20000440 returned -22 [ 2318.196155] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2318.332854] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:16:24 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00364040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:24 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600004c060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:24 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xf00}, 0x0) 04:16:24 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000b0000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:24 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) llistxattr(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)=""/242, 0xfffffffffffffeae) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='veno\x00', 0x5) r2 = msgget$private(0x0, 0x5) msgrcv(r2, 0x0, 0xfffffffffffffcda, 0x10000000000003, 0x20000000000) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(r2, &(0x7f0000000180)={0x1}, 0x8, 0x0) 04:16:24 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r1, 0x40045731, &(0x7f00000002c0)=0x2ed) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) ioctl$PIO_SCRNMAP(r1, 0x4b41, &(0x7f00000001c0)="27b4560bbd33f0c62809594cc15d68cc30c2e07a11e4929685b704b16cef7b9f6fbd56d6cf91ea5af54d6107489999c4080cef6698d4d813b8a95d112513073e838b5d1cacb45fe20779708dda1c0fdab37b53858990247e3f565e1c21f0bb6c27b74cbdc2e814387a60") getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000040)={{{@in=@multicast2, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @dev}}, 0x0, @in=@empty}}, &(0x7f0000000140)=0xe8) setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000180)={@multicast1, @multicast2, r2}, 0xc) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='y\t\x00\x00\x00'], 0x8, 0x0) [ 2320.999118] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2321.026708] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:16:24 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600004d060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:24 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2321.045374] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2321.053795] binder: 11890:11892 unknown command 1077949952 [ 2321.067814] binder: 11890:11892 ioctl c0306201 20000440 returned -22 [ 2321.083385] binder_alloc: binder_alloc_mmap_handler: 11890 20001000-20004000 already mapped failed -16 04:16:24 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x2000}, 0x0) [ 2321.124651] binder: BINDER_SET_CONTEXT_MGR already set 04:16:24 executing program 3: syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0xfffffffffffffff8, 0x115000) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) [ 2321.155610] binder: 11890:11892 ioctl 40046207 0 returned -16 04:16:24 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100510000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00374040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2321.232098] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2321.232340] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:16:24 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600004e060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2321.337788] binder: 11920:11923 unknown command 1077950208 [ 2321.343783] binder: 11920:11923 ioctl c0306201 20000440 returned -22 [ 2321.350082] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2321.374125] binder_alloc: binder_alloc_mmap_handler: 11920 20001000-20004000 already mapped failed -16 04:16:24 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100050000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:24 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x20af}, 0x0) [ 2321.420447] binder: BINDER_SET_CONTEXT_MGR already set [ 2321.427844] binder: 11920:11930 unknown command 1077950208 [ 2321.442146] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2321.451993] binder: 11920:11930 ioctl c0306201 20000440 returned -22 [ 2321.462185] binder: 11920:11923 ioctl 40046207 0 returned -16 04:16:24 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000280)='/dev/cachefiles\x00', 0x10800, 0x0) setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000340)=0x61, 0xffffffffffffffc0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') ioctl$SIOCAX25DELFWD(r1, 0x89eb, &(0x7f0000000240)={@null, @default}) sendmsg$IPVS_CMD_SET_DEST(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xc8, r3, 0x30c, 0x70bd25, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x101}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x8}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xfffffffeffffffff}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x101}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xffffffffffffffdf}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x800}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xffffffff}]}, @IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast1}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e22}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0xc}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x14}, 0x80) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x3) getsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x234f, 0x8001, 0x1, 0x7, 0xffffffffffffff59}, &(0x7f0000000300)=0x14) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000380)={r4, 0x7}, 0x8) 04:16:24 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600004f060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2321.521422] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:16:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00384040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2321.583199] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:16:24 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100090000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2321.669393] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2321.704918] binder: 11946:11949 unknown command 1077950464 [ 2321.717527] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2321.721540] binder: 11946:11949 ioctl c0306201 20000440 returned -22 [ 2321.767216] binder_alloc: binder_alloc_mmap_handler: 11946 20001000-20004000 already mapped failed -16 [ 2321.778827] binder: BINDER_SET_CONTEXT_MGR already set [ 2321.784356] binder: 11946:11953 ioctl 40046207 0 returned -16 [ 2321.802955] binder: 11946:11954 unknown command 1077950464 [ 2321.821476] binder: 11946:11954 ioctl c0306201 20000440 returned -22 04:16:27 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:27 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x3f00}, 0x0) 04:16:27 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000050060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:27 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x4, 0xfffffffffffffe01, 0x100000001, 0x7ff, 0x0, 0x7, 0x240, 0xc, 0xffff, 0x7, 0x3b, 0x0, 0x3, 0xffffffffffff757b, 0x1, 0x67, 0x101, 0x5, 0xfffffffffffffffa, 0x0, 0x100000000, 0x52a8, 0x0, 0x80000001, 0x9, 0x2, 0xffffffffffff0001, 0x7, 0xc8cf, 0xca4f, 0xcf, 0x3, 0x20, 0x4, 0x7, 0x0, 0x0, 0x7b1, 0x3, @perf_bp={&(0x7f0000000000), 0xf}, 0xc00, 0x401, 0x20, 0x9, 0x75, 0xb2, 0x3}, r1, 0x5, 0xffffffffffffffff, 0x1) r2 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgget(0x3, 0x200) r3 = msgget(0x3, 0x100) msgsnd(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="01001091281fea49"], 0xff14, 0x4) 04:16:27 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000b0000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00394040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2324.224274] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2324.234221] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2324.259982] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2324.263219] binder: 11962:11969 unknown command 1077950720 04:16:27 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2324.273505] binder: 11962:11969 ioctl c0306201 20000440 returned -22 [ 2324.293087] binder_alloc: binder_alloc_mmap_handler: 11962 20001000-20004000 already mapped failed -16 04:16:27 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x4000}, 0x0) [ 2324.340586] binder: BINDER_SET_CONTEXT_MGR already set 04:16:27 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000051060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:27 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100510000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2324.412340] binder: 11962:11969 ioctl 40046207 0 returned -16 [ 2324.412363] binder: 11962:11983 unknown command 1077950720 [ 2324.441859] binder: 11962:11983 ioctl c0306201 20000440 returned -22 04:16:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="003a4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2324.458063] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2324.479796] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:16:27 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x4800}, 0x0) 04:16:27 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000052060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2324.556051] binder: 11991:11992 unknown command 1077950976 [ 2324.568696] binder: 11991:11992 ioctl c0306201 20000440 returned -22 04:16:27 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060200007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2324.638177] binder_alloc: binder_alloc_mmap_handler: 11991 20001000-20004000 already mapped failed -16 [ 2324.674362] binder: BINDER_SET_CONTEXT_MGR already set [ 2324.679049] binder: 11991:12003 unknown command 1077950976 04:16:27 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x4c00}, 0x0) [ 2324.683664] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2324.700433] binder: 11991:12003 ioctl c0306201 20000440 returned -22 [ 2324.704366] binder: 11991:11992 ioctl 40046207 0 returned -16 04:16:28 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$l2tp(r0, &(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x1, 0x1, 0x1, 0x0, {0xa, 0x4e23, 0x9, @ipv4={[], [], @broadcast}, 0x9}}}, 0x3a) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendto(r0, &(0x7f00000000c0)="cb1358f3524e6acec3d32822c0da84f482959af41f3687139fcb9affb02b5ffc2268c5aa227038c7db2769a69a2e74bc154a75e53dcdbc738b3c152b28091f9010d65f30a4bbae639cd0a1", 0x4b, 0x8000, &(0x7f0000000140)=@ethernet={0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x80) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000600)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000340)={{{@in=@dev, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6=@mcast1}}, &(0x7f00000004c0)=0xe8) mount$9p_virtio(&(0x7f00000001c0)='!:)*]lo\x00', &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='9p\x00', 0x4, &(0x7f0000000500)={'trans=virtio,', {[{@cache_fscache='cache=fscache'}, {@privport='privport'}, {@msize={'msize', 0x3d, 0x80000000}}, {@cache_none='cache=none'}, {@access_client='access=client'}, {@aname={'aname', 0x3d, ':'}}], [{@subj_type={'subj_type'}}, {@smackfsdef={'smackfsdef', 0x3d, '{lo'}}, {@fowner_lt={'fowner<', r2}}, {@appraise='appraise'}, {@subj_type={'subj_type', 0x3d, '}(procem1%eth1'}}, {@uid_eq={'uid', 0x3d, r3}}, {@smackfstransmute={'smackfstransmute', 0x3d, '{vboxnet0wlan1nodev#'}}]}}) r4 = msgget(0x3, 0x0) msgsnd(r4, &(0x7f0000000080)={0x0, "eaeb09e9cc78b27ce463"}, 0x12, 0x800) 04:16:28 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000053060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="003b4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2325.048793] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2325.065792] binder: 12017:12020 unknown command 1077951232 [ 2325.071476] binder: 12017:12020 ioctl c0306201 20000440 returned -22 [ 2325.081263] binder_alloc: binder_alloc_mmap_handler: 12017 20001000-20004000 already mapped failed -16 [ 2325.092051] binder: BINDER_SET_CONTEXT_MGR already set [ 2325.094221] binder: 12017:12021 unknown command 1077951232 [ 2325.097458] binder: 12017:12020 ioctl 40046207 0 returned -16 [ 2325.109276] binder: 12017:12021 ioctl c0306201 20000440 returned -22 04:16:30 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060300007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:30 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x6000}, 0x0) 04:16:30 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:16:30 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000054060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="003c4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2327.383370] validate_nla: 5 callbacks suppressed [ 2327.383379] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2327.400579] binder: 12031:12034 unknown command 1077951488 [ 2327.407665] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2327.412886] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2327.423362] binder: 12031:12034 ioctl c0306201 20000440 returned -22 04:16:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="003d4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2327.441510] binder_alloc: binder_alloc_mmap_handler: 12031 20001000-20004000 already mapped failed -16 [ 2327.451258] binder: 12031:12041 unknown command 1077951488 [ 2327.454376] binder: BINDER_SET_CONTEXT_MGR already set [ 2327.457015] binder: 12031:12041 ioctl c0306201 20000440 returned -22 [ 2327.469302] binder: 12031:12034 ioctl 40046207 0 returned -16 04:16:30 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) ioctl$VIDIOC_G_SLICED_VBI_CAP(r1, 0xc0745645, &(0x7f0000000040)={0x7ff, [0x8, 0x6, 0xffffffff, 0xff, 0x2bd4, 0x81, 0xffffffffffff9b86, 0xffffffff, 0x100000000, 0xf26, 0xffffffffffffff01, 0x800, 0x4, 0x1, 0xe925, 0x9, 0x3, 0x80000000, 0x2, 0x6, 0x7fffffff, 0x0, 0x5, 0x3ff, 0x200, 0x8000, 0x10001, 0x80000001, 0x10001, 0x6, 0x8000000000, 0x20000000, 0x31d52933, 0x54, 0xf4d3, 0x4, 0x5, 0x1000000000, 0x1, 0xfffffffffffffffd, 0x1, 0x2d, 0x2, 0x8, 0x0, 0x5, 0xffffffff, 0x3]}) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:16:30 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000055060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060400007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:30 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x6800}, 0x0) [ 2327.606030] binder: 12044:12047 unknown command 1077951744 [ 2327.645994] binder: 12044:12047 ioctl c0306201 20000440 returned -22 [ 2327.678443] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2327.687990] binder_alloc: binder_alloc_mmap_handler: 12044 20001000-20004000 already mapped failed -16 [ 2327.688799] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2327.703359] binder: BINDER_SET_CONTEXT_MGR already set [ 2327.705627] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2327.712188] binder: 12044:12059 unknown command 1077951744 04:16:30 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) ioctl$CAPI_REGISTER(r1, 0x400c4301, &(0x7f0000000040)={0x100, 0x6ec, 0x5}) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000080)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) r2 = msgget$private(0x0, 0x120) msgsnd(r2, &(0x7f0000000000)={0x1}, 0x8, 0x0) [ 2327.729721] binder: 12044:12047 ioctl 40046207 0 returned -16 [ 2327.744281] binder: 12044:12059 ioctl c0306201 20000440 returned -22 04:16:33 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="003e4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:33 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x6c00}, 0x0) 04:16:33 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$SIOCAX25ADDFWD(r1, 0x89ea, &(0x7f0000000040)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast}) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r1) msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="8b0c23b7c60b27a2b83ec5882da28849daa436110e074634575dda9a38ae08762f908632b827b67a318e1a7e4a0675830844fc71e7c880755ac63cc82849f23227c656ff12c6eca0c142be6ce0a2cb2bb7fe9d69ba76e75661c3686317dee7c5e0c2fc180b599d1f879aaf749df073e4c84b31ea99054c9355d7c36d9945af99c801a79c0153d343c5d4746256de9d99fc714d8598ca574415c159d9e43657518e7e1f2301f4808aa2b55126a9c0eb4e2b2d27c81ed132bdba29ffc0599418ad872bf25ad6c6c97e6bc35e83819fd66c42954fc9ec6c3a27e79026f142b6563296bd854c00722390520000000000000000"], 0x8, 0x0) 04:16:33 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060500007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:33 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000056060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2330.450068] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2330.460677] binder: 12073:12081 unknown command 1077952000 [ 2330.472399] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2330.482601] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2330.486748] binder: 12073:12081 ioctl c0306201 20000440 returned -22 04:16:33 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000057060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2330.507957] binder_alloc: binder_alloc_mmap_handler: 12073 20001000-20004000 already mapped failed -16 [ 2330.518639] binder: BINDER_SET_CONTEXT_MGR already set [ 2330.520201] binder: 12073:12088 unknown command 1077952000 [ 2330.538664] binder: 12073:12081 ioctl 40046207 0 returned -16 [ 2330.539723] binder: 12073:12088 ioctl c0306201 20000440 returned -22 04:16:33 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060600007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:33 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x7400}, 0x0) 04:16:33 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000058060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2330.588259] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:16:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00414040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2330.688124] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2330.702850] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2330.714357] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:16:33 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060700007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2330.767860] binder: 12103:12104 unknown command 1077952768 [ 2330.773811] binder: 12103:12104 ioctl c0306201 20000440 returned -22 [ 2330.791904] binder_alloc: binder_alloc_mmap_handler: 12103 20001000-20004000 already mapped failed -16 [ 2330.855287] binder: BINDER_SET_CONTEXT_MGR already set [ 2330.860629] binder: 12103:12104 ioctl 40046207 0 returned -16 [ 2330.875678] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2330.878315] binder: 12103:12110 unknown command 1077952768 [ 2330.897084] binder: 12103:12110 ioctl c0306201 20000440 returned -22 04:16:36 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000059060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:36 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00424040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:36 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x7a00}, 0x0) 04:16:36 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:36 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060800007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:36 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) [ 2333.522043] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2333.535418] binder: 12117:12122 unknown command 1077953024 [ 2333.545775] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2333.554472] binder: 12117:12122 ioctl c0306201 20000440 returned -22 [ 2333.555179] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:16:36 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000040)=0x10, 0x4) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000041755b69"], 0x8, 0x0) [ 2333.570188] binder_alloc: binder_alloc_mmap_handler: 12117 20001000-20004000 already mapped failed -16 04:16:36 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xaf20}, 0x0) [ 2333.617427] binder: BINDER_SET_CONTEXT_MGR already set [ 2333.636798] binder: 12117:12122 ioctl 40046207 0 returned -16 04:16:36 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000288fc22c47bdcf0478c3130fbf4e70d424820d4a57916de3a329450a3df477419f25d628c71b02f0"], 0x8, 0x0) 04:16:36 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060a00007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2333.665769] binder: 12117:12139 unknown command 1077953024 [ 2333.674559] binder: 12117:12139 ioctl c0306201 20000440 returned -22 04:16:36 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600005a060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:36 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00434040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:37 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) [ 2333.812996] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2333.823359] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2333.834522] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:16:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060e00007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:37 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xf000}, 0x0) [ 2333.910565] binder: 12160:12161 unknown command 1077953280 [ 2333.944971] binder: 12160:12161 ioctl c0306201 20000440 returned -22 04:16:37 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600005b060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:37 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f00000000c0)={r2, @in={{0x2, 0x4e22, @remote}}, 0x9, 0xfe6}, 0x90) [ 2333.987297] binder_alloc: binder_alloc_mmap_handler: 12160 20001000-20004000 already mapped failed -16 [ 2334.023961] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2334.028604] binder: BINDER_SET_CONTEXT_MGR already set 04:16:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060f00007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2334.058538] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2334.074915] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2334.095690] binder: 12160:12161 ioctl 40046207 0 returned -16 04:16:37 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x34000}, 0x0) 04:16:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00444040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:37 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = geteuid() ioctl$SIOCAX25GETUID(r1, 0x89e0, &(0x7f0000000040)={0x3, @bcast, r2}) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) [ 2334.210506] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:16:37 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600005c060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2334.289333] binder: 12191:12193 unknown command 1077953536 [ 2334.302259] binder: 12191:12193 ioctl c0306201 20000440 returned -22 [ 2334.309075] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2334.318252] binder_alloc: binder_alloc_mmap_handler: 12191 20001000-20004000 already mapped failed -16 [ 2334.348981] binder: BINDER_SET_CONTEXT_MGR already set [ 2334.352051] binder: 12191:12197 unknown command 1077953536 [ 2334.354432] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2334.366624] binder: 12191:12197 ioctl c0306201 20000440 returned -22 [ 2334.373651] binder: 12191:12193 ioctl 40046207 0 returned -16 [ 2334.399231] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:16:40 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100061000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:40 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x400300}, 0x0) 04:16:40 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = msgget(0x2, 0x4) msgrcv(r2, 0x0, 0x11, 0x3, 0x200000000000000) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000000000003ce3a03f21db3499e6ef3104132543e332cb1474f1efa5c4c21d50362b1eea9f815fc4a5669c599af3a6ea3388537eafdf477eed98000000000000575a8da3f9a91c6ed68d53061ebd16f98b8ed89dea886810e5182a42d09010115318f48b7dea0d13222c6abb00b10794cb3697d786f25ce472445487cb3863b16268713d7a05a5295831eabc54c202591fefacbbd961951886561e7872c424a4c91b661306b15507193e43747f2633a261623ddd7c125c14dc218ed7a48711a4f1422149cd7264780a92f0a565a43f4beed68bae416500553df58c233d84f3c050c7c4af6a1f3b3ae7b8c9cc"], 0x8, 0x0) getsockopt$inet6_mreq(r1, 0x29, 0x1f, &(0x7f0000003e00)={@ipv4={[], [], @empty}, 0x0}, &(0x7f0000003e40)=0x14) getresuid(&(0x7f0000003e80), &(0x7f0000003ec0)=0x0, &(0x7f0000003f00)) setsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000003f40)={{{@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, @in=@dev={0xac, 0x14, 0x14, 0x1b}, 0x4e22, 0x1, 0x4e22, 0x3ff, 0xa, 0x20, 0x20, 0x0, r3, r4}, {0x100000000, 0xffffffffffffff7f, 0x3, 0x7, 0x3a2a, 0x8c, 0x1, 0x4}, {0x3ff, 0x1, 0x101, 0x101}, 0x8001, 0x6e6bb7, 0x0, 0x0, 0x1, 0x1}, {{@in6=@remote, 0x4d6, 0x3f}, 0xa, @in=@loopback, 0x34ff, 0x1, 0x0, 0x3f, 0x400, 0x8, 0x4}}, 0xe8) 04:16:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00454040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:40 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600005d060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2336.909461] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2336.916767] binder: 12212:12220 unknown command 1077953792 [ 2336.928752] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2336.929630] binder: 12212:12220 ioctl c0306201 20000440 returned -22 [ 2336.936847] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2336.947993] binder_alloc: binder_alloc_mmap_handler: 12212 20001000-20004000 already mapped failed -16 04:16:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00464040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2336.964161] binder: BINDER_SET_CONTEXT_MGR already set [ 2336.969942] binder: 12212:12220 ioctl 40046207 0 returned -16 [ 2336.976344] binder: 12212:12222 unknown command 1077953792 [ 2336.982363] binder: 12212:12222 ioctl c0306201 20000440 returned -22 04:16:40 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:40 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600005e060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:40 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xf0ffff}, 0x0) [ 2337.120186] binder: 12228:12231 unknown command 1077954048 [ 2337.123082] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2337.133071] binder: 12228:12231 ioctl c0306201 20000440 returned -22 04:16:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100064800007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2337.173521] binder_alloc: binder_alloc_mmap_handler: 12228 20001000-20004000 already mapped failed -16 04:16:40 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600005f060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:40 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2337.220890] binder: BINDER_SET_CONTEXT_MGR already set [ 2337.235730] binder: 12228:12231 ioctl 40046207 0 returned -16 04:16:40 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x1000000}, 0x0) [ 2337.291057] binder: 12228:12244 unknown command 1077954048 [ 2337.317335] binder: 12228:12244 ioctl c0306201 20000440 returned -22 04:16:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100064c00007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2337.375915] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:16:40 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000080)={0x0, "7c7cd9d0794396598fa13ea0f03f88ea4d05000000c0150b116487a8e540"}, 0x26, 0x800) 04:16:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00474040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:40 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000060060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:40 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x2000000}, 0x0) 04:16:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100066000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2337.709164] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2337.736291] binder: 12265:12267 unknown command 1077954304 [ 2337.744324] binder: 12265:12267 ioctl c0306201 20000440 returned -22 04:16:40 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r1, 0x110, 0x4, &(0x7f0000000040)=0x2, 0x4) msgsnd(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0100c72900010000da5495c1cf5d8faeac487b3b52460fa202cbd1ec80fe9176bfd15575d3258fa00c730e16188b7a8cc096812176bcbbf53e117ccd9435b3b73fe78fba5c440b8409351eed52385560ddc0e187aa699bab611b5d2a7bc065cbbaa77d4f4112"], 0x8, 0x0) 04:16:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100066800007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2337.757214] binder_alloc: binder_alloc_mmap_handler: 12265 20001000-20004000 already mapped failed -16 [ 2337.767581] binder: BINDER_SET_CONTEXT_MGR already set [ 2337.773126] binder: 12265:12267 ioctl 40046207 0 returned -16 [ 2337.779629] binder: 12265:12271 unknown command 1077954304 [ 2337.800100] binder: 12265:12271 ioctl c0306201 20000440 returned -22 04:16:41 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000061060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:41 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x3000000}, 0x0) [ 2338.022588] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:16:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00484040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:43 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) ioctl$RTC_WIE_OFF(r1, 0x7010) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000040)=0x4, 0x4) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:16:43 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:43 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100066c00007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:43 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000062060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:43 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x4000000}, 0x0) 04:16:43 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x9) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) ioctl$NBD_CLEAR_QUE(r1, 0xab05) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a5345acbfbac11d"], 0x8, 0x0) getsockopt$inet6_dccp_int(r1, 0x21, 0x1, &(0x7f0000000040), &(0x7f0000000080)=0x4) [ 2340.397835] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2340.412878] binder: 12295:12304 unknown command 1077954560 [ 2340.423911] validate_nla: 10 callbacks suppressed [ 2340.423935] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2340.439545] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2340.442480] binder: 12295:12304 ioctl c0306201 20000440 returned -22 [ 2340.470261] binder_alloc: binder_alloc_mmap_handler: 12295 20001000-20004000 already mapped failed -16 04:16:43 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x5000000}, 0x0) 04:16:43 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = msgget(0x2, 0x12) msgrcv(r2, 0x0, 0xffffffffffffffcf, 0x0, 0x1804) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000240)) sendmsg$unix(r1, &(0x7f0000000200)={&(0x7f0000000040)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000180)=[{&(0x7f00000000c0)="a4601b1566dbd82d57de7b83e9693bdfc1c9ce962ce1bc48a66d0c2be1911ea008dffc8c0b7eb7f3f5ab72c28e5bac5e673f7af6001326fa04d5de36bfc2c8c69c9012720671837f81b764579c8cabdc83154e77aba387d3626347890c41bf457d542c8c437af55e55f625bcbbca6594708ebf447dc9b730352c4fac0736a850feea302115a89644ff03d9e7496f3209b5f1a613369cceec2e94e780410271db8bfc3a97651cbf117028afbde08c8d60ae5657d464295e2cfa7be1656f3e", 0xbe}], 0x1, &(0x7f00000001c0)=[@rights={0x30, 0x1, 0x1, [r0, r1, r1, r0, r1, r0, r0, r0]}], 0x30, 0x40}, 0x10) 04:16:43 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000063060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2340.498104] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2340.501296] binder: BINDER_SET_CONTEXT_MGR already set [ 2340.511287] binder: 12295:12310 unknown command 1077954560 [ 2340.523296] binder: 12295:12304 ioctl 40046207 0 returned -16 [ 2340.531005] binder: 12295:12310 ioctl c0306201 20000440 returned -22 04:16:43 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100067400007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00494040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2340.640521] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:16:43 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000040)={0x2, 0x0, [0x8001, 0x2, 0x9, 0x88, 0xffffffffffffffff, 0xffffffffffffffff, 0x6, 0xffffffff]}) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) [ 2340.702386] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2340.702699] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2340.748363] binder: 12328:12331 unknown command 1077954816 [ 2340.754396] binder: 12328:12331 ioctl c0306201 20000440 returned -22 [ 2340.771432] binder_alloc: binder_alloc_mmap_handler: 12328 20001000-20004000 already mapped failed -16 [ 2340.782495] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2340.790450] binder: BINDER_SET_CONTEXT_MGR already set 04:16:43 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x6000000}, 0x0) [ 2340.796151] binder: 12328:12334 unknown command 1077954816 [ 2340.811170] binder: 12328:12331 ioctl 40046207 0 returned -16 [ 2340.817585] binder: 12328:12334 ioctl c0306201 20000440 returned -22 [ 2340.910296] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:16:46 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:46 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000064060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="004a4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:46 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000), 0x8, 0x0) 04:16:46 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100067a00007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:46 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x7000000}, 0x0) [ 2343.472364] binder: 12349:12355 unknown command 1077955072 [ 2343.484325] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2343.485341] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2343.503495] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2343.508494] binder: 12349:12355 ioctl c0306201 20000440 returned -22 04:16:46 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2343.532801] binder_alloc: binder_alloc_mmap_handler: 12349 20001000-20004000 already mapped failed -16 [ 2343.554227] binder: BINDER_SET_CONTEXT_MGR already set [ 2343.563263] binder: 12349:12355 ioctl 40046207 0 returned -16 04:16:46 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x8000000}, 0x0) 04:16:46 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000065060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2343.583247] binder: 12349:12363 unknown command 1077955072 [ 2343.599815] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2343.602457] binder: 12349:12363 ioctl c0306201 20000440 returned -22 04:16:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="004b4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:46 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006f000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:46 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xa000000}, 0x0) [ 2343.731583] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:16:47 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000066060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2343.813079] binder: 12376:12380 unknown command 1077955328 [ 2343.836611] binder: 12376:12380 ioctl c0306201 20000440 returned -22 [ 2343.859236] binder_alloc: binder_alloc_mmap_handler: 12376 20001000-20004000 already mapped failed -16 [ 2343.899254] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:16:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060003007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:47 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000067060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2343.914914] binder: 12376:12384 unknown command 1077955328 [ 2343.929939] binder: BINDER_SET_CONTEXT_MGR already set [ 2343.944165] binder: 12376:12384 ioctl c0306201 20000440 returned -22 [ 2343.952212] binder: 12376:12388 ioctl 40046207 0 returned -16 [ 2344.029986] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:16:47 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) 04:16:47 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xe000000}, 0x0) 04:16:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="004c4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2344.299619] binder: 12402:12404 unknown command 1077955584 [ 2344.310391] binder: 12402:12404 ioctl c0306201 20000440 returned -22 [ 2344.319181] binder_alloc: binder_alloc_mmap_handler: 12402 20001000-20004000 already mapped failed -16 [ 2344.329309] binder: BINDER_SET_CONTEXT_MGR already set [ 2344.334761] binder: 12402:12404 ioctl 40046207 0 returned -16 [ 2344.339381] binder: 12402:12407 unknown command 1077955584 [ 2344.346399] binder: 12402:12407 ioctl c0306201 20000440 returned -22 04:16:49 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060005007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:49 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000068060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:49 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1b3}}, 0x400000002) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00'], 0x8, 0x0) 04:16:49 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="004d4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:49 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xf000000}, 0x0) [ 2346.686303] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2346.692351] validate_nla: 8 callbacks suppressed [ 2346.692361] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2346.708117] binder: 12419:12424 unknown command 1077955840 [ 2346.713784] binder: 12419:12424 ioctl c0306201 20000440 returned -22 04:16:49 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000069060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:49 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060006007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2346.728023] binder_alloc: binder_alloc_mmap_handler: 12419 20001000-20004000 already mapped failed -16 [ 2346.741865] binder: BINDER_SET_CONTEXT_MGR already set [ 2346.749579] binder: 12419:12424 ioctl 40046207 0 returned -16 [ 2346.760244] binder: 12419:12432 unknown command 1077955840 [ 2346.768322] binder: 12419:12432 ioctl c0306201 20000440 returned -22 04:16:50 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x10000000}, 0x0) 04:16:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="004e4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2346.883479] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2346.910421] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2346.920257] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2346.935077] binder: 12443:12445 unknown command 1077956096 [ 2346.941284] binder: 12443:12445 ioctl c0306201 20000440 returned -22 [ 2346.951105] binder_alloc: binder_alloc_mmap_handler: 12443 20001000-20004000 already mapped failed -16 [ 2346.965058] binder: BINDER_SET_CONTEXT_MGR already set [ 2346.974505] binder: 12443:12445 ioctl 40046207 0 returned -16 04:16:50 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x20000000}, 0x0) [ 2346.977363] binder: 12443:12446 unknown command 1077956096 [ 2346.986630] binder: 12443:12446 ioctl c0306201 20000440 returned -22 [ 2347.001359] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:16:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="004f4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060007007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2347.052663] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2347.155949] binder: 12453:12455 unknown command 1077956352 [ 2347.164112] binder: 12453:12455 ioctl c0306201 20000440 returned -22 [ 2347.193257] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2347.199836] binder_alloc: binder_alloc_mmap_handler: 12453 20001000-20004000 already mapped failed -16 [ 2347.211598] binder: BINDER_SET_CONTEXT_MGR already set [ 2347.217050] binder: 12453:12458 unknown command 1077956352 [ 2347.217066] binder: 12453:12458 ioctl c0306201 20000440 returned -22 [ 2347.229739] binder: 12453:12455 ioctl 40046207 0 returned -16 04:16:52 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:52 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600006a060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:52 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x3f000000}, 0x0) 04:16:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00504040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:52 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006000a007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:52 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000101000014"], 0x8, 0x0) 04:16:52 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000000)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r1, 0x4010641c, &(0x7f00000000c0)={r2, &(0x7f0000000080)}) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYRESHEX=r0], 0x1, 0x0) [ 2349.752739] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2349.758028] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2349.760723] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2349.769246] binder: 12471:12472 unknown command 1077956608 [ 2349.782310] binder: 12471:12472 ioctl c0306201 20000440 returned -22 04:16:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006a60b007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2349.794555] binder_alloc: binder_alloc_mmap_handler: 12471 20001000-20004000 already mapped failed -16 [ 2349.804747] binder: BINDER_SET_CONTEXT_MGR already set [ 2349.810281] binder: 12471:12472 ioctl 40046207 0 returned -16 [ 2349.821502] binder: 12471:12481 unknown command 1077956608 [ 2349.841174] binder: 12471:12481 ioctl c0306201 20000440 returned -22 04:16:53 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600006b060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:53 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x40000000}, 0x0) 04:16:53 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = inotify_add_watch(r1, &(0x7f0000000040)='./file0\x00', 0x20) inotify_rm_watch(r1, r2) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x10000, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:16:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00514040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2349.934515] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2350.058445] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2350.062314] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2350.098929] binder: 12498:12504 unknown command 1077956864 [ 2350.107163] binder: 12498:12504 ioctl c0306201 20000440 returned -22 [ 2350.129701] binder_alloc: binder_alloc_mmap_handler: 12498 20001000-20004000 already mapped failed -16 [ 2350.148847] binder: BINDER_SET_CONTEXT_MGR already set [ 2350.154233] binder: 12498:12504 ioctl 40046207 0 returned -16 [ 2350.173172] binder: 12498:12505 unknown command 1077956864 [ 2350.179222] binder: 12498:12505 ioctl c0306201 20000440 returned -22 04:16:55 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 04:16:55 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006000e007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:55 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600006c060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:55 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) accept4$nfc_llcp(r1, &(0x7f0000000100), &(0x7f0000000180)=0x60, 0x800) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) getsockopt$ARPT_SO_GET_INFO(r1, 0x0, 0x60, &(0x7f0000000040)={'filter\x00'}, &(0x7f00000000c0)=0x44) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="01005ed100000000"], 0x8, 0x0) 04:16:55 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x48000000}, 0x0) 04:16:55 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00524040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2352.800441] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2352.803940] binder: 12513:12516 unknown command 1077957120 [ 2352.828299] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2352.831877] binder: 12513:12516 ioctl c0306201 20000440 returned -22 [ 2352.851860] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2352.854442] binder_alloc: binder_alloc_mmap_handler: 12513 20001000-20004000 already mapped failed -16 [ 2352.869174] binder: BINDER_SET_CONTEXT_MGR already set [ 2352.874485] binder: 12513:12516 ioctl 40046207 0 returned -16 [ 2352.881263] binder: 12513:12527 unknown command 1077957120 [ 2352.892367] binder: 12513:12527 ioctl c0306201 20000440 returned -22 04:16:56 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x4c000000}, 0x0) 04:16:56 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600006d060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00534040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:56 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r1, 0x5386, &(0x7f0000000040)) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) [ 2352.974829] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:16:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006000f007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:56 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600006e060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2353.049282] binder: 12536:12539 unknown command 1077957376 [ 2353.070758] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2353.086568] binder: 12536:12539 ioctl c0306201 20000440 returned -22 [ 2353.108026] binder_alloc: binder_alloc_mmap_handler: 12536 20001000-20004000 already mapped failed -16 [ 2353.143896] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2353.151367] binder: BINDER_SET_CONTEXT_MGR already set [ 2353.162099] binder: 12536:12550 unknown command 1077957376 [ 2353.162542] binder: 12536:12539 ioctl 40046207 0 returned -16 [ 2353.174289] binder: 12536:12550 ioctl c0306201 20000440 returned -22 [ 2353.179573] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2353.225402] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:16:58 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 04:16:58 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x60000000}, 0x0) 04:16:58 executing program 3: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x44100, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000"], 0x8, 0x0) ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f0000000080)) 04:16:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00544040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:58 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600006f060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:58 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060020007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2355.826817] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2355.846686] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2355.848439] binder: 12559:12569 unknown command 1077957632 [ 2355.860145] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:16:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006003f007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2355.877889] binder: 12559:12569 ioctl c0306201 20000440 returned -22 [ 2355.889333] binder_alloc: binder_alloc_mmap_handler: 12559 20001000-20004000 already mapped failed -16 [ 2355.899737] binder: BINDER_SET_CONTEXT_MGR already set [ 2355.909530] binder: 12559:12569 ioctl 40046207 0 returned -16 [ 2355.911751] binder: 12559:12573 unknown command 1077957632 [ 2355.921484] binder: 12559:12573 ioctl c0306201 20000440 returned -22 04:16:59 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x68000000}, 0x0) 04:16:59 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000070060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:59 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) [ 2355.981705] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:16:59 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgget$private(0x0, 0x2) r2 = msgget(0x2, 0x400) msgrcv(r2, 0x0, 0x0, 0x3, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="01003a2d9d87c06855"], 0x8, 0x0) 04:16:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00554040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2356.053606] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2356.113616] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2356.144628] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2356.156855] binder: 12592:12593 unknown command 1077957888 04:16:59 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x6c000000}, 0x0) [ 2356.162751] binder: 12592:12593 ioctl c0306201 20000440 returned -22 [ 2356.171579] binder_alloc: binder_alloc_mmap_handler: 12592 20001000-20004000 already mapped failed -16 [ 2356.182553] binder: BINDER_SET_CONTEXT_MGR already set [ 2356.188071] binder: 12592:12593 ioctl 40046207 0 returned -16 [ 2356.194782] binder: 12592:12597 unknown command 1077957888 [ 2356.211328] binder: 12592:12597 ioctl c0306201 20000440 returned -22 04:16:59 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000071060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060040007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00564040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:16:59 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x74000000}, 0x0) [ 2356.346060] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2356.378988] binder: 12609:12610 unknown command 1077958144 04:16:59 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000072060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:16:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060048007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2356.404572] binder: 12609:12610 ioctl c0306201 20000440 returned -22 [ 2356.428291] binder_alloc: binder_alloc_mmap_handler: 12609 20001000-20004000 already mapped failed -16 04:16:59 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x7a000000}, 0x0) 04:16:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00574040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2356.473636] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2356.482626] binder: BINDER_SET_CONTEXT_MGR already set [ 2356.491860] binder: 12609:12610 ioctl 40046207 0 returned -16 [ 2356.498057] binder: 12609:12614 unknown command 1077958144 [ 2356.503880] binder: 12609:12614 ioctl c0306201 20000440 returned -22 [ 2356.620670] binder: 12625:12626 unknown command 1077958400 [ 2356.631041] binder: 12625:12626 ioctl c0306201 20000440 returned -22 [ 2356.667740] binder_alloc: binder_alloc_mmap_handler: 12625 20001000-20004000 already mapped failed -16 [ 2356.678321] binder: 12625:12629 unknown command 1077958400 [ 2356.680032] binder: BINDER_SET_CONTEXT_MGR already set [ 2356.684156] binder: 12625:12629 ioctl c0306201 20000440 returned -22 [ 2356.704680] binder: 12625:12626 ioctl 40046207 0 returned -16 04:17:02 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 04:17:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006004c007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:02 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000073060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:02 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x9effffff}, 0x0) 04:17:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00584040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:02 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) ioctl$TUNGETFEATURES(r1, 0x800454cf, &(0x7f0000000040)) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f00000000c0)={0x0, 0x57, &(0x7f0000000080)={0x0, 0x37a}, 0x1, 0x0, 0x0, 0x3}, 0x8000) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) [ 2359.107662] validate_nla: 6 callbacks suppressed [ 2359.107671] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2359.120857] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2359.121979] binder: 12645:12646 unknown command 1077958656 [ 2359.144751] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:17:02 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) clone(0x200, &(0x7f0000000040)="b71946baeeb151d2181cc4b9feab38d421ceb7656beac8e3587131274fa3e56659134d905ad47faa4c5414f6d34bfd8a315215d918b3fe26cfc6a1cb18d21632babe19f47a96c97935c2d1d3eb3e7c2f73af449d81d8ae89a2e50ed0083a8362ed5c0a6dd1157b2d9981ecd30cc6342f32b7520221d30571119a4e0ccbe4e6a7af4be3290077226f8d03c2bb794f3b3b", &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="0dc289ed") sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:17:02 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xaf200000}, 0x0) [ 2359.174117] binder: 12645:12646 ioctl c0306201 20000440 returned -22 04:17:02 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000074060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060060007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2359.252940] binder_alloc: binder_alloc_mmap_handler: 12645 20001000-20004000 already mapped failed -16 [ 2359.287026] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2359.299793] binder: BINDER_SET_CONTEXT_MGR already set [ 2359.312870] binder: 12645:12646 ioctl 40046207 0 returned -16 [ 2359.321856] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2359.343783] binder: 12645:12667 unknown command 1077958656 04:17:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00594040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2359.364736] binder: 12645:12667 ioctl c0306201 20000440 returned -22 [ 2359.365001] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:17:02 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xf0ffffff}, 0x0) [ 2359.450430] binder: 12672:12673 unknown command 1077958912 [ 2359.498645] binder: 12672:12673 ioctl c0306201 20000440 returned -22 [ 2359.525733] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2359.546525] binder_alloc: binder_alloc_mmap_handler: 12672 20001000-20004000 already mapped failed -16 [ 2359.563859] binder: BINDER_SET_CONTEXT_MGR already set [ 2359.593683] binder: 12672:12673 ioctl 40046207 0 returned -16 [ 2359.604227] binder: 12672:12681 unknown command 1077958912 [ 2359.624039] binder: 12672:12681 ioctl c0306201 20000440 returned -22 04:17:05 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 04:17:05 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060068007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:05 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000075060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:05 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000900364b5cb02cf2b9121815c461050485e15302bf546f4510c6431cf57512ef8eeac5be4f26e9ca0c302908180b83c9c8b77edff4da8220cef584fc97e6c386ed2c47fce78997b3079cf62ca9415d73ad4b411197fef4ce48217620fa821fcb2de63acaa08850"], 0x8, 0x0) 04:17:05 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xfffff000}, 0x0) 04:17:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="005a4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2362.193742] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2362.212229] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2362.231646] binder: 12688:12693 unknown command 1077959168 [ 2362.247885] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2362.258934] binder: 12688:12693 ioctl c0306201 20000440 returned -22 [ 2362.267495] binder_alloc: binder_alloc_mmap_handler: 12688 20001000-20004000 already mapped failed -16 [ 2362.277347] binder: BINDER_SET_CONTEXT_MGR already set [ 2362.280147] binder: 12688:12700 unknown command 1077959168 [ 2362.286063] binder: 12688:12693 ioctl 40046207 0 returned -16 04:17:05 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x39e, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) [ 2362.297067] binder: 12688:12700 ioctl c0306201 20000440 returned -22 [ 2362.299703] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="005b4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:05 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000076060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:05 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006006c007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:05 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xffffff7f}, 0x0) [ 2362.458099] binder: 12706:12711 unknown command 1077959424 [ 2362.499343] binder: 12706:12711 ioctl c0306201 20000440 returned -22 04:17:05 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = msgget(0x0, 0x40) msgsnd(r2, &(0x7f0000000140)={0x0, "3dcff6dd91f9bd3d8370eab7fcabfa676ac49f18b0dec1a937d22ccc9effb31bd6a6696a0ff8b9c650a2162e8b328ae08f0274137a9b17a88132c860c4aaaefb1c3395db092cc01ad58de511509424598d37543111b83984630fb3be79af3bc1d5f0675afb3b894ff3b195763596ecfd7305dd12763910cf"}, 0x80, 0x800) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000100)={0x0, 0x26d, &(0x7f00000000c0)={0x0}}, 0x0) ioctl$KDGETKEYCODE(r0, 0x4b4c, &(0x7f0000000540)={0x80000001}) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000d774"], 0x8, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000500)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x210400}, 0xc, &(0x7f00000004c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="1003e6db69925958833e9fa9ae3393cf570400", @ANYRES16=r3, @ANYBLOB="00082dbd7000fbdbdf2516000000180004001400010062726f6164636173742d6c696e6b00003c0001000c000200080001000e00000008000300bce000000800030004000000140002000800030007000000080003000400000008000300030000001400060008000100400000000800010001000000580007000c00030000040000000000000c00030005000000000000000c00030001000000000000000c000300ffff0000000000000c00030071d7ca7f000000000c00040001010000000000000c0003000600000000000000040101002c0004001400010002004e207f00000100000000000000001400020002004e22ac14141c000000000000000044000400200001000a004e2106000000fe8000000000000000000000000000bbff010000200002000a004e2002000000fe8000000000000000000000000000bb00ef000044000400200001000a004e21ff070000ff01000000000000000000000000000100000000200002000a004e2240000000fe8000000000000000000000000000bb01040000100001006574683a677265300000000024000200080004000000000008000300c50800000800040006000000080003000000000008000300bd0d0000080003000800000008000300040000001400050008000100657468000800010075647000c40001001000010069623a69726c616e3000000044000400200001000a004e23260000000000000000000000000000000000000038db0000200002000a004e2005000000000000000000000000000000000000000300000034000200080004000800000008000400000000000800010009000000080001001a0000000800030054090000080002002e0600000800030001000000140002000800030012000000080003000100000008000300070000001400020008000200010000000800040008000000cc00040034000700080001001200000008000100040000000800020000020000080004000000000008000300b300000008000200070000000c00010073797a30000000000c00010073797a31000000000c00010073797a31000000001400010062726f6164636173742d6c696e6b00003c00070008000400830000000800020006000000080001001300000008000400080000000800010013000000080003000008000008000200030000000c00010073797a310000000014000700080002001e4100000800020005000000"], 0x37c}, 0x1, 0x0, 0x0, 0x80}, 0x800) [ 2362.518946] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2362.519105] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2362.528080] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2362.543828] binder_alloc: binder_alloc_mmap_handler: 12706 20001000-20004000 already mapped failed -16 [ 2362.596094] binder: BINDER_SET_CONTEXT_MGR already set [ 2362.617217] binder: 12706:12720 unknown command 1077959424 [ 2362.625415] binder: 12706:12720 ioctl c0306201 20000440 returned -22 [ 2362.652370] binder: 12706:12719 ioctl 40046207 0 returned -16 04:17:08 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 04:17:08 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000077060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:08 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060074007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:08 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xffffff9e}, 0x0) 04:17:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="005c4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:08 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f0000000040)={0x8, 0x9, {0x57, 0x8000, 0xffff, {0x20, 0xffffffffffff2cb4}, {0x6, 0xff}, @rumble={0x0, 0xffffffffffffffbb}}, {0x52, 0x7f, 0x5, {0x3f, 0x1f}, {0xfffffffffffffff9, 0x1}, @rumble={0x2, 0xff}}}) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="4a009577f5ce8cb3"], 0x8, 0x0) [ 2365.283612] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2365.327478] binder: 12733:12740 unknown command 1077959680 [ 2365.327816] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2365.333198] binder: 12733:12740 ioctl c0306201 20000440 returned -22 [ 2365.349165] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2365.349273] binder_alloc: binder_alloc_mmap_handler: 12733 20001000-20004000 already mapped failed -16 [ 2365.366968] binder: BINDER_SET_CONTEXT_MGR already set 04:17:08 executing program 5: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 04:17:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="005d4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2365.372261] binder: 12733:12740 ioctl 40046207 0 returned -16 [ 2365.378652] binder: 12733:12746 unknown command 1077959680 [ 2365.385025] binder: 12733:12746 ioctl c0306201 20000440 returned -22 04:17:08 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006007a007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:08 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xfffffff0}, 0x0) 04:17:08 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000078060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:08 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") r1 = syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x202, 0x800000002009) ioctl$FS_IOC_FSGETXATTR(r1, 0xc0185500, &(0x7f0000000000)={0x0, 0x100000}) [ 2365.524881] binder: 12752:12755 unknown command 1077959936 [ 2365.547337] binder: 12752:12755 ioctl c0306201 20000440 returned -22 [ 2365.595408] binder_alloc: binder_alloc_mmap_handler: 12752 20001000-20004000 already mapped failed -16 [ 2365.632965] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:17:08 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, [], 0x13}, 0x1}, 0x1c) sendmmsg(r0, &(0x7f0000000240), 0x5c3, 0x0) fcntl$addseals(0xffffffffffffffff, 0x409, 0x0) read(0xffffffffffffffff, 0x0, 0x0) 04:17:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="005e4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2365.633571] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2365.642793] binder: BINDER_SET_CONTEXT_MGR already set [ 2365.660774] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2365.667639] binder: 12752:12755 ioctl 40046207 0 returned -16 [ 2365.678044] binder: 12752:12767 unknown command 1077959936 [ 2365.683876] binder: 12752:12767 ioctl c0306201 20000440 returned -22 04:17:08 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060ba6007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:09 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000079060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:09 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x40030000000000}, 0x0) [ 2365.789105] binder: 12772:12774 unknown command 1077960192 [ 2365.795313] binder: 12772:12774 ioctl c0306201 20000440 returned -22 [ 2365.824767] binder_alloc: binder_alloc_mmap_handler: 12772 20001000-20004000 already mapped failed -16 [ 2365.846287] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2365.865446] binder: 12772:12778 unknown command 1077960192 [ 2365.885764] binder: BINDER_SET_CONTEXT_MGR already set [ 2365.888883] binder: 12772:12778 ioctl c0306201 20000440 returned -22 [ 2365.904987] binder: 12772:12774 ioctl 40046207 0 returned -16 [ 2365.931662] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2365.942797] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:09 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) init_module(&(0x7f0000000200)='TIPCv2\x00', 0x7, &(0x7f0000000240)='\x00') r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_RESET_STATS(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x90, r2, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_SOCK={0x1c, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x810}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_NET={0x60, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x5}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x80000000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x23b4}, @TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x474}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffffffffffffff73}]}]}, 0x90}}, 0x4000) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgget(0x0, 0x80) r3 = msgget(0x1, 0x10) msgrcv(r3, 0x0, 0x0, 0x1, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) getrusage(0x1, &(0x7f0000000280)) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x200) 04:17:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600f0007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="005f4040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:09 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xf0ffffffffffff}, 0x0) 04:17:09 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600007a060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2366.167176] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2366.190139] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2366.197216] binder: 12796:12801 unknown command 1077960448 [ 2366.216412] binder: 12796:12801 ioctl c0306201 20000440 returned -22 [ 2366.224089] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2366.240508] binder_alloc: binder_alloc_mmap_handler: 12796 20001000-20004000 already mapped failed -16 [ 2366.250654] binder: 12796:12805 unknown command 1077960448 [ 2366.256594] binder: 12796:12805 ioctl c0306201 20000440 returned -22 [ 2366.257964] binder: BINDER_SET_CONTEXT_MGR already set 04:17:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060002007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:09 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x100000000000000}, 0x0) [ 2366.376086] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2366.405630] binder: 12796:12801 ioctl 40046207 0 returned -16 [ 2366.440199] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:17:09 executing program 5: mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8) r0 = syz_open_pts(0xffffffffffffffff, 0x0) fcntl$lock(r0, 0x400000009, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x101000000}) flock(r0, 0x3) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x80000000000002, 0x10, r1, 0x0) msgrcv(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="64869c37be72e4fddd7e0ae16087dcf944e3bd1a2db8fa8e584174f9f041d50a1a610268e1c239953aa7dc622e785b1102b8c283596d74c1289098b9552b33a9e61cbe8fe953baf566518ceaa2c684bd2f4ff174569d6c7a15acb7"], 0x1, 0x0, 0x0) 04:17:09 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600007b060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:09 executing program 3: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x82002, 0x0) ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000140)={0x7, {0x4, 0x6, 0x9, 0x7}}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) r3 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x1, 0x40000) ioctl$RTC_ALM_READ(r3, 0x80247008, &(0x7f00000000c0)) setsockopt$netrom_NETROM_T1(r2, 0x103, 0x1, &(0x7f0000000040)=0x5, 0x4) sendmsg$IPVS_CMD_GET_DEST(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:17:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00604040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:09 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x200000000000000}, 0x0) 04:17:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060003007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:09 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) ioctl$KVM_S390_INTERRUPT_CPU(r1, 0x4010ae94, &(0x7f0000000040)={0x11, 0x8, 0x1f}) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) r2 = msgget(0x1, 0x0) msgsnd(r2, &(0x7f0000000100)={0x1, "007be0ab6b"}, 0xd, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000080)={0x1, 0x0, {0x5, 0x5, 0x301f, 0x5, 0xe, 0x5, 0x0, 0x4}}) recvfrom$llc(r1, &(0x7f0000000140)=""/242, 0xf2, 0x40, 0x0, 0x0) [ 2366.687757] binder: 12821:12824 unknown command 1077960704 [ 2366.717743] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2366.723629] binder: 12821:12824 ioctl c0306201 20000440 returned -22 04:17:09 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PPPIOCGUNIT(r1, 0x80047456, &(0x7f0000000040)) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0)='nbd\x00') sendmsg$NBD_CMD_STATUS(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x40, r2, 0xf00, 0x70bd2d, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SOCKETS={0xc, 0x7, [{0x8, 0x1, r1}]}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x9}]}, 0x40}, 0x1, 0x0, 0x0, 0x40010}, 0x4800) msgsnd(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000576a9adb195835ee1cf41775d9c0f4e2a05683dbb27027d5486a0427a1f86bf420344d962f90932abbfd33df165b5be2bd046367b693d489e2262874550408bb89d9077ccff17af6401d06101c57f47592f7c188dd07b2ccc982cc9c1ec08768660dd592aa10a097c22c227878191f7dcadd750198f3b653b22de1ab785e953624da4fbfac7482611d8640d70cc08b651816d0da9178772e0cea7196de9aa73efedfc4eca1d0095461e857733a211e98d77488a6f4ee6c3d09cf54482ea94f85b116e78803a464305ba789c36646dbb32fe1655546454"], 0x8, 0x0) ioctl$SIOCRSGCAUSE(r1, 0x89e0, &(0x7f00000001c0)) [ 2366.754457] binder_alloc: binder_alloc_mmap_handler: 12821 20001000-20004000 already mapped failed -16 [ 2366.775531] binder: BINDER_SET_CONTEXT_MGR already set [ 2366.784587] binder: 12821:12832 unknown command 1077960704 [ 2366.792417] binder: 12821:12824 ioctl 40046207 0 returned -16 04:17:10 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060004007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:10 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x300000000000000}, 0x0) 04:17:10 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600007c060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2366.845538] binder: 12821:12832 ioctl c0306201 20000440 returned -22 04:17:10 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x1ff, 0x80) r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0)='team\x00') getpeername$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0}, &(0x7f0000000180)=0x14) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f00000001c0)={0x0, @multicast1, @multicast2}, &(0x7f0000000200)=0xc) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000240)={0x0, @remote, @local}, &(0x7f0000000280)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000880)={{{@in=@initdev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in=@multicast2}}, &(0x7f0000000980)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f00000009c0)={{{@in=@loopback, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@loopback}}, &(0x7f0000000ac0)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000b80)={{{@in6=@ipv4, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@local}}, &(0x7f0000000c80)=0xe8) getpeername$packet(0xffffffffffffff9c, &(0x7f0000000d80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000dc0)=0x14) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000e00)={{{@in6=@ipv4={[], [], @loopback}, @in6=@ipv4={[], [], @empty}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@dev}}, &(0x7f0000000f00)=0xe8) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x20, &(0x7f0000001080)={@loopback, @empty, 0x0}, &(0x7f00000010c0)=0xc) getsockopt$inet6_mreq(r0, 0x29, 0x1f, &(0x7f0000001100)={@empty, 0x0}, &(0x7f0000001140)=0x14) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000004c80)={@loopback, @multicast1, 0x0}, &(0x7f0000004cc0)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000004d00)={{{@in6=@mcast2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@loopback}}, &(0x7f0000004e00)=0xe8) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000004e40)={0x0, @rand_addr, @local}, &(0x7f0000004e80)=0xc) accept$packet(0xffffffffffffff9c, &(0x7f0000004f80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000004fc0)=0x14) sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f00000054c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000005480)={&(0x7f0000005000)={0x470, r2, 0x0, 0x70bd2a, 0x25dfdbff, {}, [{{0x8, 0x1, r3}, {0x3c, 0x2, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r4}, {0x164, 0x2, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x80000001}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r6}}, {0x8}}}, {0x64, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x34, 0x4, [{0x80, 0x8, 0x9de, 0x6}, {0xffffffff00000000, 0x80000001, 0x2}, {0x6, 0x4, 0x6, 0x5ed}, {0x2, 0x5, 0x7, 0x100000001}, {0x6, 0x5, 0x7, 0x4}, {0xffffffffffffffff, 0x10001, 0x7, 0x100000000}]}}}, {0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r8}, {0x74, 0x2, [{0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r9}}}]}}, {{0x8, 0x1, r10}, {0xf4, 0x2, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x1}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r11}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r12}}}]}}, {{0x8, 0x1, r13}, {0x12c, 0x2, [{0x3c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0xc, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r14}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r15}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r16}}}, {0x3c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0xc, 0x4, [{0x0, 0x7, 0x9, 0x2}]}}}]}}]}, 0x470}, 0x1, 0x0, 0x0, 0x4000000}, 0x400c001) r17 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r17, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="79b5635f0b9ad4f12c775e7ed680ab7db086ee3795ca26f6864305ea118ec4f0a41831275464250de3eaf232c911c56d5369c9bcf60d61949c277d076d94f015be61c859ced581970def06ff0e8f99ed810ad7c7fb8d4f30ceb69b11d6da227cf58dd9fa4051c292c37aaf1005b422b3f4e80a"], 0x8, 0x0) [ 2366.985476] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:10 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x400) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:17:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00614040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:10 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) 04:17:10 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600007d060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:10 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060005007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:10 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x400000000000000}, 0x0) 04:17:10 executing program 5: syz_mount_image$gfs2(&(0x7f0000000140)='gfs2\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='hostdata=l']) [ 2367.654463] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2367.690680] binder: 12869:12877 unknown command 1077960960 04:17:10 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x8000008000000500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) fcntl$getflags(r1, 0x1) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f00000003c0)={0x4, &(0x7f0000000380)=[{0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_RM_CTX(r1, 0xc0086421, &(0x7f0000000400)={r2}) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000f200"], 0x8, 0x0) socket$isdn(0x22, 0x3, 0x7) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYBLOB="85000300000d899837000000000000200000"], &(0x7f0000000080)=0x16) accept4$packet(r0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000001c0)=0x14, 0x0) fstat(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_tcp_buf(r0, 0x6, 0xb, &(0x7f00000004c0)=""/21, &(0x7f0000000500)=0x15) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000280)={{{@in=@local, @in=@rand_addr=0x98, 0x4e21, 0x0, 0x4e23, 0x5, 0xa, 0xa0, 0x80, 0xff, r4, r5}, {0x9bb4, 0x9, 0x2, 0xfffffffffffffffb, 0x100, 0xfffffffffffffff9, 0x4, 0x2}, {0x2ad, 0x5, 0xd, 0x8}, 0x7, 0x6e6bc0, 0x2, 0x1, 0x2, 0x3}, {{@in6=@local, 0x4d6, 0x32}, 0xa, @in=@loopback, 0x3501, 0x2, 0x3, 0x0, 0x7fffffff, 0x7}}, 0xe8) getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f00000000c0)={r3, 0x8, 0x2, 0x1}, &(0x7f0000000100)=0x10) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x4000, 0x0) 04:17:10 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x500000000000000}, 0x0) [ 2367.715334] binder: 12869:12877 ioctl c0306201 20000440 returned -22 04:17:10 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600007e060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:10 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060006007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2367.780965] binder_alloc: binder_alloc_mmap_handler: 12869 20001000-20004000 already mapped failed -16 [ 2367.856072] binder: BINDER_SET_CONTEXT_MGR already set [ 2367.861432] binder: 12869:12877 ioctl 40046207 0 returned -16 [ 2367.875969] gfs2: not a GFS2 filesystem [ 2367.900263] binder: 12869:12892 unknown command 1077960960 [ 2367.908771] binder: 12869:12892 ioctl c0306201 20000440 returned -22 [ 2367.946287] gfs2: not a GFS2 filesystem 04:17:11 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x600000000000000}, 0x0) 04:17:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00624040000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060007007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2368.017097] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:11 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0adc1f023c123f3188a070") setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f00000005c0)={0x6, @dev, 0x0, 0x0, 'rr\x00', 0x2, 0x80000000, 0x2b}, 0x2c) 04:17:11 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600007f060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2368.131853] binder: 12907:12911 unknown command 1077961216 [ 2368.146226] binder: 12907:12911 ioctl c0306201 20000440 returned -22 04:17:11 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = open(&(0x7f0000000040)='./file0\x00', 0x200400, 0x92) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) exit(0x1) msgsnd(0x0, &(0x7f00000000c0)=ANY=[@ANYRESHEX=r2], 0x1, 0x803) 04:17:11 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x700000000000000}, 0x0) [ 2368.184320] binder_alloc: binder_alloc_mmap_handler: 12907 20001000-20004000 already mapped failed -16 [ 2368.226637] IPVS: ip_vs_svc_hash(): request for already hashed, called from do_ip_vs_set_ctl+0x1b5d/0x1da0 04:17:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060008007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2368.273332] binder: BINDER_SET_CONTEXT_MGR already set [ 2368.282382] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2368.293321] binder: 12907:12911 ioctl 40046207 0 returned -16 [ 2368.301822] binder: 12907:12925 unknown command 1077961216 04:17:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00636140000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2368.326613] binder: 12907:12925 ioctl c0306201 20000440 returned -22 [ 2368.334872] IPVS: ip_vs_svc_hash(): request for already hashed, called from do_ip_vs_set_ctl+0x1b5d/0x1da0 04:17:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={r2}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000780)={r2, 0x0, 0x3}) 04:17:11 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000081060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:11 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000001b00)=0x0) lstat(&(0x7f0000001b40)='./file0\x00', &(0x7f0000001b80)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r0, &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = gettid() lstat(&(0x7f0000001c80)='./file0\x00', &(0x7f0000001cc0)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000001d40)='./file0\x00', &(0x7f0000001d80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000002440)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x1, &(0x7f0000002400)='\x00'}, 0x30) getresuid(&(0x7f0000002480), &(0x7f00000024c0), &(0x7f0000002500)=0x0) lstat(&(0x7f0000002540)='./file0\x00', &(0x7f0000002580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmmsg$unix(r1, &(0x7f0000002640)=[{&(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001880)=[{&(0x7f0000000100)="6b49a211acb626c7fbe6ec3063e00267176635e03f4a014126b44bec87734d924a38d9e80a998f68daafc144aa1c580e3722c11f099e738d59534cfb8f08d9c61973c7710e870096aa07ebe87d20c0dd9472a4c733f1fdac42539efaec7182157a5cf522624ccb68928b334dda21e81dec7802453e51e233bfe9ae477ff832254903df80b40278e1d1e1abdfdb", 0x8d}, {&(0x7f00000004c0)="a2b9b0eb86b250d8fced6be09ae79b98499b9ffb03400ff3c7d856b34429221806cecfba82c20f687c1b1036ddc7bc6a15193bd4991b332b786ceb57bfedaf97538bd28f0fe51e18cda18c7e0306ac92b208a62e842271b75890b23f82adb239b16c4c9fa91b6ee2c51044ab912ece6846d374f865611457f8053ffefbcc6f3e1f30c1099466243d31105d3c159e262b75b83574dbf2854c5c576ba22b74b4d3f7bf34b5bed89ea784ca234fb538a5c45fb96be9ffab0cb37b6295035c3a33218297f36c097b01f0ac905d8af065100d36d80a4f514b1372006ec4516c97f74402c42f54c1a4be4aa150b955fd887adbe95434979dec85dfba8b979e9ef7e79010e09cfaf2c86350abb9e37144765bda4c38a255f676d621ca843de439af99300593b6079763e223a175dbf8cb12a36b5feda03f62c178c4d77c29ce2dcb6e0f389bc22489b4e4c29e7fea7b570ae0aa32db3443f9ae90b5bd17c5358145f1d9ded349d9938de69f719a6a13021cc50ab0eb7f397ca6fbaf447eb29d5a26dc3a50e6ef0e511f54f2ed83dc1963264b70d78288858b2f4606ac083d440bdf4e753ed7137532d002eda02c7eed827fa828ddf4e5c14b40cf77ec6c6861536baa6eb4fe5d85d2bd50a35a489b394cd0c79e6a25a8a0223042fcd698c1c16af2cd27746bb94a99538c3a274c5a4cc4b92a427ddcad39ed510d98fa639563715697b1fdab743e36117ade33068726a677bd0004d752ab81f25f0e5797a260910453ef4cf000d647f4231875687e2955bbc5148dfbb5185362cb75aed5c3b51ab4308fe36232df9144f538ae86c3a8c660f0b813171c76260295b6a34a5fc5c7f6958263e3c6bbf64a868ca229f85f1d1ddd3a747ecf4c1aa381ae77c84eae3c2534cbd87fa602fb8b0e78ca54b490641790f1548cbb8829854bcd5ed9db9b0612be9efba911976aaa4713a73886404ab871007ee5069897a3885a7e526b009b35b95a9429938fdcba2294873118fa8f21d4f14128f7c3e7e61549a99a479706bc0fe6cf2c2e3d06476d740c33d5d660911e42dfaae0943c1e9fe99192ee86c0798d2102b1916b118bf891621eb34a9b161bf66b689573e942c4f541c80ae360da984098f7435b2782e30b9eb52292c6a2128ac8574051215a67238639baebc14d00c7d8bc4f77bd11ad6dc5672ac03e948f19e318f9d0cb1623afc4452462a0adf10198af120e3f8a52416f87bba43c22d0e2bb0638bd32cc6c5010df0d310eb74ee3ce2a8666affcc7232453c11ac1df9194b979bf08c47450e6f5f322e25bd326c98d16b1453c0e47e94d485432a6e6bcf07a30ec0b45fb5f052b6c6e08863c9150d4c7bf99257e42faf5e8666e1c6140694613621035d86966123ace72206c5c24d8313748e23cd902cd85b3aabe512ce66957b1b96d4c4d197d4a78e1b6ae065d19f31f13653f0c40160f80710669a16a16e872ddace102e5fecb7f06b64685cff5c9ee67313ae51f3ddc0257b4287803654198668c6a7fbaa45f778d8593c986f681a1d9a4ae958e70e1857fa5ec907ea485f63dc8caaaa8d05bcb9c17d5468dc457562fe145f457b64b6ccbd95daef5d8eb5b93019e99aad911e74da88f121cd3bbdc80b155e5e1b98f0863edd3cbdbde8443d9c97b7175f9e708dbcef16e75f6eb58504db9acfe6cb99ce8434c8c3ae0a98dd847d2c4eb33ad0e1b283b691fd440ece255cb88012e23cb8c26647705cfa314d93da72cbac24496a294512c19e9ec165d9b445034bac7cb338ab15eb0b093b960ce2e0937dba821babc7cf027907aef1b64b560f452048bc39928af8543208bb7b6ed9a8a9281101ba6bfc33594a9774f98ce758a1716c50f278a37c6f8ed8cd64e47848fb984740813c40f482f937e9eadf9de8bee7935d71ea3d5a931d616def8449826215e6846f8320d932f36f107c9c15b0dc784a666b332cbb2f55acb4072a63a361fc12fcda5729e46ed1c478216e5a93760fba4adefbb1ada74130dfdda19796c1a737acab1ee9ba4982efc00eb76e837dd24a746705e0b528df0bc236671697144901b3c96344d25eaf3b8cc629a133372ef514a3ef81e24250dfe1eafc11c98e03c55da44744746305609c4d604cb500d845e588225e5e692a8f5dad2ec2a4627dcaa2706b07aebc761d8f66e1617568030dac8a0786c6a577c853417c3ba8b61c10d11ff2a79834d02bab135f9e79072f8f02d7ce6280a49f7b9ad27023588c5e589e57c84af10f72f366f12274a51156d2e325a3faa789fe04decebfa125cd6665aec862501ef9c50e97c1d0584ae36a1d06eb0999d237ba2139de8cba65ad8478a5cac3802c17be4c1fc7a58c678132219e3f51e7503888583d3ec969f4e97d8892940b842105c16edb2ab70a7e94ea0f31fb6426c3f298e6bc4ca951fb993a8c0be1cb7ebd0aae41f9e695bc820bdb05cf59a442926104586b96bfc44ed455a3cfada5115f1e0028db07495a2d528e9a042ae0f5026ca732fd240477ac437165f2c49f19adbd1eaf943937feb96ffc4c5ed7392eb5b95553920c833014b048f4c02030a9840ab435edb009fc4e9ae2d4d33757630482762dcf75862b3aad4099b847ea90011f65f5555f17836ef4f90181396da3560a4b190049d1b5f25f93627eaae4b673af38efcb1a14cef65606129f31435ab440f2807a069b890173046bd762e74cf31cdf3f2ac6c5e56bd709d57b2e7e4fffaae08ba0f43fee780fc872b2ca70466a597062430ccca228dc7cdafa7cd166273e773f4e6f74396c848b6e7eb52c4d59c751b96348526a2e63d390f74f1e86ae02a75249244a492e8e1ec7d0167388b164257c79d9e1533a5e8e9082bb5f42c8905eeff68c9ee02bd49a2b351314ab4e854c6731b49287f57e8df5dd08a544328cb8e0e5fb4fcf02f271a005b21c0b7d54e4e219cbadc66743a55d98afa222ebe4da9620e9d1d38a426030891a8bdbc609e3126b2fc24b2c02e32611daa648f92baec3927411bbe5eccf9b71fc411c6fcc27da7ff1ab572e056d3fec8631bb5beb779c313745cd851266d72291e8db9f847cad93d995148021020733a5d567e182886a01aaea1e61ba3f983d33697f5f62ae478cc378e4ffced2bb9856c527d0585e5f3102bdf27f8f322b935ccce06ffc4d0ef12eb7cf2cc6a18259785efe7513e89b87f002c807b2dc896bcacf3a9e6c5eb729eea0b1ca50afad07320dd3c139cc52ab3333e63cb7d711249e4f804889ff2a0abd870d8505e3cc26a949d89dd76c08b3eb068e21200a99e79887624ed0ceb2c78bb7d1caddf83109b9f4ae6c81ad5088d99ffc9acce764fb4dc10130fc0db59d6a33ff2608ec646b6a1f9e387d4ce0466fa76e8ead78e5fab0e4540617db330cda62cb2be2291e62ab2af6c5b52fc9d70321c01766fa2d502d2fc5c61021654c4b23945877e74a1e89f4ed6e05a23c1329f4cfb1c0caca4f2e35d6875787ddb9192e59136abbc0d1aae6bf799a8bbe816e896b34933141667d0d38d70948296945c1b4587591d16ce6b78121627cb7159ca7b942213278f530b5421b444303525dd57eaf118857a7ea0abee58ee7ffbb69dd28b182c362777788682d41ac0f6f67e55cb2b982d19df5f466bebfc94d898ef6e3920074528142e6939fff90cf51064534f204c0f1d8f61f2574e63307e711c4d65fe9a5d8577d42b61291fe172a6a2cda5b295d6a205a9089918fec04323c4a5fd3c034218770155e1384e48e94d8f79ced1c9345feaff526d0cef8c13e4ca965cd9d923ec08eb6a84baa97498584c99903bcb492dd02401baaa0b6424f1e1ebde6c8b860649a55caf751181d5be56510d294f6dca4f5773f02261b2a51dac51435d3062dcd12b7468b91650ba03cc5a770a1c31dc7983869244e958950bf0356c6bf4cb46345c24705ae000080aaa127ea4428761eda9896c4a3be44ae4c6c4728deb9c58b01595a2193c674b3244edcf7844e6bb93caf58c08b90dd022d6a54dbf4d5163e6ae66462fbceca6c414e13aa3392cddad0416bb7888b18bf53de5ce7de8e2cbca830ad81c3ad5cf687c39f270f96ad0a555103efdef4a95a6e505982224a81f86fdad91390b9e6b1b939cf65b78c5acac158a3358f8d9869ab6718ccf7a68ade760243f7af71c04ce61e7443c5de9be8c53d2329e90b101325716455fb21bfd09e138107b85643bc831d44b6c32d23da74288e4844415e8cf343f3ce4b8ae19d99497d46dd5927f4b4a5f0f66ef168d8e8097d0bab5b3c0ed1fcdd1e6acf234ae76dfe7945b3d1c484536bcebe095b3e6833304cb7da233a757a52f8b51e779454b11ffe4c81775ddc957fa1e4af8b6061c0d2f4bd4257e33c9f836028d5a4e8c665865218a50a22d3e1b2ca6dc6320ce5ec17d6dfb2e457040a8034dcbc97fe90125cbffa9bed6694c27d6e70262616c757263c79b358c6d3b07511fa620e2482cd8e559bde64113fbb030304f3d887fcd68998dcde3365b89cdbdfda1a0dadb164e8a2c65edeaebee0692d8df97f80fd9b773a3ab768d211cc7e5df99e36193b8b5fc52800258a3fffcc8db365520a6117b510e3bc888006d2e104eaf4b493efd24c032cc2e637749031005191799192b01a3c4f9e87649e2a639e889dc1f78f90552792e4e0c0d87b0099d2fdac359af3089f2f9802ffe3323a34872e6df594333a8164c526089f965cf7ef91b36d0b83b3461966d34222f0db52a8026c9e17b84c6459b8f284a8e4002523469d3d112f99d4e79205c9262aa87217222987cf2cf1b5d6e0439f083be4d46d52cb629736d7006e3f3a29d2dbfb4c1835b137602188b9f2ee768d15a0a7f960562b3ac3eb8e19e668e0817b9496f7d82b22336e61398567974a84b3cc470f7297e4ddef1d1c612def1e327d0bc837abbab617b1ab2d4ae797bdf0a5a0f37df496a89b6a3f7b2eb9c16a93da8971fec8456db1d54a2b45cada7e31c9c638a88135bf85ec9317cb90c52c81ae9d6d28a6ec6fef93d6b7c9be1feb7d83027e296d24869724b2ca4e32b2f806323cd0fbcb82de3a491c0ab0e57354860d27f90d51aaf8e22e127b7ed2c352295c93549872d12f4cb688da909f316b87e813f73a5410eb44a794b3f7cf95b7c48176027af4468184ab0fa8df88c9669a1c91f9667b726091baff79a9800a1ac9095b24a9e2e4e71013a7252381e58d16bf528ddffb939622f8431635fc5ac1b32c9910d0df054ee1a04a3d96bee08bb4733e6f04be1a28182f863809484bfe5e8f340123cc0a8674e04bdd06fd0b55b2f4fa6a486dc1c17d7ee7d796fe405e81a11ac2edeff2cb3b58f895070d2dd29a5eed9c76f2a0dd6a986ee308240e4026ce95a602b29ee370fad535de2a6f73db7217bafb12266d5d8b1b10e27116e1fd49f16067b7a33db2127477e24e684d37f60eba94611d9d4f51fe3cfe7d6df35b68fe2cd3f2163ee8c46a259831c90ad6c99d93b629fc62b1fcc0b52a3f2695f9b25ba28fd816187ae4fccc56ecb056903f921fd568a08c2c87a39ec8778bb949dc56c67084e977f4c4e580de7eb612ba5f5653143b9651f2a3d6fd3e8a5527b0078ab535d25831bddb44b77ffeeeef6a973cce44177c4250113a1f2538c4b9b1df1ba08636e791e735113c1ef98bdaf68a64087e76876d1dabc74c3b463735288ee046828e2ef931af0791ca8574cd6432491423440b3d9f16e7027b7ffdaf5e3ee5e574a224d44bcbc1e45aaf7e82f3f315a518aa977cc29e074663cd38a1f0d73a4f66b5c84e2f08a855f87", 0x1000}, {&(0x7f00000001c0)="79e3d7f54fe603ea7f18da331b3a8fc27c177fd72d9cedf62898d33f7d8eb9fcd21a1a6be19b19c2b8bdc35c66d5e5aa96426b64a9299dbf698a48a633a1aa4290c20751fa45ead3d2daf4aff09e4c698cd108ddb6846dac5389264844bcc01c661c554281b8ddb961730545391c0df6f4db3fed5e55ae3087", 0x79}, {&(0x7f0000000240)="c6ff5ed1fc40ec50956cdacd9428f3c7715b6b360e0a9a7c29aa8f0ed6fba19a7ee9f5ec653d8822bf897895ce6becacc291444e451bf0deb536da780c4c0eace10d35de48b1cb032162441f174c54d8e154727fa0d5329e32892ecede9547db16c0ba2128c9dfaa38eda3d03c203db3ca69dcd0227f439611", 0x79}, {&(0x7f00000002c0)="d1e6b1e337f12eb96eb4182bd287745cd06d03f5438d8b0a8a2612b5f57b99b87908694b05f86434b055deee013a72967d17c95680619026e52c7b4594cfd228700c1ba5035d139ccb12f21d8610ff76711a9970b7a2c17ee1a7c883cb2d210cfb195818957571cbc9777a4fee905863cb37590d1e24f276ab48e99563e5a669ff03cd8962cac97a8fce16a28d2480cdfc930a8a6b305ff9f6b768e9d1f6f3881d60ee619376c46f2f3008f006316c588810e729123a7d92b2d2a490705708c4e42678d397", 0xc5}, {&(0x7f00000014c0)="44ab4c34981a5605b67b20f75234883657f3042928a57d22d362c353c7cf4b1cf26cb97315f6ae2fe180879b68615cd813e2d24219b20b172150e12d4b8719457763062bff8804eb8245aa6647aa44b7a8721c400dc21b8f4c498aab4c9064ce2f1c6847f6a8548a26e930204adfed48230fac29104f7e2f539c5c734d6991cf58407e05ef0c9bfc09e47257798d7c211070085d7a0bf2ef00f7792012a81b3b61b89d1769ce17a024d64c74532437ede2494fa7ebdb8781fc9f77d69bd820c490c5b4ca307da85f26c360345f477460bcfb32c0cc2ae4e95845393e2c1572efbbfe08622fbccac56211", 0xea}, {&(0x7f00000015c0)="dfe05040380dbe7574ddc0e2af582ce6d356e4ae071425484d106938ea6cb2f0a519b1c58498aa89464adebd9df4e6f6b0068576444399950273114bc62a34ae33065a268ce8e21da504852b831a05845d4ec1159b0491cb9147da820dfca3be8fd65e606842bc61d901103890f28b737d898c6974763ea252e132dba0226b00bf0f04a461bb9ad02577321f6ec546e10501151203b9e416b420bb4f904f26dd2a39b34f9bd6903700d26de2bbc8aa48a847ebd6289cdbe4ef67c35d04ecbcae9eb3a661746e9293028790a98e22516cb859e842c13851e25e720498c5f5f7372cff06f10b0b499903a5186b4169639172e34073af19b9d0cba15504f2b6f1", 0xff}, {&(0x7f00000016c0)="54978381d49051c8c5dfbb2aa55470aaa9c8ba87fc4ecdd7a8f73bbc7750d84a022c989d780befb7106d0573ce7cb91fa97fdc2625cf0a144771c727601655aafd3cde2e1590898b91723927bdab73a2368a2e7dee1389fe8d9513ac2d3f02f00093ba2c75e8d4552c00fbe194c67a7a1a0aad9cdad6b7deb78b588844c0fcb3e1806e9e9ee41f74b4959ef4ea3b4cdb01715dd5", 0x94}, {&(0x7f00000003c0)="5558b2a7092da83dde15f8e445d29722cb410b30bd9aaef66fb11756c6d5183bec54b28d2110548d60ef5ef369a99d007eb30ce7b0394d126de2c2c9bb643be88dae7ad9ae6d315a007cf7eeeb49a1618dc5a0f5384360c8fb57466f11fb553500affdde98e2f00e94f3b17c0c94c4c3bba24c7d12c89afc28f60c359beaa3", 0x7f}, {&(0x7f0000001780)="9c2c2f7eca8b5e8df3186173d8d54fd3476e115750709cdbc8e162cef5b34eddd3cd39d215f11adca5b29df250b3f46d8dab065376894566fb45415dd15a4feea28218279c8bc4e26f98edf263f04ae03cee3f920096e69e08a8df74c2f93e8d166cadd139e02c3f9ea358262121969c54803f7ff5c6812925c40733a15731bf7abfd3a31d42a6028d593ff377960480dccdac8e8bf6fff4b1fd761163dffc4d4f07d47c2a8455d01a591228af194c25e5a518948dde1ac964d4310bfb7f3259542f53b1f95c1611447e648c89b21bad1c3f208f723370137fb1d301fdc11cdc56ef1b156d9a7c4bf31cff48fc", 0xed}], 0xa, &(0x7f0000001940), 0x0, 0x8000}, {&(0x7f0000001980)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000001ac0)=[{&(0x7f0000001a00)="4da28a6a7bc72fed2a389b7bbe7e9c372374a04f2b6944d24adae7993d6549844f778de6d32afcd19bccb91f3c31cb45f8328e8bbe6c6ebef208f85f439de6410adddde97c19d1af99202eaacd286c9747358c9df7953cc03a99411cf866906b4a981336a520ea", 0x67}, {&(0x7f0000001a80)="ac93893b2a8b598aac", 0x9}], 0x2, &(0x7f0000001e00)=[@cred={0x20, 0x1, 0x2, r2, r3, r4}, @rights={0x20, 0x1, 0x1, [r0, r0, r0, r0]}, @rights={0x20, 0x1, 0x1, [r0, r0, r0]}, @cred={0x20, 0x1, 0x2, r5, r6, r7}, @rights={0x38, 0x1, 0x1, [r0, r0, r0, r0, r0, r0, r0, r0, r0]}], 0xb8, 0x20000810}, {&(0x7f0000001ec0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002380)=[{&(0x7f0000001f40)="f7c5836b24c903270d148aca0cdd4b93a1baf21884e87b556f8bd6dd6eeb27575d84f6f5f102df9300577387d3d42f655326e003177ad8b375292bb0f738a06b8f3b740aa55f0f7adcd180c61180a7bdfdf7ce7f32d14ac998b81f21d9d9ece30a985331317a9455", 0x68}, {&(0x7f0000001fc0)="37e26a00ea128567bc79a186", 0xc}, {&(0x7f0000002000)="4bf2f8f6d528a4ff6a6d120f0ee1af2d50b601072560f49973169eb158dc7acd5c501ca5362f5fb9b81adb25a3f5b36acf56df1b06bf0349b1aaf20c1b8b2711c9180adaa2e7ca1efdab43c7566089d31bfa827619ff3b8e52355824472169f602d57b23e43e03d6dd5509762a2558bdeddfa0126ae45e3f36156d5d2fae87cceb37d1a4d7ebe1ad0dc68c105fe89b01b4f8becc45fb666dd7e74a2016522fe190b54f62ae65ecb3e2a231d00e60fa882063bb88b48b2c8f90f274245c34c253086ce4eae574e3b8b269b63327f5f295b99ee4674b1f1c633c72", 0xda}, {&(0x7f0000002100)="656af8e7ee608ecb9adafc40caa6d5b4b58f209aaa59d34407306289d65db8933b8eb133738485f46b65dab554e7b23c017bda7783156c9624540e43", 0x3c}, {&(0x7f0000002140)="f6a71e1576d40678950c331e9545b16a6b7719ab98a1494e33c1eecb27770ce41e033850501061bdf8ef3c1c1a6044123ac6584f7d615f40673fde5f5bbde6dd087259ef6386451a8a50a45c79b5af61d0daaba4218d2e06cf0104ccfe0e8b727e8ea03913c27f64d0733838d7f34255012851034b02f74ad608f62a008a3cb0abf27195ee4573b55ff4d9d8ccbda0561d5f83ca7c875aeec22c1c209cc33002a98ccfe461b1a47a23eb8d9fa5bc62a8ec557cdce206414171538e32aebe48c2017c1b605d87ef2ed042e5a0ce603bcfe94979f5c2f3ccac216c54cd14c5b3222b244065fe0895812ba28c27", 0xec}, {&(0x7f0000002240)="3d4b939202390747b4ea489145decdcec065b12ba78a6ebbb5d7265fc919e89cc767d3799fdb8854ad359204029dc817fc33033038cd727b35313e5a41fc59f2a03995754587337a61a70b75a3d99401cace96a0a441755735690c3e49cc6dccf5beb7a0aaa6648e6a7b7ee918721767073e4aa807f53d3364352fbbbde6d9342f6731f86f90f3de8523d3bdeae2c9ff5ee029391b1c56dc9a32a027f4d64451921035c58d8f70bc8cb49b822b0d24e2e778865685a0f8aa3f2dc503fa76a6395b27014abcc302c30f5f822bc3b41219925773216814b3aa18", 0xd9}, {&(0x7f0000002340)="9b", 0x1}], 0x7, &(0x7f0000002600)=[@cred={0x20, 0x1, 0x2, r8, r9, r10}], 0x20, 0x20008014}], 0x3, 0x4) r11 = dup2(r0, r0) clone(0xa40000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$audio(0xffffffffffffff9c, &(0x7f0000001940)='/dev/audio\x00', 0x400000, 0x0) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r11, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) ioctl$VIDIOC_SUBDEV_S_CROP(r11, 0xc038563c, &(0x7f0000000040)={0x1, 0x0, {0x0, 0x1, 0x8, 0xffffffffffffda25}}) 04:17:11 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x800000000000000}, 0x0) 04:17:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006000a007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2368.520113] binder: 12935:12937 unknown command 1080124160 [ 2368.520924] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2368.548476] binder: 12935:12937 ioctl c0306201 20000440 returned -22 04:17:11 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000040)) [ 2368.587337] binder_alloc: binder_alloc_mmap_handler: 12935 20001000-20004000 already mapped failed -16 [ 2368.607489] binder: BINDER_SET_CONTEXT_MGR already set [ 2368.616787] binder: 12935:12943 unknown command 1080124160 [ 2368.622587] binder: 12935:12937 ioctl 40046207 0 returned -16 [ 2368.628820] binder: 12935:12943 ioctl c0306201 20000440 returned -22 04:17:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006000e007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00636340000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:11 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000082060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:12 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x3, 0x3, &(0x7f000045c000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x4c}}, &(0x7f0000281ffc)='G\xffL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0xffffff7f00000000, 0xe, 0x0, &(0x7f00000000c0)="3b1163cd78b89e1ba101df682bb0", 0x0}, 0x28) r1 = socket$kcm(0xa, 0x100000002, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x6, 0x2}, 0x14) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000000)) 04:17:12 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000040)) r1 = dup2(r0, r0) msgrcv(0x0, 0x0, 0xffffff38, 0x3, 0x4) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000"], 0x8, 0x0) 04:17:12 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xa00000000000000}, 0x0) [ 2368.854334] binder: 12962:12963 unknown command 1080255232 [ 2368.907761] binder: 12962:12963 ioctl c0306201 20000440 returned -22 04:17:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006000f007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2368.953291] binder_alloc: binder_alloc_mmap_handler: 12962 20001000-20004000 already mapped failed -16 04:17:12 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000083060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2368.997607] binder: BINDER_SET_CONTEXT_MGR already set 04:17:12 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xe00000000000000}, 0x0) 04:17:12 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c000000350029080000000000000000020000001800000014000100009f5150745ac442d43374988416c577797aaeab504697b09a92f97b48affb7355d3b0f7122ef8c0c0910b27aab7749c8d7d4d81984c7a7227dd85ba21d1f47c702435945c828fe2ac37a4d0e1a72603602aabd79bff473bb712821bf1820b36"], 0x1}}, 0x0) [ 2369.038007] binder: 12962:12963 ioctl 40046207 0 returned -16 04:17:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634061000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2369.218948] binder: 12989:12992 unknown command 1631609600 [ 2369.241151] binder: 12989:12992 ioctl c0306201 20000440 returned -22 04:17:12 executing program 5: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mounts\x00') pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x10000014c) perf_event_open(&(0x7f000001d000)={0x1, 0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndtimer(&(0x7f0000000240)='/dev/snd/timer\x00', 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x9000000}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 2369.263950] binder_alloc: binder_alloc_mmap_handler: 12989 20001000-20004000 already mapped failed -16 04:17:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634063000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2369.291381] binder: BINDER_SET_CONTEXT_MGR already set [ 2369.298672] binder: 12989:12992 ioctl 40046207 0 returned -16 [ 2369.306060] binder: 12989:12993 unknown command 1631609600 [ 2369.312010] binder: 12989:12993 ioctl c0306201 20000440 returned -22 [ 2369.397580] binder: 12997:12999 unknown command 1665164032 [ 2369.431528] binder: 12997:12999 ioctl c0306201 20000440 returned -22 [ 2369.483614] binder: BINDER_SET_CONTEXT_MGR already set [ 2369.500197] binder: 12997:13001 unknown command 1665164032 [ 2369.513226] binder: 12997:12999 ioctl 40046207 0 returned -16 [ 2369.530345] binder: 12997:13001 ioctl c0306201 20000440 returned -22 04:17:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060010007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:12 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000084060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:12 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xf00000000000000}, 0x0) 04:17:13 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000085060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340c4040020000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:13 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060048007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:13 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x1000000000000000}, 0x0) 04:17:13 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000040)={0x2, 0x70, 0x2, 0x0, 0x194520b1, 0x5, 0x0, 0x401, 0x38000, 0x4, 0x1, 0x6, 0x2, 0x0, 0x0, 0x3, 0x0, 0x10001, 0x8, 0x0, 0x7, 0x9, 0x3, 0x4, 0x55c4, 0x640, 0x5, 0x7, 0x1f, 0x95, 0x5, 0x6, 0x0, 0x1, 0x7fff, 0x3, 0x2, 0x8, 0x0, 0x3, 0x5, @perf_config_ext={0x1, 0x80000000}, 0x2000, 0x3, 0x3f, 0x8, 0x5, 0xff, 0x66}) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) pread64(r0, &(0x7f00000000c0)=""/25, 0x19, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:17:13 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000086060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2370.088222] binder: 13021:13023 unknown command -1002413312 [ 2370.117453] binder: 13021:13023 ioctl c0306201 20000440 returned -22 04:17:13 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x2000000000000000}, 0x0) [ 2370.139005] binder: BINDER_SET_CONTEXT_MGR already set [ 2370.139784] binder: 13021:13027 unknown command -1002413312 [ 2370.236132] binder: 13021:13026 ioctl 40046207 0 returned -16 04:17:13 executing program 5: mknod(&(0x7f0000000180)='./file0\x00', 0x8006, 0x16e8) r0 = syz_open_pts(0xffffffffffffffff, 0x0) fcntl$lock(r0, 0x400000009, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x101000000}) flock(r0, 0x3) r1 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x80000000000002, 0x10, r1, 0x0) msgrcv(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="64869c37be72e4fddd7e0ae16087dcf944e3bd1a2db8fa8e584174f9f041d50a1a610268e1c239953aa7dc622e785b1102b8c29e682ef39f2d2c0f84a9e894837d57d983596d74c1289098b9552b33a9e61cbe8fe953baf566518ceaa2c684bd2f4ff174569d6c7a15acb7d22ac7217832235a33f0031663448662d6544c456ef653eb7e609753240371707ce958005241b7d46a667c322c62b2f2728cbd10f6772a0922effb4cd1687d4d7c320adcedac10c5c605efdf79e04f1517b63496ce759d1a8372c3eff9846b38f609000000959cfea1fd5780d4ff289928cfa2950430917852e1783d8886bea5b73abbc67e68ed09900b17616b76669d2ecd4acf49adad315ae4763edc702aa377c3d5875e6e445ea028acf0d4fac6a1130034a2d3fae38d8707c7feca6fc17d4ffdfc22540a57ad34edb60bc725267589c73c268eac769d6ec66ffc5f85ac3570ecc4a97945e840c606c7be741e59fd3dc27751380b22ebd39b0fe468d15a"], 0x1, 0x0, 0x0) 04:17:13 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006004c007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2370.281085] binder: 13021:13027 ioctl c0306201 20000440 returned -22 [ 2370.291409] validate_nla: 30 callbacks suppressed [ 2370.291457] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:17:13 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000087060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2370.368398] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:17:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040020000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:13 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x3f00000000000000}, 0x0) [ 2370.412658] __nla_parse: 5 callbacks suppressed [ 2370.412669] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2370.461463] IPVS: ftp: loaded support on port[0] = 21 [ 2370.487907] binder: 13044:13047 got transaction to invalid handle [ 2370.502377] binder: 13044:13047 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2370.513331] binder_alloc_mmap_handler: 2 callbacks suppressed [ 2370.513346] binder_alloc: binder_alloc_mmap_handler: 13044 20001000-20004000 already mapped failed -16 04:17:13 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060060007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2370.531818] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2370.542371] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2370.552376] binder: BINDER_SET_CONTEXT_MGR already set [ 2370.558752] binder: 13044:13047 ioctl 40046207 0 returned -16 [ 2370.565966] binder: 13044:13049 got transaction to invalid handle [ 2370.572276] binder: 13044:13049 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2370.581403] binder: undelivered TRANSACTION_ERROR: 29201 04:17:13 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000088060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2370.610637] binder: undelivered TRANSACTION_ERROR: 29201 [ 2370.693220] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2370.733549] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2370.809845] chnl_net:caif_netlink_parms(): no params data found [ 2370.906418] bridge0: port 1(bridge_slave_0) entered blocking state [ 2370.912853] bridge0: port 1(bridge_slave_0) entered disabled state [ 2370.920360] device bridge_slave_0 entered promiscuous mode [ 2370.928839] bridge0: port 2(bridge_slave_1) entered blocking state [ 2370.935341] bridge0: port 2(bridge_slave_1) entered disabled state [ 2370.942299] device bridge_slave_1 entered promiscuous mode [ 2370.950672] device bridge_slave_1 left promiscuous mode [ 2370.956462] bridge0: port 2(bridge_slave_1) entered disabled state [ 2370.996416] device bridge_slave_0 left promiscuous mode [ 2371.002030] bridge0: port 1(bridge_slave_0) entered disabled state [ 2371.140897] device hsr_slave_1 left promiscuous mode [ 2371.188968] device hsr_slave_0 left promiscuous mode [ 2371.228805] team0 (unregistering): Port device team_slave_1 removed [ 2371.244244] team0 (unregistering): Port device team_slave_0 removed [ 2371.255580] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 2371.312030] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 2371.374982] bond0 (unregistering): Released all slaves [ 2371.502315] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2371.511619] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2371.531462] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2371.538978] team0: Port device team_slave_0 added [ 2371.544406] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2371.551761] team0: Port device team_slave_1 added [ 2371.557277] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 2371.564497] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 2371.617226] device hsr_slave_0 entered promiscuous mode [ 2371.675541] device hsr_slave_1 entered promiscuous mode [ 2371.726041] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 2371.733081] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 2371.751594] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 2371.790848] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 2371.797442] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2371.805629] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2371.813545] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 2371.820976] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2371.840151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2371.847320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2371.858285] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 2371.864353] 8021q: adding VLAN 0 to HW filter on device team0 [ 2371.873585] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 2371.925755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2371.933661] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2371.941825] bridge0: port 1(bridge_slave_0) entered blocking state [ 2371.948213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2371.956536] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 2371.968685] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 2371.975925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2371.984007] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2371.995306] bridge0: port 2(bridge_slave_1) entered blocking state [ 2372.001653] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2372.015704] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 2372.036540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2372.045010] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2372.072245] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2372.082859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2372.113059] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2372.123491] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2372.141260] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 2372.152081] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2372.180883] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 2372.201766] 8021q: adding VLAN 0 to HW filter on device batadv0 04:17:15 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040)={0x8, 0x3, 0x400, 0x6, 0x10, 0x1f, 0x9, 0x3f, 0x8000, 0xde0, 0x400, 0x8}) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000080)={{0x6, 0x80}, {0x2, 0x6}, 0x55, 0x1, 0xfffffffffffffff7}) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:17:15 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x4000000000000000}, 0x0) 04:17:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040030000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060068007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:15 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000089060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:15 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f023c123f3188a070") r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000000), 0x1c) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0x800000000000000a, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@ipv4, 0x0, 0x2b}}}, 0xe8) sendmmsg(r2, &(0x7f0000005fc0), 0x40000000000018f, 0x0) [ 2372.420741] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2372.426183] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2372.451977] binder: 13077:13084 got transaction to invalid handle [ 2372.455347] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:17:15 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600008a060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2372.478418] binder: 13077:13084 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2372.493826] binder_alloc: binder_alloc_mmap_handler: 13077 20001000-20004000 already mapped failed -16 [ 2372.510801] binder: BINDER_SET_CONTEXT_MGR already set [ 2372.518287] binder: 13077:13084 ioctl 40046207 0 returned -16 04:17:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006006c007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2372.568667] binder: undelivered TRANSACTION_ERROR: 29201 04:17:15 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x4800000000000000}, 0x0) 04:17:15 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000080)={@local, r2}, 0x14) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:17:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040040000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:15 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00007a8000)={&(0x7f0000000180)={0x14, 0x1, 0xb0302ae1f9c92e07, 0xffffffffffffffff}, 0x14}}, 0x0) [ 2372.707288] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:16 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600008b060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2372.789427] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2372.799211] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2372.810747] binder: 13099:13105 got transaction to invalid handle 04:17:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060074007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2372.895282] binder: 13099:13105 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:16 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:17:16 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x4c00000000000000}, 0x0) [ 2372.950768] binder_alloc: binder_alloc_mmap_handler: 13099 20001000-20004000 already mapped failed -16 [ 2372.963044] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2372.992392] binder: BINDER_SET_CONTEXT_MGR already set 04:17:16 executing program 5: [ 2373.015271] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2373.048891] binder: 13099:13105 ioctl 40046207 0 returned -16 04:17:16 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600008c060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:16 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000040)={0x8, 0x4, 0x100000001, 0x5, 0x0}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000000c0)={r2, 0x3, 0xffffffffffffffff}, &(0x7f0000000100)=0x8) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) [ 2373.074719] binder: 13099:13120 got transaction to invalid handle [ 2373.105610] binder: 13099:13120 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006007a007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2373.169558] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:17:16 executing program 5: [ 2373.218537] binder: undelivered TRANSACTION_ERROR: 29201 [ 2373.220714] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2373.235199] binder: undelivered TRANSACTION_ERROR: 29201 04:17:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040050000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:16 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x6000000000000000}, 0x0) 04:17:16 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fsync(r0) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) r2 = msgget$private(0x0, 0x1) msgsnd(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffffffffef9d53f2dc65c3b5c994e6a2c5fc27086b0009389ca22ee970b7a20358f8bd370337dd376a5be9e2ae9e56c21814fc7a93637609e5b5f4a22146c07e7ee540d279fa7a74eafae4b11f46647f514eac6fbf2fd29e1535"], 0xfffffffffffffd3c, 0x10000000) 04:17:16 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600008d060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:16 executing program 5: 04:17:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600f0007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2373.504147] binder: 13142:13149 got transaction to invalid handle 04:17:16 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000001df3acd45f42ae5a58a4df246a9a9064216b2bb8bd02353de95717ccc3a7f07983bcad41105a8b814120cbcb1169d1cc66d489bd97671935df46a70fd9270ed30a50803f529db586606fae32a87cece53a7df78e117769"], 0x8, 0x0) 04:17:16 executing program 5: [ 2373.556755] binder: 13142:13149 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2373.570081] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:16 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x6800000000000000}, 0x0) [ 2373.627149] binder_alloc: binder_alloc_mmap_handler: 13142 20001000-20004000 already mapped failed -16 04:17:16 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000037d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2373.706175] binder: BINDER_SET_CONTEXT_MGR already set 04:17:16 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600008e060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:16 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) recvmmsg(r0, &(0x7f0000008040)=[{{&(0x7f0000000080)=@x25, 0x80, &(0x7f0000000300)=[{&(0x7f0000000100)=""/97, 0x61}, {&(0x7f0000000180)=""/249, 0xf9}, {&(0x7f0000000280)=""/107, 0x6b}], 0x3, &(0x7f0000000340)=""/135, 0x87}, 0x5}, {{&(0x7f00000004c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000540)=""/4096, 0x1000}, {&(0x7f0000001540)=""/250, 0xfa}, {&(0x7f0000001640)=""/187, 0xbb}, {&(0x7f0000001700)=""/109, 0x6d}, {&(0x7f0000000400)=""/50, 0x32}, {&(0x7f0000001780)=""/246, 0xf6}], 0x6, &(0x7f0000001900)=""/168, 0xa8}, 0x2}, {{&(0x7f00000019c0)=@hci={0x1f, 0x0}, 0x80, &(0x7f0000003180)=[{&(0x7f0000001a40)=""/234, 0xea}, {&(0x7f0000001b40)=""/228, 0xe4}, {&(0x7f0000001c40)=""/196, 0xc4}, {&(0x7f0000001d40)=""/77, 0x4d}, {&(0x7f0000001dc0)=""/107, 0x6b}, {&(0x7f0000001e40)=""/168, 0xa8}, {&(0x7f0000001f00)=""/113, 0x71}, {&(0x7f0000001f80)=""/198, 0xc6}, {&(0x7f0000002080)=""/4096, 0x1000}, {&(0x7f0000003080)=""/214, 0xd6}], 0xa}, 0x7ff}, {{&(0x7f0000003240)=@generic, 0x80, &(0x7f0000003540)=[{&(0x7f00000032c0)=""/216, 0xd8}, {&(0x7f00000033c0)=""/158, 0x9e}, {&(0x7f0000003480)=""/158, 0x9e}], 0x3, &(0x7f0000003580)=""/4096, 0x1000}, 0x6}, {{&(0x7f0000004580)=@rc, 0x80, &(0x7f0000004b80)=[{&(0x7f0000004600)=""/175, 0xaf}, {&(0x7f00000046c0)=""/242, 0xf2}, {&(0x7f00000047c0)=""/95, 0x5f}, {&(0x7f0000004840)=""/255, 0xff}, {&(0x7f0000004940)=""/191, 0xbf}, {&(0x7f0000004a00)=""/75, 0x4b}, {&(0x7f0000004a80)=""/121, 0x79}, {&(0x7f0000004b00)=""/116, 0x74}], 0x8, &(0x7f0000004c00)=""/91, 0x5b}, 0x91}, {{&(0x7f0000004c80)=@generic, 0x80, &(0x7f00000050c0)=[{&(0x7f0000004d00)=""/220, 0xdc}, {&(0x7f0000004e00)=""/237, 0xed}, {&(0x7f0000004f00)=""/196, 0xc4}, {&(0x7f0000005000)=""/113, 0x71}, {&(0x7f0000005080)=""/22, 0x16}], 0x5, &(0x7f0000005140)=""/4096, 0x1000}, 0x1}, {{&(0x7f0000006140)=@pppoe, 0x80, &(0x7f00000062c0)=[{&(0x7f00000061c0)=""/209, 0xd1}], 0x1, &(0x7f0000006300)=""/230, 0xe6}, 0xfffffffffffffff9}, {{0x0, 0x0, &(0x7f0000006980)=[{&(0x7f0000006400)=""/217, 0xd9}, {&(0x7f0000006500)=""/64, 0x40}, {&(0x7f0000006540)=""/47, 0x2f}, {&(0x7f0000006580)=""/155, 0x9b}, {&(0x7f0000006640)=""/59, 0x3b}, {&(0x7f0000006680)=""/9, 0x9}, {&(0x7f00000066c0)=""/237, 0xed}, {&(0x7f00000067c0)=""/136, 0x88}, {&(0x7f0000006880)=""/247, 0xf7}], 0x9}, 0x636}, {{&(0x7f0000006a40)=@ax25={{0x3, @default}, [@bcast, @null, @null, @rose, @bcast, @rose, @netrom, @null]}, 0x80, &(0x7f0000007f40)=[{&(0x7f0000006ac0)=""/160, 0xa0}, {&(0x7f0000006b80)=""/29, 0x1d}, {&(0x7f0000006bc0)=""/232, 0xe8}, {&(0x7f0000006cc0)=""/42, 0x2a}, {&(0x7f0000006d00)=""/190, 0xbe}, {&(0x7f0000006dc0)=""/165, 0xa5}, {&(0x7f0000006e80)=""/4096, 0x1000}, {&(0x7f0000007e80)=""/179, 0xb3}], 0x8, &(0x7f0000007fc0)=""/94, 0x5e}, 0x5}], 0x9, 0x40002000, &(0x7f0000008280)={0x0, 0x989680}) getresuid(&(0x7f0000000440), &(0x7f0000008440), &(0x7f0000008480)) sendmsg$nl_route_sched(r0, &(0x7f0000008340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000008300)={&(0x7f00000082c0)=ANY=[@ANYBLOB="34000400c7dafce1000000615f0000", @ANYRES32=r2, @ANYBLOB="05000000fefff7ff0800f3ff08000500ff0200000800050005020000"], 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x1) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) ioctl$GIO_UNIMAP(r0, 0x4b66, &(0x7f0000008500)={0x122, &(0x7f0000008540)=[{}, {}]}) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f00000083c0)={0x1, &(0x7f0000008380)=[{0x0, 0x0, 0x0, @link_local}]}) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000008400)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) [ 2373.731082] binder: 13142:13149 ioctl 40046207 0 returned -16 [ 2373.769365] binder: 13142:13170 got transaction to invalid handle [ 2373.822793] binder: undelivered TRANSACTION_ERROR: 29201 [ 2373.833346] binder: 13142:13170 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2373.862151] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2373.896267] binder: undelivered TRANSACTION_ERROR: 29201 04:17:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040060000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:17 executing program 5: 04:17:17 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x6c00000000000000}, 0x0) 04:17:17 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x200c0, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0xc00, 0x70bd29, 0x25dfdbfb, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8040) r3 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\a\b'], 0x8, 0x0) 04:17:17 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600008f060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:17 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000057d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:17 executing program 5: 04:17:17 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x7400000000000000}, 0x0) [ 2374.135871] binder: 13192:13199 got transaction to invalid handle [ 2374.154341] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2374.163193] binder: 13192:13199 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:17 executing program 5: 04:17:17 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) ioctl$VHOST_GET_VRING_BASE(r1, 0xc008af12, &(0x7f0000000000)) msgsnd(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000000009977b7df60cceaa98f64622a73e474ae86e91f92ea7a73bffdeb29baebfe4ff21b64593ac47abc0"], 0x8, 0x0) [ 2374.217251] binder_alloc: binder_alloc_mmap_handler: 13192 20001000-20004000 already mapped failed -16 [ 2374.244609] binder: BINDER_SET_CONTEXT_MGR already set [ 2374.255218] binder: 13192:13206 got transaction to invalid handle 04:17:17 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000090060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2374.279555] binder: 13192:13199 ioctl 40046207 0 returned -16 04:17:17 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000067d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2374.327793] binder: undelivered TRANSACTION_ERROR: 29201 [ 2374.390196] binder: 13192:13206 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2374.491675] binder: undelivered TRANSACTION_ERROR: 29201 04:17:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040070000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:17 executing program 5: 04:17:17 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x7a00000000000000}, 0x0) 04:17:17 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = msgget$private(0x0, 0x80) msgrcv(r2, 0x0, 0x0, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:17:17 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000091060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:17 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000077d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:17 executing program 5: 04:17:17 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000092060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:17 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x9effffff00000000}, 0x0) [ 2374.716129] binder: 13237:13241 got transaction to invalid handle [ 2374.739704] binder: 13237:13241 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:17 executing program 5: [ 2374.796113] binder_alloc: binder_alloc_mmap_handler: 13237 20001000-20004000 already mapped failed -16 04:17:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600000a7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2374.840355] binder: BINDER_SET_CONTEXT_MGR already set [ 2374.864629] binder: 13237:13241 ioctl 40046207 0 returned -16 04:17:18 executing program 5: [ 2374.990003] binder: undelivered TRANSACTION_ERROR: 29201 04:17:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340400a0000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:18 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000093060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:18 executing program 5: [ 2375.256277] binder_alloc: binder_alloc_mmap_handler: 13266 20001000-20004000 already mapped failed -16 [ 2375.301305] binder: BINDER_SET_CONTEXT_MGR already set [ 2375.311837] binder: 13266:13268 ioctl 40046207 0 returned -16 04:17:18 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000040)={0xfe, {{0xa, 0x4e23, 0x2, @mcast1, 0x3}}, 0x0, 0x4, [{{0xa, 0x4e23, 0x8, @loopback}}, {{0xa, 0x4e21, 0x8000, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x6}}, {{0xa, 0x4e24, 0x80, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0xd7ab}}, {{0xa, 0x4e20, 0x95a9, @mcast1, 0x3}}]}, 0x290) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:17:18 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xaf20000000000000}, 0x0) 04:17:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600a60b7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:18 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000094060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:18 executing program 5: r0 = eventfd2(0x0, 0x0) readv(r0, &(0x7f00000004c0)=[{&(0x7f0000000140)=""/42, 0x2a}], 0x20000000000001f3) io_setup(0x800000020, &(0x7f0000000040)=0x0) r2 = creat(&(0x7f00001c0000)='./file0\x00', 0x0) io_submit(r1, 0x1, &(0x7f0000000100)=[&(0x7f0000928fc0)={0x0, 0x0, 0x0, 0x1, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x1, r0}]) 04:17:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040120000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2375.528626] validate_nla: 15 callbacks suppressed [ 2375.528636] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2375.550268] __nla_parse: 6 callbacks suppressed [ 2375.550279] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2375.551426] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:17:18 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000095060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2375.575198] binder_transaction: 3 callbacks suppressed [ 2375.575207] binder: 13279:13286 got transaction to invalid handle [ 2375.601881] binder_transaction: 3 callbacks suppressed [ 2375.601900] binder: 13279:13286 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:18 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000003c8604d3ec8f0e1f2b388267c20b72429794c5ca2145289c4cfafc82e46fc3b8ff2d1103555b905c68d2186ccfb6c11e2dc24a79fad65701dbf2113b6c14f1626cec270eef5698f8e2"], 0x8, 0x0) r2 = msgget$private(0x0, 0x1) msgsnd(r2, &(0x7f00000002c0)={0x0, "5bfaeb8d69082a5ffdffd75f02750ae3791212a13039fde68ac96eaea656a5a0bd4436b2e4223f089d3f8817cdd3ebc4b0ed3a6cb7ad50bda276cee6913632ea229a1878292b8b1636a7b1973c6f2a8cbc275d085d1f08fae9578c31efc825e2ac70cb00201e19e6bb8978703bc68ee4fdd0f526651baa8a063cf7351a1989eac43f1d4b265e0eabdf18c32efe9b82e2f789efeba6d7d8013cb09b7986ad4f7ed1765d3f0cfdca0dceec2256b0bd9fa2fd074c6ca5ab82a940840abb2e5dc413f3dfbd13ee2f78"}, 0xcf, 0x800) timer_create(0x1, &(0x7f0000000180)={0x0, 0xfffffffffffffffe, 0x5, @thr={&(0x7f0000000040)="6ae61eaf6ffe535f3abad6b1210447639bd59a46cda935c5d9895dd067af5526913c564598d3f7e82ce9647ea02fb01bd63f4329178b10c7be1de104350ec6e6832b26cdc0855dfb056dc17cfbff6213dcc148c52f86349fa20b1320fe15d33a55512dfbf4d2bd4ce63a21a32a2aae649c5683f6aca35581b699d45a9968b46ff742e96f60513fdb59a3e32a9724fc288aebb6bd0822adcc407afb4b6a1b7dc1f512377b727ec8e60d316eacabb803063abe6c71856664c285ba088f32c5a769f8f5d15f326a5013d4b1", &(0x7f0000000140)="9728f24785f6dd66068a7eefb6e5c9219f7af829c54b7762262836228dad4a5dbfcf9912bb2158308e961325"}}, &(0x7f0000000200)=0x0) timer_getoverrun(r3) [ 2375.649649] binder_alloc: binder_alloc_mmap_handler: 13279 20001000-20004000 already mapped failed -16 [ 2375.673177] binder: BINDER_SET_CONTEXT_MGR already set 04:17:18 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xf0ffffff00000000}, 0x0) 04:17:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600000e7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:18 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000740)='/dev/fuse\x00', 0x2, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000780)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) llistxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/58, 0x3a) 04:17:18 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x203, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) getsockopt$inet6_dccp_buf(r1, 0x21, 0xcf, &(0x7f0000000000)=""/57, &(0x7f0000000080)=0x39) msgsnd(0x0, &(0x7f0000000040)={0x1, "f051a9ba1d3fd7e0e5d74a2feab23efa8e843d149a56f0006e5ce849302f426d901a09f6cec1d21b9a9f7bc4242612c26167"}, 0x3a, 0x0) [ 2375.702601] binder: 13279:13286 ioctl 40046207 0 returned -16 [ 2375.725494] binder_release_work: 3 callbacks suppressed [ 2375.725502] binder: undelivered TRANSACTION_ERROR: 29201 [ 2375.738156] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040480000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:19 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000096060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2375.893844] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2375.923845] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:17:19 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xffffff7f00000000}, 0x0) [ 2375.965995] binder: 13311:13313 got transaction to invalid handle [ 2375.992278] binder: 13311:13313 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2376.055002] binder_alloc: binder_alloc_mmap_handler: 13311 20001000-20004000 already mapped failed -16 [ 2376.090081] binder: BINDER_SET_CONTEXT_MGR already set [ 2376.091314] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:19 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600000f7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2376.096197] binder: 13311:13313 ioctl 40046207 0 returned -16 04:17:19 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000097060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:19 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x22, 0x400) socket$inet6_dccp(0xa, 0x6, 0x0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgget(0x1, 0x280) r2 = msgget(0x0, 0x44) msgrcv(r2, 0x0, 0x1ad, 0x2, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="b5e7f1e8d377b598e151f4ff31c9954d83195369bcfdffffff44afe176bade101ec9c35103875b1b18300d3cc96627cbf71855f0abf58046c43468c723f2ad27a15c288c8d9ea3c474a7050000007840ec039a8aeaed102c0725a7c18d8aab932c1b697c80000100006b7f382619759b7c71eeb572a3191e564e12f1f53de840e91306ce0694b644e9a36b15c9fa4e9318e2112d7881921d590bb8e36cb108a703cd204d87162095dd5f280bea6a9ed29250aec54e2a8d101a52010433006c855cecd3735c760d15b8cd85dde0a1ef42ab055584c8c2e6c200c738a57416111aeca5692bdf4ebedb2936f05e33beef9ef5bdc260aa869764af17ca80e780f52429a34f98f63851e30a3ec54907aa48c4fe5c70fe56392d91d467fbe309000000000000000000000000000000"], 0x8, 0x0) [ 2376.139052] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2376.145057] binder: undelivered TRANSACTION_ERROR: 29201 04:17:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340404c0000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2376.208071] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:17:19 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xffffffff00000000}, 0x0) 04:17:19 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000207d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2376.322910] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2376.378220] binder: 13334:13338 got transaction to invalid handle [ 2376.395287] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2376.410333] binder: 13334:13338 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:19 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000098060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2376.438514] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2376.439298] binder_alloc: binder_alloc_mmap_handler: 13334 20001000-20004000 already mapped failed -16 [ 2376.463256] binder: BINDER_SET_CONTEXT_MGR already set [ 2376.494997] binder: 13334:13338 ioctl 40046207 0 returned -16 [ 2376.512900] binder: 13334:13344 got transaction to invalid handle [ 2376.524735] binder: undelivered TRANSACTION_ERROR: 29201 [ 2376.537340] binder: 13334:13344 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2376.570632] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2376.573704] binder: undelivered TRANSACTION_ERROR: 29201 04:17:19 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'aead\x00', 0x0, 0x0, 'morus640-generic\x00'}, 0x58) accept4$alg(r0, 0x0, 0x0, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'echainiv(aegis128l)\x00'}, 0x58) 04:17:19 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0xfffffffffffff000}, 0x0) 04:17:19 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600003f7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040600000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:19 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000099060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2376.737770] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2376.748080] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2376.757035] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2376.768253] binder: 13358:13363 got transaction to invalid handle [ 2376.781266] binder: 13358:13363 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2376.793617] binder_alloc: binder_alloc_mmap_handler: 13358 20001000-20004000 already mapped failed -16 [ 2376.809973] binder: BINDER_SET_CONTEXT_MGR already set [ 2376.817326] binder: 13358:13363 ioctl 40046207 0 returned -16 [ 2376.823339] binder: 13358:13367 got transaction to invalid handle 04:17:20 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040680000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2376.833979] binder: 13358:13367 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2376.845076] binder: undelivered TRANSACTION_ERROR: 29201 [ 2376.856038] binder: undelivered TRANSACTION_ERROR: 29201 [ 2377.028520] binder: 13379:13384 got transaction to invalid handle [ 2377.041715] binder: 13379:13384 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2377.053321] binder_alloc: binder_alloc_mmap_handler: 13379 20001000-20004000 already mapped failed -16 [ 2377.063210] binder: BINDER_SET_CONTEXT_MGR already set [ 2377.069008] binder: 13379:13384 ioctl 40046207 0 returned -16 04:17:20 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) r2 = msgget(0x3, 0x4) msgsnd(r2, &(0x7f0000000040)={0x2, "7b44d45e120c0b5b9427483645c7d99eab2708906002e021d0a569c537ab"}, 0x26, 0x800) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:17:20 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600009a060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:20 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000407d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:20 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='status\x00B#g9\xc1m\x17\xf9\r\xc2#\"\xc9O\x135 x^\x91\xea\x85\xae\x10|\xc3\x81\x98\x19\xc2cT\v\x1d\xe1\xba \x1em\xe4\xb7ZP\x11P\x91\xee\xd50\xaaH.6YF\x01\xce\xb5\xd1i\xc5\xba\xf4\x1b5\xd8\xa5\xa0\x9a\x82If\x13\xd8`#\x86[W\xef&\x9f\x90\xd3\x04\x96\x9fh}\xf5;a\x1b@\xa4B\x91\xb5\xa8\x82 \x8f\xbb\x83^T\xa4\x13\x10\xa3\xb4\x81\xd5\xbd\xbb\t\x81t)\t\xa6;|\xd1\xa1\x8d@^[\x01\x1b\xfb\xe5\xa4\xd5\xbf)\x94G\xe4\xc0\xddKc\xa3g!\x1c\x00x#\x8bP\x9daA\x00\xd3:U\x84\xaa;<\xb9\xb9\x9en_\x84q\x92\x94\xd4\x1b\'\x11|G\xfbO++\xe4u\xeb%\xd5\x01\x00\x00\x00\xcf\x84\"\xca\xdeW\f\b{\x03\xf6\xb1\x81\x8b\xc9pw\xdb#') fsetxattr$security_evm(0xffffffffffffffff, 0x0, &(0x7f00000003c0)=@v2={0x0, 0x0, 0x0, 0x0, 0x2fd, "c7601660814d819bf9244c32d51f424a90455f3505e309e486aa0aa97f40c5cdf84972ec8fcfb85d976cc2be9de0c1c9c2965b8a2c5b4c05a5ab5986ca6f6790040e3727d010feb387f5341c269184f581a2f80c559845ee2a781cf08e948c4c7013c457b4b95a388197e81b31249e8b4fb391660109821873ffc3a90fe283fd95c2025d61c86b23ed8418ba2870bb8df041ce49ee4cda2cee462a412ceb62eca9c62c620d7ce71317448fc71e341b838fb7bbac9ddf1ef164adf517c322e113494fcaea70a83c0d1938c75014265d9e0aed7f8e70374ef83d288afc3a9cf83f93c1c91062cbce4cf396028322eef4f7e5fbc42c953321db36ce6c7d7b5505e7ce22c67914e8d541c185e79ac2d0cf1102c4d2feafdef9e3eb0c33c602b720d340ee6eff285ceb6575f81f9581df62c48f8ae333fa74f498dcfc5a29a2999a8f26b152f66d4a62bf2c847ddc5bf50d4e7e3616f4d62f9b77a77efa4b685c4e9d1c8f498ced497d30eade336507fcd0b7d9064f4cf34de748366395ea5c15890a8324c4f3128ab272ee1474695cb25a4f35af6fc057400905d6570ebc8fdb65fbd6acef60b8483f56bbf51b63968e424a6a27ba12664e6d9d50fc3593d5302c587ec5bdb66353ba7d224335539ca8b89a8b0d20591de02d7e7195656fa49ba514f1387a5008348d17ac912a6085663227faf358ceef63fc2d4f95484a2128902b860b81d46b2d840db3c462b80f9cc648846fc17ee7d4c64ae7bb2054096a41461e16bbb051f373ea8e3ad546b10e456cda77fecff33b2b229143c6c0cdf5ed232738bb664127939579408863891c98b2552101a0f157f071f3d8ffea0e00d0d4ae9597974157ca949cf4b1d06baba7dfe37bc44e70f62d04dbf587b2a6cdc9c8014cf2df1bacaa7eb5f92233ca1dde4ca1deaff14f5e8f571e489b3fd9c4435f5e6cd73fd156f491fb0b74354e14d1e79eceb945f9fd366aced7e5a9f823dbb25e2f7f6eccc187ef34391767b773bc7b0c102cbfbfe66b2d7ce5ed443520a54d5c8d6a822189031a028a4f8ee060299655bf82699ce2607c5dd7d2574b"}, 0x307, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setgroups(0x3db, &(0x7f0000000100)) sendfile(r1, r0, 0x0, 0x2) 04:17:20 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340406c0000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2377.076360] binder: 13379:13386 got transaction to invalid handle [ 2377.082720] binder: 13379:13386 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2377.098303] binder: undelivered TRANSACTION_ERROR: 29201 [ 2377.104374] binder: undelivered TRANSACTION_ERROR: 29201 04:17:20 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000487d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2377.214068] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:20 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600009b060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:20 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2377.286437] binder: 13397:13403 got transaction to invalid handle [ 2377.306170] binder: 13397:13403 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:20 executing program 5: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000280)='./file0\x00', 0x1040, 0x0) syz_execute_func(&(0x7f0000000040)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000012c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r2, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) clone(0x0, &(0x7f0000000480), 0x0, 0x0, 0x0) dup2(r0, r1) msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ptmx\x00', 0x0, 0x0) read(r3, &(0x7f0000000140)=""/11, 0xfffffda0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000200)) r4 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) dup2(r3, r4) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) open$dir(&(0x7f00000001c0)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000004c0)='./file0\x00', 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r4, 0x40284504, 0x0) [ 2377.349900] binder_alloc: binder_alloc_mmap_handler: 13397 20001000-20004000 already mapped failed -16 04:17:20 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000040)={{{@in=@initdev, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in=@multicast1}}, &(0x7f0000000140)=0xe8) ioctl$TUNSETOWNER(r1, 0x400454cc, r2) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) r3 = msgget$private(0x0, 0x80) msgsnd(r3, &(0x7f0000000000)={0x1}, 0x76f6bc3d4e31d7fd, 0x0) [ 2377.394371] binder: BINDER_SET_CONTEXT_MGR already set [ 2377.428698] binder: 13397:13403 ioctl 40046207 0 returned -16 [ 2377.438339] binder: 13397:13418 got transaction to invalid handle [ 2377.448452] binder: 13397:13418 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2377.465251] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:20 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600004c7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2377.475442] binder: undelivered TRANSACTION_ERROR: 29201 [ 2377.488033] binder: undelivered TRANSACTION_ERROR: 29201 04:17:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040740000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:20 executing program 3: openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/attr/current\x00', 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_sctp_SIOCINQ(r1, 0x541b, &(0x7f00000000c0)) getsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={0x0, 0x400}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f00000001c0)={r2, 0x9}, &(0x7f0000000200)=0x8) r3 = semget$private(0x0, 0x5, 0x402) semctl$SETALL(r3, 0x0, 0x11, &(0x7f0000000040)=[0xfffffffffffffeff, 0x20, 0x3, 0x10001, 0x4, 0x9]) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) getsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000080)={@remote, @remote}, &(0x7f0000000240)=0xc) setsockopt$inet6_dccp_buf(r1, 0x21, 0x2, &(0x7f00000004c0)="0c31b7777831635a6e851d11e91797eca47a2edc47a4eb848ce66fd63e2858ceb2b5e12cd857878ee55106a0305baf784c389b87b2891aef8303b19ed4486c6ba6af2a5a1682fc89b5bf0c08947447c6f9b3f9a8aa9214f692a9cd246497c8fa3894a80e178fc4741cb37b80bd012a14114ebcd55403b3647627e349038916feb5108d148e5be7077fb3ddc2b3ad1c03eaccc580104edea456c8fdbf9b495df45adc5dfbbaf952d02a9975200ce7f6295642552ec806e78f02516cb241c3c7e9424d0d28955450af930c060f7446dce8296001614658c3c4a3e7b4fc01b324b31f658b2b918957a932766775acf11c2d3ab1299309a65163a6de349dd814de2bf31299c869326aff6d2d4f5134e1b7f20990b0ec7803ac0e89dc9075b1d8cdcbf0fbf2efce3dc1b50dce46682d6a59ffe634b82f41addc7ce34c4baa800edd3d51a5afea76362fbdb69b0008e05366e8af7a0e3c6722de90b1fef651cf6e12f3ee024359ab8bb3e49cfb6e05d0a74bb7a2eaed6aa2c06904210e35970fec0ff558793f7269170d3583f7a220fd8bc3151f672342efca8990f3f26af1e16ebc655ec0e407e641915de46a124285914ef130e397ffecbbb9903f959ea9c5441963f6e9eb538ca8b44c8d89542f909905c1653cefc3a671f5b5cd7a967d3b18fdeabe0c7b927c8b04052bfed2e68f7526801bf6f6e12eea91d1cd6e7811a68c40b439a47ad2099a5369a3c74a9069de4d499bf2c28352227ca69bb59fec7f2e68d2171809af683cc28f82dc3c47f4f224ac8a81f10d7434db782234e61fa270992330eaa4cdaa5da90832c43df0e18b07c847ab6fc72617255198a4ce73fa9ff9721966f2876eca7c4c16cf10e069675ab76d1cde8bfe970f40ca0bd2ad2e2875fe6d8317c5c12a4f4f5528af65f2bf645c2df400f1fc83069139349677686af66ac449c239c5eb543f5000faff652935b61857698e9afb382406b28f76d94e8c8785d8f2ae8fb02fd543ba155caaf0582ab1b3bf40573f0c2b7371d357b9a797bad1f3507e1e8e787569ab3d492a581be8b7848c8ce05a305acd28bd6e30ec6a815d78f2b1da81bbbb6a428f85f99cb596f78ed343d8f12a56ba10798c5431c89097a91b57d8a2d210b2a1c513325b169132187950072c01667636d93efb19a6431116ad8297ccdd0dee8aaa9211be9dd4d4597dae74fbc14fe666621605bfb7fbdbe073d9fa9117937ee8f60254b1910302ca536a8a1ad90528a644c1b936324bb35f0cadc8bf4c1c0e1173ff1787275c3226b258729da6329ba1d22f74d0fdb602dcde77282b41bd2d3a3c76cace53a6e4d386295ca37c053d4752ca6d781c23b85cb015194ee0d41f74b7601d25052e727242956ff9b450e478522548bae5b1a4f0262857657590221691d1e27cbcb622f4354048a81f6c67d39c1fb7e7bd79a99b8b73ce72b714c5e06a43ff7edd9a65f478de6c9411fa5109ec55c912ffac7fe2e25feb8d3db7e00e3f092559f22dcc866cc1c8cd58a08a481e012c3046d59daeabf5db0b312c64491d68b32299c23907f7db6c289daa7c679c501e5173d7784f2c8748c764641630f7ccf4530953ed9e64c5fb7737b2491ed47530bd84a91c0c79bca74caa5be165ee38b4dde2bdcca46d81e1a4386f50f5311670b1aa5846d7f35db51ca5d9f7d892b3bb7c98446171a4048f4e7cd962fbad3715c4416d0dd75af4f3d8f092d44d27bb31c82f8a4097e7afac288eaae0f221e588932372b1893704bfbe480a7893de45e5ad1713a5a4e222ac5ef6aec5b88dfa3bd9e781ffe42efa2b9de76f6c61d30248ec9ed6d0132a256e0796bdc7555643918b06637257a3078e9b6a54b466669745223db1603e23399ef8b8b128b366f8b1bd13c4201d048b504142c14bc79149594818fd592a3a8c500b66ff5421b74d541ea3f63b2cb9d25c27e308ed0cec95edd4e86a654b920578721d1e758fbd4bfdbde3a0fc09f53c68cd87e9530e3107d1474eb6c2955c81e9a8b22191baa4e9515a20f3d37927044dbeb227f9fa8742d40d857fb2c4856759766c8c4059ee977372787424d54a9e95a7e1fac258fd02e8a7c743376141e40fcdde1938190fe0f16413e3e94c44b06ef8459cbc54f1396cb0ef569864e2aaa266f0e3ac4ac35315e26319f0831c0b4ded1b23e9022f58c98e7fcb55860d8a9ea7a225b6bf2b407b650f5732812844744edbb6327eb5746997ba78d6b5ed120143ec4ecd078cae512bd3e1a286677b9f1389dbc7ba8548756e7436b9565d4d336fadaa95e7e7493017c1c299e59e09fe07202cdfbf64b7cc32b809ebb30a25666d213412da61b5a8ec81674d48ab7e92b52afd2db499e2a4f0eab02768cbbe09c06d123272105e37171dec656d8b388d1ad5166aae23570ceb1c5afbcb55942ceb692f8e954ba69447e4fecfde4bce2ebddb82bd3726e3ea7dc56612899b4516cd592a1997ce2dbf6c51e350b11de831b928c07f2752c3bed421e08856cd2654a7679691ed6a61eb1709362e8cc297c7473fe8bb3efe7ed0ae26c58a9488ab59c9c77e1e9639451c0afc8ca3af7a01638e3a7773de7a5d09abef50ef1a30d46c02f9bca854643e078c096b020ebaacd1494d64e2ac4c715c683e788684a813d995c24e9355b4c1215cf0741ae75189ea1bde1a0c68ea2f35cfed92d5c30b0c1095c5e7813603f643d2952b618fbb99c1d0c2d69b7871a6d7e59ee1a6708249774a6752b193ad4b9fb8b50bcd2cf41b004c82b8dac3bb69a650157717a0fadb44f31a2a3822fc7775b0e25786b49db1bc10f4573b7b2b387b7cb24a4a62e4c4414cdc50127a8223a0cd1ec16f08c504139db7ad394b9e9f750e231479ad320791e4dbba7b2310a31edfc8f55aaf5b1ae407ce619119303f6f7197bbfab4f31b0e33d37f42aad572f048224b9ad4331e533ac48ad61c9822ede34e33ede49489ce41a8739082bf6cc21c8ed99c33ca9fcdb29fb6109a8dd0eff7e3a2d0e4b85c13c22cf9afa5ff6153bf822efca28ff501f5b9ab51c3ad7d4fa12845fa2872ef318d4095d937a9659445262014fe077f5bec4bf76636aa6c8dfd4b6ce04ea2bcdcad1f8fde2827c2d1abc740670dec215d00252f0c36dc22b914ee6e622b79278aaef717a0c10deb806812ae5cb5a9f8e36520fae99dd9c8aa2eb9ce0b91d9041ede4506319c31d325fce4ff93f5e0767a6b490a04ac5c27148b7e452a3ac7cfc580afe91f49a9d6b692fb898205e5bf2266fa45699e7b1d8f3b39c3c0af4388064e365cf6dcc0c486546f669a468222d8e9b691b7688dbfefb5ae35d4361a49ecac64dd21a44a588f3fc79ee40bcdc643f702279ae2467d41e3fc163069591f46354830a47afb78e8f82d112f927c80a453aae838ad23d00f7a840cc3854ee8bfc873d8428a09ca874b2dcbf57429d57e6b04b3735495b2108495153a45d3748255a8f44bca74b1f897684d7a9afb73052a11013c2a99832b10234dc51021c5b6204eb984c1f7fe7fa9880856b3b4644369c8037f8af042bb6efbe87168c2ba8da84ca130ec931d9a40591a5dc72a9ad4e0b5e17fa24309b8c3de8a70153f57c1e1bdfb9db2f7fcdfc9974c711e56c71c473989addab35026cb0912297ce02ab33c9033686516f1cd7193c0775e600098faa571d722143c41399fbac87e0bc46eb539c80b398c2e8d0d771e3e9a3a2de7a35a9d28c043bf66b353404b16125faa1eb27d4aab86655c09d956c68b843e271496d94ad4b96aea7fb428c522ad8ab378d2ec920d1f141832c61fe1f7a4a122845349f4dbadf7add67f1bb08afef81726de953632c157ce9f5d324905e4a026210cb88ed89a63a8dc3a393233f70e353224c0a73c8ced43ad3f20f0550622ba6fcb9f7d323e479fa8ef8230c8a3e6f183fea23b28f08588e18e0fe679e71ea6d99fb2d8da58201ae5ac3a68ff840648f4709309a66515b4800446985c369d58e610ca327ad5b110ce37f977eb46e176135ed94abac634b8397a66c8d374c48fd3377ad0422ec01f863f9e5151627fdede01d60e08f53a39253932afa9f5852fb8bf3e756761a0ba0c53a1580569ffae978c7ae7d296fa51613cd64531d634c6a4641c1cc5c815a095cc9a060a138a8d5d718db60b9940bf5ae54f6e484586736909895420cd0ecac7689a55fc41904e876274ee3e333c36757463277e5041f0194d78777daf023bcbb58e9ba3252ad56f51b0338a51835cd6ed69cbafb39b61e01a5c6ecb0c9c67c7ba03a53f3dc6eb2d470d2a87fcc693cc74e4f65a9e2151f63772f7d0db010a1ef7c854b9ee69744fceea7c4d8c51b7823326d56472893059f5acbea22a9026d8cdc956b922ecbda6a0958c2978545b98d78dad2c50894a3e16de643bfd82a2b321ecce8b8d026cdc756767635fc80179a19c657bec375f93bf80795212aefd17b0a947ef00b667edb45df06d64416a5158c4bfaecd8547e7203a559a22bcc65b746652265c897156d8cd8232b69587335644f8660aac8532cf49afcb47db795e14aecd7a0cb33bad3214c3e04e5a1c41e5a63490292933a9258a3432fd99ef8ab5c07a3addfa60a2979824fee30c0b14227b1920e24c3f6b499c85edf53c0310feb28c7939661334cdad698ddf24cf2de79cfa4ae0604a3e773ce8d77eaa9d12e8246ef552b648308b6ea4b827aaa0685040ce395a148a80085dc317b1352df2bc665acc72a8bc541a9de84a8f6d3e65f8be1e5cdcdc5c88461dc8cb7117fd4a1b08565013420d49e1510754c1856331c30865b6a934dc0c8f4d42c08479aeadb30a9cea82342bd027c827de67c62e025d48067d8c599d77b8e6d7c61e750fa14bd0b0058f4398a6c16bf51ccfdbf641c13c39c7eaeb5ca8d1a80fb0f3d61cc7d2a7955be5e88a8609de52a4058000b290c457c2ff3b6cfbeba77c248109676fe33eac9e90d8c0c0240c5dca2d4ffb2c60fbf2506fa39fc4bfb35eec1384a2d8af28852dab6fa9b1f9ffa71f2db496e85f6dfbd1ffadcf1cbe21cd369caaec37c83d983cda2fe8acb3657a1c14b41f12760fa3be3642d096a903ec54ba637555f6ece4f3642f84dc303be7159b0d0b1b5b87150d67d488d6b08868f4e6f735f9689efd5c22c80aa49671a4c49204e4712e1162f572643844bbd822e255cba45bfa18c2531f1d83aaf60b9acf113cfce2d4896e0f74b38d217ce56b516f8d9efccbb402286a4aff3d0c440f501a790ee62ff8fd018fda82af8426a7f29e728e172d8fc7c7ca57c7d210380c6f79f44fbd6338228293457c4a07833064530397b15cd7b3587966292058dc14e066eb5abf34a3ed7923d7bfe0fb79a77f87f3aa6f92b3224ed9e0fa779141e615829bb8f81ca88e90da30a279faa8cbeefaa712aa972de707843b5a013082021c91b9ebd2ddfdcdc2650ed90d37e79778b6043fd5d2f04a80b996e5672ecd01d060c67897d1100cc63fa39bcd79b628dc519e1e0acde7004f737a0955841a154819b5251c9563e8ddbd6d0682e07f49236f2f17cd959d06b5abba95c4b360904a8cf633f49cc8511c68aa9e8b07ba234b043f2eb8492e55e1b73007a8bf652ffbbfadf397baea10df05c7d3465bd40f816818c429ee864910439c2463018b7b687802a35220924571fba663561f53f890e827a203c80022a5b6bf15a3132e61982a8105f5f9625540b116dee10630a23356758da590e5a87dbdbc7d814cf095775a7d356baccb7a0d3a3689cb1fa1f2d9eb9e628a9fb203747964b7ab574d4dd06ffb5aa36eee", 0x1000) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x880}, 0xffffffffffffffff) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:17:20 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:20 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600009c060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:20 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000000000036e95594cd20d55691e7877e78c8b900fc4397c7775251b2f206eded5a2d9fc30da519bae75b9b5ed88e418edd385c3df77b513ec7a0b44bad014c2ae080bcb54ced87cfc7efd0bf59105a8a405e3cbdb64007b830275916f3f4a65b35b74733a70f6b69b80099a2864d89f33b517bbb757be1e03c236ed1"], 0x8, 0x0) 04:17:20 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000607d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2377.736259] binder_alloc: binder_alloc_mmap_handler: 13433 20001000-20004000 already mapped failed -16 [ 2377.759773] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2377.811540] binder: BINDER_SET_CONTEXT_MGR already set 04:17:21 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = msgget$private(0x0, 0x406) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4200800}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0xdc, r3, 0x508, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0xc8, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'bcsh0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0xffff, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e24, @empty}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @multicast2}}, {0x14, 0x2, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x21}}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @multicast2}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x3f, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'ib', 0x3a, 'yam0\x00'}}, @TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'ib', 0x3a, 'hsr0\x00'}}]}]}, 0xdc}, 0x1, 0x0, 0x0, 0x810}, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2) msgsnd(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="bbcf4ee718e7d8634f3d980fcffda3921eab60d03d3b5645c7497a6fe26bded8caea28ef05d1e6b350a17fd351621764147e27b915d4dde27f0bc97015cc215d771b287141adb038bf968bd3466f73cc18113bbf1d9504a0ae914ce9012309d19d1a1f90410626760a3f9440cd0700000011f966bc004e102d0b591586062749fb9e53a6e217c6c660eca0f7b87a3f7e196038bbbadc8f885df8afc03697e9d5718d4a43e79e29d47ca36d8d235c5b368c3cb6f540e68eebc85928eefcbcf993713e24c6e667eb56cf99c1ed901fdc23d9fca619d062f8802c4e17bfc5f1e382fd2548421b7cc17bb2db52ba0c0000000000000000000000000000"], 0x1, 0x800) 04:17:21 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600009d060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:21 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2377.835358] binder: 13433:13441 ioctl 40046207 0 returned -16 [ 2377.944060] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:21 executing program 5: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000280)='./file0\x00', 0x1040, 0x0) syz_execute_func(&(0x7f0000000040)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000012c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r2, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) clone(0x0, &(0x7f0000000480), 0x0, 0x0, 0x0) dup2(r0, r1) msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ptmx\x00', 0x0, 0x0) read(r3, &(0x7f0000000140)=""/11, 0xfffffda0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000200)) r4 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) dup2(r3, r4) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) open$dir(&(0x7f00000001c0)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000004c0)='./file0\x00', 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r4, 0x40284504, 0x0) 04:17:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340407a0000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:21 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) getsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000040), &(0x7f0000000080)=0x4) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:17:21 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000687d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:21 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600009e060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:21 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:21 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x1ff, 0x2c0101) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=0x0) write$P9_RGETLOCK(r1, &(0x7f00000000c0)={0x4d, 0x37, 0x1, {0x2, 0x1, 0x3, r2, 0x2f, 'trusted-#!selinuxsystemselfvboxnet1trustedlo:\x8f.'}}, 0x4d) r3 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) syz_open_procfs(r2, &(0x7f0000000140)='net/ip_vs_stats\x00') sendmsg$IPVS_CMD_GET_DEST(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='v\r\x00\x00\x00\x00\x00\x00'], 0x8, 0x0) 04:17:21 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600006c7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2378.497703] binder_alloc: binder_alloc_mmap_handler: 13485 20001000-20004000 already mapped failed -16 04:17:21 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) 04:17:21 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2378.594980] binder: BINDER_SET_CONTEXT_MGR already set 04:17:21 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600009f060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2378.637625] binder: 13485:13502 ioctl 40046207 0 returned -16 04:17:21 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000080)={0x1}, 0x6f, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x40000, 0x0) 04:17:22 executing program 5: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000280)='./file0\x00', 0x1040, 0x0) syz_execute_func(&(0x7f0000000040)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000012c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r2, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) clone(0x0, &(0x7f0000000480), 0x0, 0x0, 0x0) dup2(r0, r1) msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ptmx\x00', 0x0, 0x0) read(r3, &(0x7f0000000140)=""/11, 0xfffffda0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000200)) r4 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) dup2(r3, r4) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) open$dir(&(0x7f00000001c0)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000004c0)='./file0\x00', 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r4, 0x40284504, 0x0) 04:17:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000300000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:22 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000747d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:22 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:22 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000a0060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:22 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msgrcv(0x0, 0x0, 0x12, 0x0, 0x0) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0) msgsnd(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000081000063a9bb5081f50ba2e5191ee54a9cadfef6bbf8898d9063992ab6a319973742e93851847df190ad729c431f1cd858dbbaadde5e05da66617e34194ba284d8aa41a6a3f877b09503451a29b0fe2daa82adecd797d81b"], 0x8, 0x0) ioctl$EVIOCGVERSION(r0, 0x80044501, &(0x7f0000000040)=""/236) r2 = fcntl$getown(r1, 0x9) getresuid(&(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240)=0x0) sendmsg$nl_generic(r1, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f00000004c0)={0x1624, 0x36, 0x10e, 0x70bd2b, 0x25dfdbfe, {0x1d}, [@generic="2caa41d93ddaa269addaef6bbd0e2bd9039b468ab1f49c479c103e3bd597ef9d280bc187e1e2f9ed3bd9751ae28f526e2df05e3e16da55cb31006a00f070835d825419af6b22db8defa646843e037bb27fbbdc08721187cde8bf22610a86a714ab37105c983e558bb1c9939428b2499babe73612d0fbbce648d6e28aa187e167ec7f91c61af3ce8b7b08b3d6e6664fa0ebe01d884871f5095ba3734d40a3113839a0a9ab28e203d39bca694f02d40d1352343283e260b7759fc6bd4e88f8dcad85e63d9b33700cdb3c9c20c09fbe3c506665bef360767604d2b575bd84bdf9ad122eb8a3a8d0f0c1", @typed={0x8, 0x2c, @str='\x00'}, @nested={0x12a0, 0x44, [@typed={0x8, 0x88, @u32=0x9}, @typed={0x8, 0x5b, @str='\x00'}, @generic="07117bc40b7c5ae8143a898c46ea73c8376aab09bf6444d255d7f05dd50cc0f6f677ea0c2431bad6c6c1bdc9bfeaec3c2500abd659ee457bedad9fc68104193e3d3548aa9703d711944c796ea1ee064b73ac8a6edc818adf0abf3ee4348417c1d890da7a4622f847b31054a5a4620dd5e4f7e39167e8e4de7d0c28bbbd259cf15a89ff", @generic="d1a21b5de922adf5242b20c6c3007b030625cd406b249dd76e47ae2863074f5070df35054ec40508952c9db1356baa68a368a7dd264a33e534562cf99a6ca0364b7742d7d388a94ef744e4f3679480281101a4dad206eee9668207d6cb278a3e023ebf98dfb3ed4a2a604f038925aa28b0b589c0fe64ea6ebb20a0589681df60b6e9bc37080bc31fdf5e9e0f6c1b05cf0a1c340428d3cfa814c2dfba87d59c45b1cb95242eb0e375f1416231531f47884b7a448645e2318b54322711f390ae822a711ad5da49085a41", @generic="e3229a02c1e53d6e4f15b42c9ffae8bb499bac185722cfa8e84aa6bc65fabac5ccb3f060058899213e4504e379e82aaf28e3fc67d85461db8e7dd46c91becde879a69ee008d41dcedda5ffb56835b3edae8323dd0d8ccde2eca235fa70ac9c39da2d9be4792228d0b135fb17d990e984f90c4d350a2a490ecaa6dcfaff2725b875a21f761cb1c6e3c2b4a53197683aee4f0b08cd68b512dd1373af99114986db729590da41d64c", @typed={0x8, 0x60, @pid=r2}, @typed={0x4, 0x70}, @typed={0x8, 0x8, @uid=r3}, @generic="8c7351e5b3a0e447a3c1b9a7267067b4b1ebb41ea18931077dd5c1662367c910a5da7a16c563d72a969a11b7f778ad22918ede49065d6cee9ff4ead520c6fa95ff28f4d66593c509fff1eaadf9bf06be5667b25c71a5d2f1e5aa37cb4957ebfd30f11f9ee8d68682d141e3c60201a11081eeabcff4159310a976f19c20973c7e930501dbe23e5b8a04aebd184c0cc721264dbb483d76b4204f932b2c337d76569809ecbd88cc1661f43213873772ca87cc78eb5ab12510d16bf019370faf0570aac95db72efdefca0f0ef236f67e02b14a1de1bf71e9e3c1e501b976dc9a98f01c7a9dca3c4e304db886615885b88179cad6dcce25c7e73569ec18424cf99547bcc0fb64493c386249a3c4f8a2e9e8053ff2f658bb7ec86f85a5ff7940062355fedc4c04222baedc2f2d8b4b2721cbb47e60fb1b6e5ce4b78b4c83ceefff84714271ed7d58727971bea9111fd94899ca3e14ead390ec69624eb0bc7fd12870e93347a8158ec5c41a7930257b528e3a1c88842446b0dc663505fcb3fd9cdc4aaa6bc3e38c76d7382d136a5c2f0b70acf1aa32ffe9972bd908a25cd08cc135566ddd8c48760d0a2aa481551bc44d71c27a3912f1176db0af12c9cd877562c6ef9ef35d37b9432acbafb174c43606ec54042512ff11a5dd8112a81d9bc018e22037abbaca7df94b177ea55e24e2478ed09308f60b864f365a7e82c3b1ab674f5e5d73c9fe02869a6906ac859ede250eae3b79542935539848402fb258d7d6b65c979f513b7c332d145949c77c4c4c2b1a08c62b6864c9c57b91d5e0d61c826d056d39208c2896038f86578bc1a9db8d6d4d28c2c7c2203a930a3512722701f19e263d8ff99e7474330c230858e3ef38dc22d5e866499ebfcd42ef3b9748e21b9fdff6039be9aa8707fccf17b4aa7649ffdc39490ce9e9e2c6d722fe3f7cf50506ab199f08647d5c34d9f98d09ca4bc7f3acd590e8ba1be0fb0f4fb820651c396ef36c58b1daedf3338154ac938a7603d6718d9e2c2bcfd63b7526a310e5cd426be70927eee150006885c06535e8cce0044785660308f4ad6c6712d08a575fbde4699df4b3935365984fb1964ae81d31d72ad55f24af28976bd5f7c5bdad8e2b7e5805d70b58334263574e22e94f55d867a6b58011ad6516eff95a033d59e6e51c378364f5a4b3fa13341737395cd503e6cf4316efb1ef7e39f8736fce0da371d5290e242710ff599dddaefa0b1410eaf7de1833e8b51d3ce3b9b2238198e9138ddbff21ec89744d9bfc6f7b87be69aed01e40f11e0a458f3e934953e5a3a9fabb414d26c6655c62548481331e19c48fcf44bf04739951e6be8389b60cdaf3bcb127f47da57780e0fa753f743472f35655f677909f61b75429387d07aa2f66c0ae4135712ba30307034edf82d21c567a34161a0910850d2a090be190f2f61d234de1d4cddd11121e52edbc2d95d8c822381d7b8f0c21440278611c390bacae0dd0ca880d1867daf3471d49bcfcc39ae330a46b04e8b035b4540b74eae30232760f136180fe0af97c9595587ee684e7b778242d8eea44db0d7996f7c9e2a0ab33615a994218764b5885e57e114ef41c52ac4e7d375a7aa84799cc9006d1e1cb6c81963054af1ce331952d802e6fcec4041b53066786b64fefdf71dd4597092b6f1c0a3fcc19b40dd515961e0afdc0311648e40314e9e69fef6d8997f35b1f0a63b50dd4b9a3e70e85f2e28be29afc12d0de860f5bc744374d22eab1d7bc178e93354bf9137a4ae9be50f84f32b12179669de78a425a1585c9de254d1ffec8215c254db5226e8ee242030398eb5b3ebe11d02371bd88f8f10e2da1a6dc92b2113716a4762d69fa147784cd0eafc381b0857f5e69b539e73d15696dc05aa1c90505cb39cb59e639b19d3a1471aad2afe236be957a6489f3b865e4a766e3d64542cb201519e0213eaa735d2b2c41b100d2835e37b9bdf1400eb72e7cab3bbfdd1f9aabb125898f8ebd0b9ee8ef795627ba3313371742021532d22aef31be8856b3e03b9eb7fc0c3ab16223f7a916a16d0d123f60202e7d093347ce8805ec17a131064056082b24e83f3dcd1b84a3086c090142ce41bc6ec023f13ea4060d7a830fa0abdea8fce53c92d24a9265389525c55eb1753d181dc0d92851994b35d55b1b34a7ea0d51a7b778d94e5f596b39c357f1a1e55228bcc075a0c68dbaa5c54efa7038c4a0173408d9eb836d15da4f8608672e8d35158f214e3db002d4b8df2a425ec6b4cf95583cef406449ef9376f8433a1be543dcdff463bba81ca564a1f0d23017926357769b120a53a0d4fcbb9f687ae99ca52501654022d4796538ed600ea34ee644d224cc3455d57738a7fe59c04f3f16b60e3ac543111713d2d27c889eca4675b8154dfb92c868836e1743700e2b04682da241e7482bf81bc08bb74da06f6cd8a239a5c962b82c4c9a54e133f3de54be8d62a5cd2fd9095d225585d3d88b987323f1d852f1b81fbfd375db3f872bf3b2452fb2342c724427d8fd42c195e169f14257cc2b95eebe70a449f607726418abfff63747a6e563e553b48b44270cff759ef510ca456883526f54a1d71fd9f74820675c6b56fcd53544d2f1de1a3eb328a0af6078e09e36003486d95891df4551f62aaadd06cd66b169ee5b97546987d108b26bc13766bf410700a25f01a353894feb4f67aa40abf97c67aecdd77e1f5fca0e1f16ddc5f0e32929b99ee58d01b79b7dba62e19ec296d1da71045f8c890b709c47ec637d2688bda5825ebe5c5fc0da41090560766fce66455d853c2f411d494ee0eb5aa556255c728c8ad1fea62596937ab3819035d8885a3100ce9e8f7a481df063d8cec2f9d7787d3f06ecc3afb525060b251ca8507d5ccc8e1fc3c9abae526964965069ed3e796a4fd4d4418920bf6000726477c45dbbea270db3ba21d624df77847401e7885b2095466adb40320db533bc840d895fead8b178cab79f4405a4ef3ea08e3b6ddaf8b63dccb4f040be6f39a1323882350ae2f58d38ca53a29ee122b7542dbf1da2b2b389f64fdaf9c472e062fdf479e6cd4f9dd03967f4a183f429532eadc1d3cceeb635050c547559306d548dc7c49b0854fcfdac42d04df3baa9a346e7b22947d3b53e7a72cde85090aba80b9acbec5e95558fd6efc21750dd1b10b41644ca22e4c50025cbe6434ab4210e2f1ebc5d4ad39b2d1fe5eaf8bb60af0956076e7f87b3f2500eb5458982e23374f0e295cc53011b094c617cc5022099d38d9f1767c1ccdaba242bf74eef39b18f8f6b2a79f6c70bbe40ade4c3c588c2b99fb011183eefdd05627148837cf10e518ed2233d0d2ef920dfddfe310a5fa7ecdb43e0ff3a2960dc6b7dfdcff73ad06183c76638af9c8d98a6bdf6470de905275fa2dccb2b11545aa5e3c94adae588071b3a8074a8e7d9bf886beecf0a8eb748e54f63cd88a56e76c781885cfeef4a252963f294c5aa08f4e82dad03d5d2100c8a8dfb4b7560e5db42fd39faf7d1c07709f850a085df271ec64b7a7f5311c712674da2cc8fbe96f8e2603eae67b8875bbcad93ab78f0bb441f8596f5626191e7fe1347e517e9b9282ed78168b21d414dcbecd848f08b137fd91926e2d16f46b19b789f3a4eb2bf78680d3bbdce088110425b055cc446090afc4274452fdb9456e6b5c79c0680980a656643783d790a52ee77396b4a3fbe7c95ddb96674dfcadd1387a99cbb4d35e6e48e9223381685c3952bc13dcbc94823a6172b4f385bd020cb7005e0a2ff7061da2fddb5a70d5b699f230098b5531e0814c6baed29516afc0903c3dc953d2e439bc99dfc853d4a3c556eaf4ea53a1d392e67c68e00ee2deab364d0cd8c7ce7d4a8d96e6b730f7342440dc3052d6bed1da6969fd7dc198915a4c915f35238691e6ea0453ff13374c506e0336f1c2c8ed060d602c2a2900bb5097d81609a2e25c15174fbef25d0b61faec3af503913e6656bff2475225bc188347d16201ca6ca8df1a60276737c17514c6665fed0a34196672b248c9aea183527872628418a472ed6e385bffa51eac475a212126fa1aeb7ef505effd8ec8260595cf6c01f3d8fcc31db663c49a854babfa853fd9dd656814860549544d2ea1263ad93830aa6836d4e9d651b89e9eb608bf5eafca8adbeb10ebef2a33e6ac7fa1ab03c3e88925981795d4a36df38a3f8ce2c40d10b8f5e0d2199fba85b2c2a267f366de977051789b62c36bec8d050b0b11a9c806919148d919e207b557837d2e421d8ef1782c5930170e079bd6421a44f253ebedb2cf8f2895c704fcea87c59146aadbc158aa35652e83300b2ecb63419fb11460aa2230defff78d1c136dc40acaa0f24b11fef2963a4fa1b47e3d2ca81851e9b0044c591d96c2555883b8f7e9eef33f5bc669c24f6a6d98c442245d4e3bb329e18fdcf67b46cd8e8208b38e9d7bd882afb28c9dc8f71b8101d1a394e4d32a5e74c32bc69e658bd37ac8f5aef335fe2a2af5d4fbe8e831e239dc5e22d6e680a58c913b07fafc2e395f71e40d1165391f07c41b723175236301c48bcb571531c877d470fee5e33c3be16a916b68078c8fb1e4076429cb3bd33bfe0efbf52417339b2c028bda0e27c6e1a99f11b21b7fa3f7fda7befbd6f54c889b0e2d6f6e5ba8d42358ada5abb5d0acb28602aa71301d4fb097093bb2758f58d19e5d1c8c4b853f632c4d1bd197733efe0d66a99e9c99ec2f277cbe65d6bebe03578214e70b03d909f3d95bf027cd635d0f87794977971d3696233311fab1789fc00955fd25f4f214a37fcfbf8697b1d4fd84e52641bcccd3dbe21dbb05bfeb9d7aae6ad860dc23de18e35dcb3e6db6cdea26ecc6353c28d16c0ae0fe8cf30b4c3e1a656995db346f0f3b6e9b310b80db5fa0ab494904be3114287623582dee6e2e2b574286501912af9a77376510e1c9fa9161268133cc40d1441c9c4700d676b63d55fd47566d274c2bea3f0480106a9f3536ce5c47de0352d775b06fe055805f97c100bb3a3ed3e8b89aeb012933250abfc86332342209bb60437a4f23c436e212f57e8e40c635a16912cb6d0b421b73f640836ad30580dbb7afef3d73f043f918784366a33b7d780086a07d8c06417075d43265fc7bf55323e05a07c3a3a5774489cd255549ecb5beb8fa26f7ac0055615000c8e74dac5a089e52ef91b67d384f14a64aa266ff04bad2053811d3496185791bcabbee12c0af1dad6cf2dbf3ea923f3eafe530652a79a1a353e586b434280968a8e1919e214ea5cc33f54db538addc5e633a949b278f6f33b1da3691ecbba72fc52612a5b0788182c876e2855edf649b84f5f6f8176fa9987fc1c9cc15a9634427624c321335142c114e5c6e8d661bb763e8e9191b5dc393f9bf62399d710d0a2fb30e4a561a3dbe4e02fdcef061c4fa3baa1892f8a1538fb6309e65925a2a820e4024dd99db245eaea8f95117791a67c7060f081cb5c5d7a62f1d8f55ab23f7f75ea0d32c73d78bed0627146eefe42fdb4a1fd4a308cfa63ab48639b821c5b9ea6515d0f5f1613e797fd93a5d71ed9b96085a79e975ea35c61e8fb3e3d1edb14026d18e6bc320b8c3e6252adb766c741fa3c5d1ec2caf456ac05fdb8b63dbb6c5cd2bc6885d9bac64dc8556cd9a152f5d9b06451df10e3c53e5ca4b3a2dc42e0b300e608d453a64f3ad67a140479417fbf9042b890e33bfe08f34dcbc4b9599c7adc75302f86e369b7b1e07d68b12f92f5bd15b6d81d04527a219bc1f28af54cc221a0d3181711bc1d81d8064e4c3836a38d5bdd4cd51a2df3", @generic="05198462df7faf9e7154daa909cb74492e84761d86b6760f9840a38eebf0398864e4776bfa50961df827625b80bbf7d2726abef322632899bc75ee8a5202b21c4275326540d53db44f6831eda0eeb784cbda043fab0aab74a18ccde39cb9b4d20ae05487e9b892621995527a9b65278cc6c2544547ba4598ef2639e34ca37a5a0afb8c2708"]}, @generic="5dc86b7191e75c7200521010c1fa9e1753157c29410dceab81daaee169b37505dbc43edce1a63028a5ec40ed0622f132b5f5a6286c6e6c926c9536ec3ea0bd4daa6aba0a2cc732f6efb7a458ef802f1dca4abc22c123f523fdfe3bbeab0f9f2aa134e044a65574259fb77128f50bd418c90b522f5f879fa4c0c1498b97cde862666502a19c1c52bc7c4ed2d4c14f0025", @typed={0x8, 0x62, @fd=r0}, @generic="aa60da02b874b1d90fe9205ab5fa8be24bfa3266fe52a454cee2420dba2307088a3d9859ceba2ef1b9389118ed07ca05c8c9886495f68647dd2673fae842f8e44926e676b77331cb2c64b15cc5e7da3a5dbf7610b46b745a823f0541ca3055ed0cd667e50946bde968594cf941c90504c21d572c16b9f482df8e5cf1b7621e0afd2e67fd1327d4b2a5ca5a940e6610520c637e219fc5dce46e478101435b1e09ad64c081e58bbf1c24f834d730299cbf80189ec1660f2a80e833aa24012aace9b5f7851109ea168fcfc450f3156e10607e3a84fa1fa14a09", @typed={0xc, 0x91, @u64=0x9}, @typed={0x10, 0x56, @str='$userwlan1\x00'}, @nested={0xf4, 0x2b, [@typed={0x14, 0x29, @str='trustedvmnet0$@\x00'}, @generic="0bee847f2aaaa31a1b79b0477ee5556057c54dca88b3f7d2bdf4f86cb668761da3316d606bd076619d91819fb9087c8aca7461a8acb92f10dc1c56157ef7328421d290706246ccedfdf8642d58eea981c4f2370cf9d92cde8bb2391606b9542a4f44cc", @generic="4db9939c9dc10e93ab89fc4a99cddba7bc861fe27ec7f9736ba1b5f8bc05ed69aa309bc748fda0b7f8d49ea4cd89061a2620855bdfeabb2c1c488310524d6c9c803b43bbe6fcc8c43dca73af5217b8c210a973325dc8e3153b437961dcc5d173ae0342ce9e481a0ec99d1299c8fb736c083a54ee80a9d928"]}]}, 0x1624}, 0x1, 0x0, 0x0, 0x40000}, 0x20040800) 04:17:22 executing program 3 (fault-call:10 fault-nth:0): clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2379.234785] binder_alloc: binder_alloc_mmap_handler: 13534 20001000-20004000 already mapped failed -16 04:17:22 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:22 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600007a7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:22 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000a1060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2379.280683] binder: BINDER_SET_CONTEXT_MGR already set [ 2379.311724] binder: 13534:13543 ioctl 40046207 0 returned -16 04:17:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000500000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:22 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000a2060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2379.516836] binder_alloc: binder_alloc_mmap_handler: 13562 20001000-20004000 already mapped failed -16 [ 2379.526699] binder: BINDER_SET_CONTEXT_MGR already set [ 2379.532050] binder: 13562:13564 ioctl 40046207 0 returned -16 04:17:23 executing program 5: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000280)='./file0\x00', 0x1040, 0x0) syz_execute_func(&(0x7f0000000040)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000012c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r2, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) clone(0x0, &(0x7f0000000480), 0x0, 0x0, 0x0) dup2(r0, r1) msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ptmx\x00', 0x0, 0x0) read(r3, &(0x7f0000000140)=""/11, 0xfffffda0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000200)) r4 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) dup2(r3, r4) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) open$dir(&(0x7f00000001c0)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000004c0)='./file0\x00', 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r4, 0x40284504, 0x0) 04:17:23 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c00010006000ba67d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000600000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:23 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:23 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000a3060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:23 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2379.922306] binder: BINDER_SET_CONTEXT_MGR already set [ 2379.931609] binder: 13584:13587 ioctl 40046207 0 returned -16 04:17:25 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:17:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000700000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:25 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000f07d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:25 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000a4060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:25 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:25 executing program 5 (fault-call:1 fault-nth:0): r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323}) [ 2382.319559] binder_transaction: 10 callbacks suppressed [ 2382.319569] binder: 13611:13618 got transaction to invalid handle [ 2382.328578] validate_nla: 22 callbacks suppressed [ 2382.328587] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2382.341495] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2382.347687] FAULT_INJECTION: forcing a failure. [ 2382.347687] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2382.363089] binder_transaction: 10 callbacks suppressed [ 2382.363108] binder: 13611:13618 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2382.365593] CPU: 0 PID: 13620 Comm: syz-executor5 Not tainted 4.20.0+ #13 [ 2382.375229] __nla_parse: 6 callbacks suppressed [ 2382.375239] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2382.377329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2382.401632] binder_alloc_mmap_handler: 1 callbacks suppressed [ 2382.401648] binder_alloc: binder_alloc_mmap_handler: 13611 20001000-20004000 already mapped failed -16 [ 2382.406744] Call Trace: [ 2382.406768] dump_stack+0x1db/0x2d0 [ 2382.406788] ? dump_stack_print_info.cold+0x20/0x20 [ 2382.406817] should_fail.cold+0xa/0x15 [ 2382.406837] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2382.406860] ? arch_local_save_flags+0x50/0x50 [ 2382.406878] ? lock_release+0xc40/0xc40 [ 2382.413619] binder: BINDER_SET_CONTEXT_MGR already set [ 2382.422232] should_fail_alloc_page+0x50/0x60 [ 2382.422267] __alloc_pages_nodemask+0x323/0xdc0 [ 2382.422297] ? find_held_lock+0x35/0x120 04:17:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000a00000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2382.422317] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 2382.422339] ? mark_held_locks+0x100/0x100 [ 2382.422357] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2382.425469] binder: 13611:13622 got transaction to invalid handle [ 2382.428604] ? usbfs_increase_memory_usage+0xee/0x1c0 [ 2382.428625] ? usbfs_decrease_memory_usage+0x30/0x30 [ 2382.428640] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2382.428664] alloc_pages_current+0x107/0x210 [ 2382.428681] ? check_ctrlrecip+0xab/0x320 [ 2382.433834] binder: 13611:13618 ioctl 40046207 0 returned -16 [ 2382.437619] __get_free_pages+0xc/0x40 [ 2382.437634] proc_control+0x250/0xf50 [ 2382.437651] ? __lock_acquire+0x572/0x4a30 [ 2382.437668] ? proc_bulk+0xa50/0xa50 [ 2382.437696] usbdev_do_ioctl+0x1f9f/0x38c0 [ 2382.437715] ? processcompl_compat+0x680/0x680 [ 2382.443497] binder: 13611:13622 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2382.447395] ? __check_object_size+0xa3/0x77a [ 2382.447410] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2382.447424] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2382.447442] ? check_preemption_disabled+0x48/0x290 [ 2382.447464] ? get_pid_task+0xd4/0x190 [ 2382.447482] ? add_lock_to_list.isra.0+0x450/0x450 [ 2382.447498] ? get_pid_task+0xd4/0x190 [ 2382.451815] binder_release_work: 10 callbacks suppressed [ 2382.451821] binder: undelivered TRANSACTION_ERROR: 29201 [ 2382.456762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2382.456784] ? __fget+0x472/0x710 [ 2382.456799] ? find_held_lock+0x35/0x120 [ 2382.456815] ? __fget+0x472/0x710 04:17:25 executing program 5 (fault-call:1 fault-nth:1): r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323}) [ 2382.456833] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2382.456852] ? lock_downgrade+0x910/0x910 [ 2382.456869] ? kasan_check_read+0x11/0x20 [ 2382.463124] binder: undelivered TRANSACTION_ERROR: 29201 [ 2382.466017] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2382.466037] ? rcu_read_unlock_special+0x380/0x380 [ 2382.466063] ? __fget+0x499/0x710 [ 2382.466088] usbdev_ioctl+0x26/0x30 [ 2382.495769] ? usbdev_compat_ioctl+0x30/0x30 [ 2382.495786] do_vfs_ioctl+0x107b/0x17d0 [ 2382.495805] ? wait_for_completion+0x810/0x810 [ 2382.495825] ? ioctl_preallocate+0x2f0/0x2f0 [ 2382.495843] ? __fget_light+0x2db/0x420 [ 2382.495859] ? fget_raw+0x20/0x20 [ 2382.506500] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2382.506518] ? fput+0x128/0x1a0 [ 2382.506536] ? do_syscall_64+0x8c/0x800 [ 2382.506552] ? do_syscall_64+0x8c/0x800 [ 2382.506567] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2382.506587] ? security_file_ioctl+0x93/0xc0 [ 2382.544637] binder: 13626:13627 got transaction to invalid handle [ 2382.545379] ksys_ioctl+0xab/0xd0 [ 2382.545399] __x64_sys_ioctl+0x73/0xb0 [ 2382.545432] do_syscall_64+0x1a3/0x800 [ 2382.545452] ? syscall_return_slowpath+0x5f0/0x5f0 [ 2382.545471] ? prepare_exit_to_usermode+0x232/0x3b0 [ 2382.545491] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2382.554486] binder: 13626:13627 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2382.558815] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2382.558829] RIP: 0033:0x457ec9 [ 2382.558846] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2382.558854] RSP: 002b:00007f2c4945cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2382.558869] RAX: ffffffffffffffda RBX: 00007f2c4945cc90 RCX: 0000000000457ec9 [ 2382.558877] RDX: 0000000020000000 RSI: 00000000c0185500 RDI: 0000000000000003 [ 2382.558886] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2382.558897] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c4945d6d4 [ 2382.571438] binder_alloc: binder_alloc_mmap_handler: 13626 20001000-20004000 already mapped failed -16 04:17:26 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000027d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:26 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2382.574979] R13: 00000000004c03e8 R14: 00000000004d1c60 R15: 0000000000000004 [ 2382.654842] binder: BINDER_SET_CONTEXT_MGR already set [ 2382.695828] binder: 13626:13627 ioctl 40046207 0 returned -16 [ 2382.720005] binder: 13626:13630 got transaction to invalid handle [ 2382.738016] FAULT_INJECTION: forcing a failure. [ 2382.738016] name failslab, interval 1, probability 0, space 0, times 0 [ 2382.784560] binder: 13626:13630 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2382.819740] binder: undelivered TRANSACTION_ERROR: 29201 04:17:26 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000a5060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2382.880223] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2382.896164] CPU: 1 PID: 13631 Comm: syz-executor5 Not tainted 4.20.0+ #13 [ 2382.903101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2382.912451] Call Trace: [ 2382.912476] dump_stack+0x1db/0x2d0 [ 2382.912496] ? dump_stack_print_info.cold+0x20/0x20 [ 2382.912516] ? add_lock_to_list.isra.0+0x450/0x450 [ 2382.912542] should_fail.cold+0xa/0x15 [ 2382.912562] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2382.912588] ? ___might_sleep+0x1e7/0x310 [ 2382.912604] ? arch_local_save_flags+0x50/0x50 [ 2382.942279] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2382.946414] ? lock_downgrade+0x910/0x910 [ 2382.946440] ? rcu_read_lock_sched_held+0x110/0x130 [ 2382.946464] __should_failslab+0x121/0x190 [ 2382.946484] should_failslab+0x9/0x14 [ 2382.946502] kmem_cache_alloc_trace+0x2d1/0x760 [ 2382.946521] ? kasan_check_write+0x14/0x20 [ 2382.979859] ? __mutex_unlock_slowpath+0x195/0x870 [ 2382.984803] usb_control_msg+0xce/0x570 [ 2382.988795] ? usb_start_wait_urb+0x370/0x370 [ 2382.993315] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2382.998869] proc_control+0x5ec/0xf50 [ 2383.002701] ? proc_bulk+0xa50/0xa50 [ 2383.006448] usbdev_do_ioctl+0x1f9f/0x38c0 [ 2383.010716] ? processcompl_compat+0x680/0x680 [ 2383.013054] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2383.015319] ? __check_object_size+0xa3/0x77a [ 2383.015335] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2383.015349] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2383.015368] ? check_preemption_disabled+0x48/0x290 [ 2383.015391] ? get_pid_task+0xd4/0x190 [ 2383.015408] ? add_lock_to_list.isra.0+0x450/0x450 [ 2383.015431] ? get_pid_task+0xd4/0x190 [ 2383.015450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2383.015471] ? __fget+0x472/0x710 [ 2383.015486] ? find_held_lock+0x35/0x120 [ 2383.060345] binder: undelivered TRANSACTION_ERROR: 29201 [ 2383.062706] ? __fget+0x472/0x710 [ 2383.062728] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2383.062751] ? lock_downgrade+0x910/0x910 [ 2383.062768] ? kasan_check_read+0x11/0x20 [ 2383.062787] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2383.062805] ? rcu_read_unlock_special+0x380/0x380 [ 2383.062828] ? __fget+0x499/0x710 [ 2383.106654] usbdev_ioctl+0x26/0x30 [ 2383.110299] ? usbdev_compat_ioctl+0x30/0x30 [ 2383.114715] do_vfs_ioctl+0x107b/0x17d0 [ 2383.118709] ? wait_for_completion+0x810/0x810 [ 2383.118729] ? ioctl_preallocate+0x2f0/0x2f0 [ 2383.118746] ? __fget_light+0x2db/0x420 [ 2383.118762] ? fget_raw+0x20/0x20 [ 2383.118780] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2383.118796] ? fput+0x128/0x1a0 [ 2383.118815] ? do_syscall_64+0x8c/0x800 [ 2383.147971] ? do_syscall_64+0x8c/0x800 [ 2383.151975] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2383.156574] ? security_file_ioctl+0x93/0xc0 [ 2383.161016] ksys_ioctl+0xab/0xd0 [ 2383.164524] __x64_sys_ioctl+0x73/0xb0 [ 2383.168453] do_syscall_64+0x1a3/0x800 [ 2383.172359] ? syscall_return_slowpath+0x5f0/0x5f0 [ 2383.177318] ? prepare_exit_to_usermode+0x232/0x3b0 [ 2383.182350] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2383.187209] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2383.192443] RIP: 0033:0x457ec9 [ 2383.195648] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2383.214565] RSP: 002b:00007f2c4945cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2383.222273] RAX: ffffffffffffffda RBX: 00007f2c4945cc90 RCX: 0000000000457ec9 04:17:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000f00000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2383.229551] RDX: 0000000020000000 RSI: 00000000c0185500 RDI: 0000000000000003 [ 2383.233389] binder: 13643:13644 got transaction to invalid handle [ 2383.236824] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2383.236834] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c4945d6d4 [ 2383.236844] R13: 00000000004c03e8 R14: 00000000004d1c60 R15: 0000000000000004 [ 2383.265964] binder: 13643:13644 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2383.318329] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2383.337938] binder_alloc: binder_alloc_mmap_handler: 13643 20001000-20004000 already mapped failed -16 [ 2383.363221] binder: BINDER_SET_CONTEXT_MGR already set [ 2383.372329] binder: 13643:13647 got transaction to invalid handle [ 2383.374840] binder: 13643:13644 ioctl 40046207 0 returned -16 [ 2383.384432] binder: 13643:13647 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2383.393987] binder: undelivered TRANSACTION_ERROR: 29201 [ 2383.400080] binder: undelivered TRANSACTION_ERROR: 29201 04:17:28 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x4000, 0x0) 04:17:28 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:28 executing program 5 (fault-call:1 fault-nth:2): r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323}) 04:17:28 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000a6060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000037d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040001200000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2385.436209] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2385.456998] FAULT_INJECTION: forcing a failure. [ 2385.456998] name failslab, interval 1, probability 0, space 0, times 0 [ 2385.471354] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2385.474854] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2385.485378] CPU: 1 PID: 13660 Comm: syz-executor5 Not tainted 4.20.0+ #13 [ 2385.492948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2385.502297] Call Trace: [ 2385.504898] dump_stack+0x1db/0x2d0 [ 2385.508543] ? dump_stack_print_info.cold+0x20/0x20 [ 2385.513563] ? ksys_ioctl+0xab/0xd0 [ 2385.517206] ? __x64_sys_ioctl+0x73/0xb0 [ 2385.521269] ? do_syscall_64+0x1a3/0x800 [ 2385.525347] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2385.530732] should_fail.cold+0xa/0x15 [ 2385.534624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2385.540164] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2385.545295] ? ___might_sleep+0x1e7/0x310 [ 2385.549447] ? arch_local_save_flags+0x50/0x50 [ 2385.554035] ? usb_control_msg+0xce/0x570 [ 2385.558187] ? rcu_lockdep_current_cpu_online+0x1aa/0x220 [ 2385.563729] __should_failslab+0x121/0x190 [ 2385.567971] should_failslab+0x9/0x14 [ 2385.571810] __kmalloc+0x2dc/0x740 [ 2385.575366] ? rcu_read_lock_sched_held+0x110/0x130 [ 2385.580385] ? kmem_cache_alloc_trace+0x354/0x760 [ 2385.585248] ? kasan_check_write+0x14/0x20 [ 2385.589496] ? usb_alloc_urb+0x24/0x50 [ 2385.593383] usb_alloc_urb+0x24/0x50 [ 2385.597097] usb_control_msg+0x1f3/0x570 [ 2385.601160] ? usb_start_wait_urb+0x370/0x370 [ 2385.605660] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2385.611203] proc_control+0x5ec/0xf50 [ 2385.615013] ? proc_bulk+0xa50/0xa50 [ 2385.618739] usbdev_do_ioctl+0x1f9f/0x38c0 [ 2385.622979] ? processcompl_compat+0x680/0x680 [ 2385.627573] ? __check_object_size+0xa3/0x77a [ 2385.632083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2385.637622] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2385.643162] ? check_preemption_disabled+0x48/0x290 [ 2385.648188] ? get_pid_task+0xd4/0x190 [ 2385.652081] ? add_lock_to_list.isra.0+0x450/0x450 [ 2385.657013] ? get_pid_task+0xd4/0x190 [ 2385.660902] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2385.666460] ? __fget+0x472/0x710 [ 2385.669925] ? find_held_lock+0x35/0x120 [ 2385.674031] ? __fget+0x472/0x710 [ 2385.677494] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2385.683038] ? lock_downgrade+0x910/0x910 [ 2385.687188] ? kasan_check_read+0x11/0x20 [ 2385.691362] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2385.696637] ? rcu_read_unlock_special+0x380/0x380 [ 2385.701573] ? __fget+0x499/0x710 [ 2385.705036] usbdev_ioctl+0x26/0x30 [ 2385.708665] ? usbdev_compat_ioctl+0x30/0x30 [ 2385.713090] do_vfs_ioctl+0x107b/0x17d0 [ 2385.717069] ? wait_for_completion+0x810/0x810 [ 2385.721655] ? ioctl_preallocate+0x2f0/0x2f0 [ 2385.726071] ? __fget_light+0x2db/0x420 [ 2385.730048] ? fget_raw+0x20/0x20 [ 2385.733504] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2385.739077] ? fput+0x128/0x1a0 [ 2385.742360] ? do_syscall_64+0x8c/0x800 [ 2385.746335] ? do_syscall_64+0x8c/0x800 [ 2385.750309] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2385.754924] ? security_file_ioctl+0x93/0xc0 [ 2385.759352] ksys_ioctl+0xab/0xd0 [ 2385.762812] __x64_sys_ioctl+0x73/0xb0 [ 2385.766708] do_syscall_64+0x1a3/0x800 [ 2385.770600] ? syscall_return_slowpath+0x5f0/0x5f0 [ 2385.775533] ? prepare_exit_to_usermode+0x232/0x3b0 [ 2385.780552] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2385.785401] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2385.790590] RIP: 0033:0x457ec9 [ 2385.793791] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2385.812687] RSP: 002b:00007f2c4945cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2385.820389] RAX: ffffffffffffffda RBX: 00007f2c4945cc90 RCX: 0000000000457ec9 [ 2385.827693] RDX: 0000000020000000 RSI: 00000000c0185500 RDI: 0000000000000003 [ 2385.834976] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2385.842239] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c4945d6d4 [ 2385.849505] R13: 00000000004c03e8 R14: 00000000004d1c60 R15: 0000000000000004 [ 2385.861057] binder: 13656:13664 got transaction to invalid handle 04:17:29 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000a7060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2385.884286] binder: 13656:13664 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2385.903778] binder: 13656:13671 got transaction to invalid handle 04:17:29 executing program 5 (fault-call:1 fault-nth:3): r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323}) 04:17:29 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:29 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000047d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2385.940799] binder: 13656:13671 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2385.952340] binder: undelivered TRANSACTION_ERROR: 29201 [ 2385.961756] binder: undelivered TRANSACTION_ERROR: 29201 04:17:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040002000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2386.016491] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:29 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000a8060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2386.113023] FAULT_INJECTION: forcing a failure. [ 2386.113023] name failslab, interval 1, probability 0, space 0, times 0 [ 2386.130550] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2386.135416] binder: 13680:13684 got transaction to invalid handle [ 2386.140499] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2386.152347] CPU: 0 PID: 13681 Comm: syz-executor5 Not tainted 4.20.0+ #13 [ 2386.159308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2386.161251] binder: 13680:13684 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2386.168663] Call Trace: [ 2386.168693] dump_stack+0x1db/0x2d0 [ 2386.168716] ? dump_stack_print_info.cold+0x20/0x20 [ 2386.168740] ? usb_hcd_link_urb_to_ep+0x3c7/0x540 [ 2386.168761] ? find_held_lock+0x35/0x120 [ 2386.168786] should_fail.cold+0xa/0x15 [ 2386.168814] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2386.193693] ? ___might_sleep+0x1e7/0x310 [ 2386.193713] ? arch_local_save_flags+0x50/0x50 [ 2386.193735] ? _raw_spin_unlock_irq+0x28/0x90 [ 2386.193756] __should_failslab+0x121/0x190 [ 2386.210930] should_failslab+0x9/0x14 [ 2386.210949] __kmalloc+0x2dc/0x740 [ 2386.210971] ? usb_hcd_submit_urb+0x6b5/0x20a0 [ 2386.210989] usb_hcd_submit_urb+0x6b5/0x20a0 [ 2386.240580] ? usbdev_ioctl+0x26/0x30 [ 2386.244385] ? do_vfs_ioctl+0x107b/0x17d0 [ 2386.248556] ? __x64_sys_ioctl+0x43/0xb0 [ 2386.252621] ? do_syscall_64+0x133/0x800 [ 2386.256690] ? usb_create_hcd+0x40/0x40 [ 2386.260667] ? add_lock_to_list.isra.0+0x450/0x450 [ 2386.265603] ? add_lock_to_list.isra.0+0x450/0x450 [ 2386.265673] binder: BINDER_SET_CONTEXT_MGR already set [ 2386.270538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2386.270556] ? lockdep_init_map+0x10c/0x5b0 [ 2386.270573] ? lockdep_init_map+0x10c/0x5b0 [ 2386.270597] usb_submit_urb+0x6f0/0x1400 [ 2386.270620] usb_start_wait_urb+0x154/0x370 [ 2386.286550] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2386.290086] ? sg_clean+0x240/0x240 [ 2386.290100] ? usb_init_urb+0x167/0x1e0 [ 2386.290126] ? kmem_cache_alloc_trace+0x354/0x760 [ 2386.290143] ? kasan_check_write+0x14/0x20 [ 2386.294508] binder_alloc: binder_alloc_mmap_handler: 13680 20001000-20004000 already mapped failed -16 [ 2386.298518] ? usb_alloc_urb+0x24/0x50 [ 2386.298539] usb_control_msg+0x353/0x570 [ 2386.298559] ? usb_start_wait_urb+0x370/0x370 [ 2386.298590] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2386.298615] proc_control+0x5ec/0xf50 [ 2386.298638] ? proc_bulk+0xa50/0xa50 [ 2386.298667] usbdev_do_ioctl+0x1f9f/0x38c0 [ 2386.298688] ? processcompl_compat+0x680/0x680 [ 2386.298703] ? __check_object_size+0xa3/0x77a [ 2386.298717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2386.298748] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2386.315525] binder: undelivered TRANSACTION_ERROR: 29201 [ 2386.319688] ? check_preemption_disabled+0x48/0x290 [ 2386.319711] ? get_pid_task+0xd4/0x190 [ 2386.319731] ? add_lock_to_list.isra.0+0x450/0x450 [ 2386.319746] ? get_pid_task+0xd4/0x190 [ 2386.319778] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2386.324202] binder: 13680:13684 ioctl 40046207 0 returned -16 [ 2386.333469] ? __fget+0x472/0x710 [ 2386.333484] ? find_held_lock+0x35/0x120 [ 2386.333499] ? __fget+0x472/0x710 [ 2386.333517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2386.333538] ? lock_downgrade+0x910/0x910 [ 2386.333554] ? kasan_check_read+0x11/0x20 [ 2386.333571] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 2386.333588] ? rcu_read_unlock_special+0x380/0x380 [ 2386.333613] ? __fget+0x499/0x710 [ 2386.333639] usbdev_ioctl+0x26/0x30 [ 2386.333653] ? usbdev_compat_ioctl+0x30/0x30 [ 2386.412058] do_vfs_ioctl+0x107b/0x17d0 [ 2386.428891] ? wait_for_completion+0x810/0x810 [ 2386.472903] ? ioctl_preallocate+0x2f0/0x2f0 [ 2386.477328] ? __fget_light+0x2db/0x420 [ 2386.481296] ? fget_raw+0x20/0x20 [ 2386.484740] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2386.490266] ? fput+0x128/0x1a0 [ 2386.493546] ? do_syscall_64+0x8c/0x800 [ 2386.497543] ? do_syscall_64+0x8c/0x800 [ 2386.501520] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2386.506122] ? security_file_ioctl+0x93/0xc0 [ 2386.510568] ksys_ioctl+0xab/0xd0 [ 2386.514038] __x64_sys_ioctl+0x73/0xb0 [ 2386.517951] do_syscall_64+0x1a3/0x800 [ 2386.521853] ? syscall_return_slowpath+0x5f0/0x5f0 [ 2386.526782] ? prepare_exit_to_usermode+0x232/0x3b0 [ 2386.531799] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 2386.536652] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2386.541850] RIP: 0033:0x457ec9 [ 2386.545044] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2386.563951] RSP: 002b:00007f2c4945cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2386.571648] RAX: ffffffffffffffda RBX: 00007f2c4945cc90 RCX: 0000000000457ec9 [ 2386.578936] RDX: 0000000020000000 RSI: 00000000c0185500 RDI: 0000000000000003 [ 2386.586208] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2386.593484] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2c4945d6d4 [ 2386.600738] R13: 00000000004c03e8 R14: 00000000004d1c60 R15: 0000000000000004 [ 2386.679894] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:17:31 executing program 5 (fault-call:1 fault-nth:4): r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323}) 04:17:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040004800000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:31 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x60ff, 0x0) 04:17:31 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000a9060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:31 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:31 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000057d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2388.506682] binder: 13695:13699 got transaction to invalid handle [ 2388.517001] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2388.523240] vhci_hcd: invalid port number 0 [ 2388.530896] binder: 13695:13699 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:31 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323}) [ 2388.550938] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2388.568345] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2388.584845] binder_alloc: binder_alloc_mmap_handler: 13695 20001000-20004000 already mapped failed -16 [ 2388.597381] binder: BINDER_SET_CONTEXT_MGR already set 04:17:31 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2388.603089] binder: 13695:13711 ioctl 40046207 0 returned -16 [ 2388.623321] binder: 13695:13712 got transaction to invalid handle [ 2388.630154] binder: 13695:13712 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2388.643882] binder: undelivered TRANSACTION_ERROR: 29201 04:17:31 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000067d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:31 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000aa060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2388.676562] binder: undelivered TRANSACTION_ERROR: 29201 [ 2388.685793] vhci_hcd: invalid port number 0 04:17:31 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x2, &(0x7f0000000000)={0x100323}) 04:17:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040004c00000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2388.823057] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2388.849387] binder: 13725:13728 got transaction to invalid handle [ 2388.861509] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:32 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x5421, &(0x7f0000000000)={0x100323}) [ 2388.869505] binder: 13725:13728 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2388.881014] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2388.882539] binder_alloc: binder_alloc_mmap_handler: 13725 20001000-20004000 already mapped failed -16 04:17:32 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2388.918886] binder: BINDER_SET_CONTEXT_MGR already set [ 2388.924277] binder: 13725:13728 ioctl 40046207 0 returned -16 [ 2388.964193] binder: 13725:13732 got transaction to invalid handle [ 2389.018240] binder: undelivered TRANSACTION_ERROR: 29201 [ 2389.024521] binder: 13725:13732 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2389.038015] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2389.065371] binder: undelivered TRANSACTION_ERROR: 29201 04:17:34 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x7400, 0x0) 04:17:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000077d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:34 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000ab060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:34 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x5450, &(0x7f0000000000)={0x100323}) 04:17:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040006000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:34 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2391.588850] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2391.591770] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2391.616524] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2391.632654] binder: 13752:13754 got transaction to invalid handle 04:17:34 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x5451, &(0x7f0000000000)={0x100323}) [ 2391.639686] binder: 13752:13754 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2391.650934] binder_alloc: binder_alloc_mmap_handler: 13752 20001000-20004000 already mapped failed -16 [ 2391.663496] binder: BINDER_SET_CONTEXT_MGR already set [ 2391.678752] binder: 13752:13754 ioctl 40046207 0 returned -16 04:17:34 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2391.706560] binder: 13752:13760 got transaction to invalid handle 04:17:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000087d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:34 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000ac060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2391.749426] binder: 13752:13760 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2391.759069] binder: undelivered TRANSACTION_ERROR: 29201 04:17:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040006800000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:35 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x5452, &(0x7f0000000000)={0x100323}) [ 2391.815503] binder: undelivered TRANSACTION_ERROR: 29201 [ 2391.822632] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2391.854995] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2391.887998] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2391.903763] binder: 13776:13777 got transaction to invalid handle [ 2391.929938] binder: 13776:13777 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2391.944389] binder_alloc: binder_alloc_mmap_handler: 13776 20001000-20004000 already mapped failed -16 [ 2391.962209] binder: BINDER_SET_CONTEXT_MGR already set [ 2391.967973] binder: 13776:13777 ioctl 40046207 0 returned -16 [ 2391.984936] binder: 13776:13780 got transaction to invalid handle [ 2392.002539] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2392.007063] binder: 13776:13780 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2392.043166] binder: undelivered TRANSACTION_ERROR: 29201 [ 2392.065423] binder: undelivered TRANSACTION_ERROR: 29201 04:17:37 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x9400, 0x0) 04:17:37 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x5460, &(0x7f0000000000)={0x100323}) 04:17:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600000a7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:37 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:37 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000ad060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040006c00000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2394.665304] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2394.679098] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2394.690197] binder: 13794:13797 got transaction to invalid handle [ 2394.698208] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:17:37 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x550b, &(0x7f0000000000)={0x100323}) 04:17:37 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000ae060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2394.717778] binder: 13794:13797 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2394.769261] binder_alloc: binder_alloc_mmap_handler: 13794 20001000-20004000 already mapped failed -16 04:17:38 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600000e7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:38 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x5514, &(0x7f0000000000)={0x100323}) [ 2394.835709] binder: BINDER_SET_CONTEXT_MGR already set 04:17:38 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2394.867099] binder: 13794:13797 ioctl 40046207 0 returned -16 [ 2394.874885] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2394.900274] binder: 13794:13815 got transaction to invalid handle [ 2394.924371] binder: 13794:13815 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2394.946249] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2394.949791] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:17:38 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x551f, &(0x7f0000000000)={0x100323}) [ 2394.969769] binder: undelivered TRANSACTION_ERROR: 29201 [ 2394.979852] binder: undelivered TRANSACTION_ERROR: 29201 04:17:40 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x207100, 0x0) 04:17:40 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000af060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040007400000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:40 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600000f7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:40 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x4004550c, &(0x7f0000000000)={0x100323}) 04:17:40 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000b0060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2397.757170] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2397.764639] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2397.767298] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2397.786072] binder: 13829:13837 got transaction to invalid handle [ 2397.794512] binder: 13829:13837 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2397.813659] binder_alloc: binder_alloc_mmap_handler: 13829 20001000-20004000 already mapped failed -16 [ 2397.841639] binder: BINDER_SET_CONTEXT_MGR already set [ 2397.850744] binder: 13829:13837 ioctl 40046207 0 returned -16 04:17:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000107d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2397.862631] binder: 13829:13842 got transaction to invalid handle [ 2397.870303] binder: 13829:13842 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:41 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x400000, 0x0) [ 2397.911668] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2397.920698] binder: undelivered TRANSACTION_ERROR: 29201 [ 2397.934072] binder: undelivered TRANSACTION_ERROR: 29201 04:17:41 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2397.958829] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:17:41 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000b1060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040007a00000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2398.057528] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2398.089985] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000487d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2398.112244] binder: 13865:13867 got transaction to invalid handle [ 2398.119557] binder: 13865:13867 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:41 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000b2060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2398.159272] binder_alloc: binder_alloc_mmap_handler: 13865 20001000-20004000 already mapped failed -16 [ 2398.191558] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2398.195928] binder: 13865:13869 got transaction to invalid handle 04:17:41 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2398.206838] binder: BINDER_SET_CONTEXT_MGR already set [ 2398.231381] binder: 13865:13867 ioctl 40046207 0 returned -16 [ 2398.258495] binder: undelivered TRANSACTION_ERROR: 29201 [ 2398.264494] binder: 13865:13869 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2398.271602] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:17:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600004c7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000010000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2398.280238] binder: undelivered TRANSACTION_ERROR: 29201 [ 2398.299108] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2398.425028] binder: 13882:13885 got transaction to invalid handle [ 2398.442436] binder: 13882:13885 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2398.458089] binder_alloc: binder_alloc_mmap_handler: 13882 20001000-20004000 already mapped failed -16 [ 2398.468167] binder: BINDER_SET_CONTEXT_MGR already set 04:17:41 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x4004550d, &(0x7f0000000000)={0x100323}) 04:17:41 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:41 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000b3060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2398.473610] binder: 13882:13885 ioctl 40046207 0 returned -16 [ 2398.480014] binder: 13882:13886 got transaction to invalid handle [ 2398.487101] binder: 13882:13886 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2398.496714] binder: undelivered TRANSACTION_ERROR: 29201 [ 2398.502299] binder: undelivered TRANSACTION_ERROR: 29201 [ 2398.571902] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2398.593794] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000020000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:44 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000607d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:44 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x50a000, 0x0) 04:17:44 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x4004551e, &(0x7f0000000000)={0x100323}) 04:17:44 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000b4060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:44 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2401.029153] binder: 13900:13901 got transaction to invalid handle [ 2401.033164] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2401.045782] validate_nla: 2 callbacks suppressed [ 2401.045790] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2401.060330] binder: 13900:13901 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2401.074902] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:17:44 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x40049409, &(0x7f0000000000)={0x100323}) [ 2401.104716] binder_alloc: binder_alloc_mmap_handler: 13900 20001000-20004000 already mapped failed -16 [ 2401.121956] binder: 13900:13914 got transaction to invalid handle [ 2401.128647] binder: BINDER_SET_CONTEXT_MGR already set [ 2401.134541] binder: 13900:13901 ioctl 40046207 0 returned -16 04:17:44 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000b5060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2401.154067] binder: 13900:13914 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:44 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000687d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2401.200347] binder: undelivered TRANSACTION_ERROR: 29201 [ 2401.209385] binder: undelivered TRANSACTION_ERROR: 29201 04:17:44 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000030000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:44 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x4008550c, &(0x7f0000000000)={0x100323}) [ 2401.279647] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2401.307132] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:17:44 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600006c7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:44 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000b6060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2401.383135] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2401.394939] binder: 13931:13934 got transaction to invalid handle [ 2401.406650] binder: 13931:13934 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2401.423840] binder_alloc: binder_alloc_mmap_handler: 13931 20001000-20004000 already mapped failed -16 [ 2401.479041] binder: BINDER_SET_CONTEXT_MGR already set [ 2401.491019] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2401.495550] binder: 13931:13934 ioctl 40046207 0 returned -16 [ 2401.507030] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2401.515962] binder: 13931:13943 got transaction to invalid handle [ 2401.522281] binder: 13931:13943 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2401.532773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2401.544529] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2401.546467] binder: undelivered TRANSACTION_ERROR: 29201 04:17:47 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x709000, 0x0) 04:17:47 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000040000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:47 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000b7060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000747d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:47 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x4008550d, &(0x7f0000000000)={0x100323}) [ 2404.124008] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2404.141772] binder: 13954:13956 got transaction to invalid handle [ 2404.149093] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2404.158854] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:17:47 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x40085511, &(0x7f0000000000)={0x100323}) [ 2404.172635] binder: 13954:13956 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2404.183874] binder_alloc: binder_alloc_mmap_handler: 13954 20001000-20004000 already mapped failed -16 [ 2404.194197] binder: BINDER_SET_CONTEXT_MGR already set [ 2404.199750] binder: 13954:13956 ioctl 40046207 0 returned -16 [ 2404.206146] binder: 13954:13962 got transaction to invalid handle [ 2404.212723] binder: 13954:13962 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:47 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000b8060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c0001000600007a7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2404.248791] binder: undelivered TRANSACTION_ERROR: 29201 [ 2404.255994] binder: undelivered TRANSACTION_ERROR: 29201 04:17:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000050000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:47 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:47 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x712000, 0x0) 04:17:47 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x4020940d, &(0x7f0000000000)={0x100323}) [ 2404.378412] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2404.393491] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2404.455063] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2404.458161] binder: 13978:13986 got transaction to invalid handle [ 2404.475775] binder: 13978:13986 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:47 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x740000, 0x0) 04:17:47 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x41045508, &(0x7f0000000000)={0x100323}) [ 2404.505084] binder_alloc: binder_alloc_mmap_handler: 13978 20001000-20004000 already mapped failed -16 04:17:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0506010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2404.563437] binder: BINDER_SET_CONTEXT_MGR already set [ 2404.581984] binder: 13978:13991 got transaction to invalid handle 04:17:47 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045503, &(0x7f0000000000)={0x100323}) 04:17:47 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2404.638356] binder: 13978:13986 ioctl 40046207 0 returned -16 [ 2404.644431] binder: undelivered TRANSACTION_ERROR: 29201 [ 2404.675627] binder: 13978:13991 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:47 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000b9060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:47 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000000)={0x100323}) [ 2404.725427] binder: undelivered TRANSACTION_ERROR: 29201 [ 2404.732818] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:17:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000060000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2404.810824] usb usb5: usbfs: interface 0 claimed by hub while 'syz-executor5' sets config #1049379 [ 2404.832524] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2404.833409] binder: 14017:14018 got transaction to invalid handle 04:17:48 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0606010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:48 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000ba060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:48 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x8004550f, &(0x7f0000000000)={0x100323}) [ 2404.878319] binder: 14017:14018 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2404.908537] binder_alloc: binder_alloc_mmap_handler: 14017 20001000-20004000 already mapped failed -16 [ 2404.965269] binder: BINDER_SET_CONTEXT_MGR already set [ 2404.980810] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:48 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2405.007270] binder: 14017:14021 got transaction to invalid handle [ 2405.013763] binder: 14017:14021 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2405.014129] binder: 14017:14018 ioctl 40046207 0 returned -16 [ 2405.076854] binder: undelivered TRANSACTION_ERROR: 29201 [ 2405.083157] binder: undelivered TRANSACTION_ERROR: 29201 04:17:50 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x907000, 0x0) 04:17:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0806010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:50 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045510, &(0x7f0000000000)={0x100323}) 04:17:50 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000bb060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000070000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:50 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2407.679615] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2407.690186] binder: 14038:14039 got transaction to invalid handle [ 2407.698611] validate_nla: 4 callbacks suppressed [ 2407.698621] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2407.713477] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2407.721029] binder: 14038:14039 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:50 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000bc060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:50 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045515, &(0x7f0000000000)={0x100323}) [ 2407.749434] binder_alloc: binder_alloc_mmap_handler: 14038 20001000-20004000 already mapped failed -16 [ 2407.777879] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2407.779060] binder: 14038:14054 got transaction to invalid handle [ 2407.809643] binder: BINDER_SET_CONTEXT_MGR already set [ 2407.826765] binder: undelivered TRANSACTION_ERROR: 29201 [ 2407.832560] binder: 14038:14039 ioctl 40046207 0 returned -16 [ 2407.839725] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2407.851472] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:51 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045518, &(0x7f0000000000)={0x100323}) 04:17:51 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0906010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2407.864707] binder: 14038:14054 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2407.879457] binder: undelivered TRANSACTION_ERROR: 29201 04:17:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340400000000a0000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:51 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2407.997934] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2408.014878] binder: 14071:14072 got transaction to invalid handle [ 2408.040651] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2408.050752] binder: 14071:14072 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2408.068525] binder_alloc: binder_alloc_mmap_handler: 14071 20001000-20004000 already mapped failed -16 [ 2408.096071] binder: 14071:14075 got transaction to invalid handle [ 2408.102593] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2408.102928] binder: BINDER_SET_CONTEXT_MGR already set [ 2408.116353] binder: 14071:14075 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2408.125468] binder: 14071:14072 ioctl 40046207 0 returned -16 [ 2408.131984] binder: undelivered TRANSACTION_ERROR: 29201 [ 2408.143485] binder: undelivered TRANSACTION_ERROR: 29201 04:17:53 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x940000, 0x0) 04:17:53 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000bd060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:53 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045519, &(0x7f0000000000)={0x100323}) 04:17:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000120000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:53 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0b06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2410.736322] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2410.739058] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2410.762538] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2410.772096] binder: 14082:14091 got transaction to invalid handle 04:17:53 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x8004551a, &(0x7f0000000000)={0x100323}) 04:17:54 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2410.785022] binder: 14082:14091 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2410.804347] binder_alloc: binder_alloc_mmap_handler: 14082 20001000-20004000 already mapped failed -16 04:17:54 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000be060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0c06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2410.880983] binder: BINDER_SET_CONTEXT_MGR already set 04:17:54 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x80085504, &(0x7f0000000000)={0x100323}) [ 2410.906833] binder: 14082:14091 ioctl 40046207 0 returned -16 [ 2410.921728] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2410.942162] binder: 14082:14094 got transaction to invalid handle [ 2410.972333] binder: undelivered TRANSACTION_ERROR: 29201 [ 2410.982875] binder: 14082:14094 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:17:54 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x8008550e, &(0x7f0000000000)={0x100323}) [ 2411.016790] binder: undelivered TRANSACTION_ERROR: 29201 [ 2411.042006] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:17:56 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xa05000, 0x0) 04:17:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000200000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:17:56 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d1006010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:56 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x8008551c, &(0x7f0000000000)={0x100323}) 04:17:56 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000bf060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2413.801711] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2413.835216] validate_nla: 2 callbacks suppressed [ 2413.835226] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:17:57 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x8008551d, &(0x7f0000000000)={0x100323}) 04:17:57 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000c0060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2413.836210] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2413.861191] binder: 14126:14129 got transaction to invalid handle [ 2413.875379] binder: 14126:14129 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2413.912940] binder_alloc: binder_alloc_mmap_handler: 14126 20001000-20004000 already mapped failed -16 04:17:57 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:17:57 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x8010550e, &(0x7f0000000000)={0x100323}) [ 2413.970230] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2413.971929] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2413.988653] binder: BINDER_SET_CONTEXT_MGR already set [ 2413.988663] binder: 14126:14140 got transaction to invalid handle [ 2413.988686] binder: 14126:14140 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2413.994712] binder: 14126:14129 ioctl 40046207 0 returned -16 04:17:57 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d1106010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:17:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000480000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2414.046252] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2414.055569] binder: undelivered TRANSACTION_ERROR: 29201 [ 2414.074415] binder: undelivered TRANSACTION_ERROR: 29201 [ 2414.162444] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2414.250568] binder: 14156:14160 got transaction to invalid handle [ 2414.260846] binder: 14156:14160 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2414.279422] binder_alloc: binder_alloc_mmap_handler: 14156 20001000-20004000 already mapped failed -16 [ 2414.304363] binder: BINDER_SET_CONTEXT_MGR already set [ 2414.321776] binder: 14156:14161 got transaction to invalid handle [ 2414.334677] binder: 14156:14160 ioctl 40046207 0 returned -16 [ 2414.340367] binder: 14156:14161 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2414.344628] binder: undelivered TRANSACTION_ERROR: 29201 [ 2414.355589] binder: undelivered TRANSACTION_ERROR: 29201 04:18:00 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:00 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x802c550a, &(0x7f0000000000)={0x100323}) 04:18:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340400000004c0000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:00 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000c1060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:00 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x1000000, 0x0) 04:18:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d1206010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2416.889650] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2416.901189] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2416.908266] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2416.918614] binder: 14166:14175 got transaction to invalid handle [ 2416.925017] binder: 14166:14175 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:18:00 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x8038550a, &(0x7f0000000000)={0x100323}) [ 2416.937069] binder_alloc: binder_alloc_mmap_handler: 14166 20001000-20004000 already mapped failed -16 [ 2416.947560] binder: BINDER_SET_CONTEXT_MGR already set [ 2416.953071] binder: 14166:14175 ioctl 40046207 0 returned -16 [ 2416.976049] binder: 14166:14178 got transaction to invalid handle 04:18:00 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xfeffffff, 0x0) 04:18:00 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2417.014158] binder: undelivered TRANSACTION_ERROR: 29201 [ 2417.020741] binder: 14166:14178 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:18:00 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0x8108551b, &(0x7f0000000000)={0x100323}) 04:18:00 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000c2060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d1306010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2417.075403] binder: undelivered TRANSACTION_ERROR: 29201 04:18:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000600000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2417.141786] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:18:00 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0045878, &(0x7f0000000000)={0x100323}) [ 2417.203001] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:18:00 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:00 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000c3060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2417.266144] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:18:00 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0045878, &(0x7f0000000000)={0x100323}) [ 2417.334469] binder: 14203:14208 got transaction to invalid handle 04:18:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d2506010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2417.380608] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2417.384183] binder: 14203:14208 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2417.418091] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2417.431659] binder_alloc: binder_alloc_mmap_handler: 14203 20001000-20004000 already mapped failed -16 04:18:00 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2417.477944] binder: BINDER_SET_CONTEXT_MGR already set [ 2417.478013] binder: 14203:14217 got transaction to invalid handle [ 2417.508953] binder: 14203:14208 ioctl 40046207 0 returned -16 [ 2417.529843] binder: 14203:14217 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2417.543388] binder: undelivered TRANSACTION_ERROR: 29201 [ 2417.551390] binder: undelivered TRANSACTION_ERROR: 29201 04:18:03 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xff600000, 0x0) 04:18:03 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc00c5512, &(0x7f0000000000)={0x100323}) 04:18:03 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000c4060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:03 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d5106010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000680000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:03 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2420.169717] validate_nla: 2 callbacks suppressed [ 2420.169727] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2420.197727] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2420.207398] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:18:03 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0105500, &(0x7f0000000000)={0x100323}) [ 2420.230914] binder: 14237:14241 got transaction to invalid handle [ 2420.245836] binder: 14237:14241 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2420.258935] binder_alloc: binder_alloc_mmap_handler: 14237 20001000-20004000 already mapped failed -16 04:18:03 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:03 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0105502, &(0x7f0000000000)={0x100323}) [ 2420.289052] binder: BINDER_SET_CONTEXT_MGR already set [ 2420.300212] binder: 14237:14241 ioctl 40046207 0 returned -16 [ 2420.315507] binder: 14237:14247 got transaction to invalid handle [ 2420.323362] binder: 14237:14247 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:18:03 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000c5060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:03 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a05010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2420.359554] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2420.374293] binder: undelivered TRANSACTION_ERROR: 29201 [ 2420.381134] binder: undelivered TRANSACTION_ERROR: 29201 04:18:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340400000006c0000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2420.447655] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2420.523670] binder: 14262:14265 got transaction to invalid handle [ 2420.553953] binder: 14262:14265 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2420.560126] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2420.599156] binder_alloc: binder_alloc_mmap_handler: 14262 20001000-20004000 already mapped failed -16 [ 2420.618068] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2420.621396] binder: BINDER_SET_CONTEXT_MGR already set [ 2420.625649] binder: 14262:14268 got transaction to invalid handle [ 2420.638078] binder: 14262:14268 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2420.648783] binder: undelivered TRANSACTION_ERROR: 29201 [ 2420.654457] binder: undelivered TRANSACTION_ERROR: 29201 [ 2420.659635] binder: 14262:14265 ioctl 40046207 0 returned -16 04:18:06 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xfffffffe, 0x0) 04:18:06 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0105512, &(0x7f0000000000)={0x100323}) 04:18:06 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:06 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000c6060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:06 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a09010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000740000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2423.256717] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2423.279803] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2423.294275] binder: 14280:14283 got transaction to invalid handle 04:18:06 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185502, &(0x7f0000000000)={0x100323}) [ 2423.301388] binder: 14280:14283 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2423.303863] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2423.324523] binder_alloc: binder_alloc_mmap_handler: 14280 20001000-20004000 already mapped failed -16 [ 2423.342004] binder: BINDER_SET_CONTEXT_MGR already set [ 2423.348582] binder: 14280:14283 ioctl 40046207 0 returned -16 04:18:06 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2423.362573] binder: 14280:14288 got transaction to invalid handle [ 2423.370605] binder: 14280:14288 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2423.386056] binder: undelivered TRANSACTION_ERROR: 29201 [ 2423.395420] binder: undelivered TRANSACTION_ERROR: 29201 04:18:06 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000c7060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:06 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a0b010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340400000007a0000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:06 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185503, &(0x7f0000000000)={0x100323}) [ 2423.528610] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2423.548959] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2423.570416] binder: 14301:14303 got transaction to invalid handle [ 2423.589517] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2423.598266] binder: 14301:14303 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2423.608272] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2423.625506] binder_alloc: binder_alloc_mmap_handler: 14301 20001000-20004000 already mapped failed -16 [ 2423.635338] binder: BINDER_SET_CONTEXT_MGR already set [ 2423.635956] binder: 14301:14307 got transaction to invalid handle [ 2423.645568] binder: 14301:14303 ioctl 40046207 0 returned -16 [ 2423.653335] binder: 14301:14307 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2423.663056] binder: undelivered TRANSACTION_ERROR: 29201 [ 2423.686987] binder: undelivered TRANSACTION_ERROR: 29201 04:18:09 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x400000000000, 0x0) 04:18:09 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185504, &(0x7f0000000000)={0x100323}) 04:18:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040fffffdfd0000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a51010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:09 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:09 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000c8060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2426.283037] binder: 14316:14317 got transaction to invalid handle [ 2426.294839] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2426.303945] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2426.312870] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:18:09 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185505, &(0x7f0000000000)={0x100323}) [ 2426.320564] binder: 14316:14317 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2426.346930] binder_alloc: binder_alloc_mmap_handler: 14316 20001000-20004000 already mapped failed -16 04:18:09 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:09 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x60ffffffffff, 0x0) 04:18:09 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185506, &(0x7f0000000000)={0x100323}) [ 2426.404178] binder: BINDER_SET_CONTEXT_MGR already set [ 2426.405009] binder: 14316:14330 got transaction to invalid handle [ 2426.432206] binder: 14316:14317 ioctl 40046207 0 returned -16 04:18:09 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000c9060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06020c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2426.504266] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2426.524277] binder: undelivered TRANSACTION_ERROR: 29201 [ 2426.537732] binder: 14316:14330 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:18:09 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185507, &(0x7f0000000000)={0x100323}) [ 2426.560171] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2426.575798] binder: undelivered TRANSACTION_ERROR: 29201 04:18:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040fdfdffff0000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2426.600748] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:18:09 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:09 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000ca060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:09 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185508, &(0x7f0000000000)={0x100323}) 04:18:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06050c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2426.764941] binder: 14360:14365 got transaction to invalid handle [ 2426.774125] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2426.794816] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2426.806483] binder: 14360:14365 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:18:09 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc018550a, &(0x7f0000000000)={0x100323}) 04:18:10 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185548, &(0x7f0000000000)={0x100323}) [ 2426.836298] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2426.837984] binder_alloc: binder_alloc_mmap_handler: 14360 20001000-20004000 already mapped failed -16 [ 2426.854142] binder: BINDER_SET_CONTEXT_MGR already set [ 2426.867433] binder: 14360:14372 got transaction to invalid handle [ 2426.873919] binder: 14360:14365 ioctl 40046207 0 returned -16 [ 2426.925338] binder: undelivered TRANSACTION_ERROR: 29201 [ 2426.949564] binder: 14360:14372 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2427.018155] binder: undelivered TRANSACTION_ERROR: 29201 04:18:12 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x740000000000, 0x0) 04:18:12 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:12 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000cb060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:12 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc018554c, &(0x7f0000000000)={0x100323}) 04:18:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06060c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340400000000000000f0000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2429.562724] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2429.578552] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2429.582134] binder_alloc: 14388: binder_alloc_buf size 4222124650659840 failed, no address space [ 2429.604177] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:18:12 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185560, &(0x7f0000000000)={0x100323}) [ 2429.610155] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2429.623124] binder: 14388:14389 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:18:12 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:12 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000cc060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2429.682773] binder_alloc: binder_alloc_mmap_handler: 14388 20001000-20004000 already mapped failed -16 [ 2429.693848] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2429.718431] binder: BINDER_SET_CONTEXT_MGR already set 04:18:12 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185568, &(0x7f0000000000)={0x100323}) 04:18:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06080c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2429.742321] binder: 14388:14389 ioctl 40046207 0 returned -16 [ 2429.762248] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2429.783003] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2429.794170] binder_alloc: 14388: binder_alloc_buf, no vma [ 2429.800038] binder: 14388:14412 transaction failed 29189/-3, size 0-4222124650659840 line 3035 04:18:13 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000cd060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2429.851956] binder: undelivered TRANSACTION_ERROR: 29201 [ 2429.868315] binder: undelivered TRANSACTION_ERROR: 29189 [ 2429.932542] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:18:15 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x7fffffffefff, 0x0) 04:18:15 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000100000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:15 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc018556c, &(0x7f0000000000)={0x100323}) 04:18:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06090c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:15 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000ce060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2432.668140] validate_nla: 1 callbacks suppressed [ 2432.668149] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2432.683970] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2432.687535] binder_alloc: 14434: binder_alloc_buf size 4222124650659840 failed, no address space [ 2432.702680] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:18:15 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185574, &(0x7f0000000000)={0x100323}) [ 2432.718864] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2432.728892] binder: 14434:14436 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2432.760502] binder_alloc: binder_alloc_mmap_handler: 14434 20001000-20004000 already mapped failed -16 04:18:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a060a0c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:15 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:16 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000cf060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2432.822584] binder: BINDER_SET_CONTEXT_MGR already set 04:18:16 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc018557a, &(0x7f0000000000)={0x100323}) [ 2432.859704] binder: 14434:14436 ioctl 40046207 0 returned -16 [ 2432.859856] binder_alloc: 14434: binder_alloc_buf, no vma [ 2432.918372] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2432.927252] binder: 14434:14445 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2432.933762] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2432.944796] binder: undelivered TRANSACTION_ERROR: 29201 04:18:16 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0189436, &(0x7f0000000000)={0x100323}) [ 2432.965010] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2432.972766] binder: undelivered TRANSACTION_ERROR: 29189 04:18:18 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x940000000000, 0x0) 04:18:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000200000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:18 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000d0060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:18 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a060b0c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:18 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc020660b, &(0x7f0000000000)={0x100323}) [ 2435.749647] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2435.753889] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2435.765022] binder_alloc: 14473: binder_alloc_buf size 4222124650659840 failed, no address space [ 2435.771155] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2435.783987] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 04:18:18 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100102}) [ 2435.795684] binder: 14473:14474 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2435.814799] binder_alloc: binder_alloc_mmap_handler: 14473 20001000-20004000 already mapped failed -16 04:18:19 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100120}) 04:18:19 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2435.848872] binder: BINDER_SET_CONTEXT_MGR already set [ 2435.859238] binder: 14473:14474 ioctl 40046207 0 returned -16 04:18:19 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06100c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:19 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000d1060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2435.903721] binder: undelivered TRANSACTION_ERROR: 29201 04:18:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000300000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2435.999179] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2436.019349] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2436.047976] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2436.073808] binder_alloc: 14502: binder_alloc_buf size 4222124650659840 failed, no address space [ 2436.082929] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2436.092380] binder: 14502:14503 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2436.111841] binder_alloc: binder_alloc_mmap_handler: 14502 20001000-20004000 already mapped failed -16 [ 2436.122480] binder: BINDER_SET_CONTEXT_MGR already set [ 2436.145419] binder: 14502:14503 ioctl 40046207 0 returned -16 [ 2436.151392] binder_alloc: 14502: binder_alloc_buf, no vma [ 2436.157054] binder: 14502:14505 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2436.173454] binder: undelivered TRANSACTION_ERROR: 29201 [ 2436.185454] binder: undelivered TRANSACTION_ERROR: 29189 04:18:21 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x20710000000000, 0x0) 04:18:21 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100123}) 04:18:21 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:21 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000d2060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:21 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06110c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000400000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2438.777778] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2438.798010] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2438.805525] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2438.817211] vhci_hcd: invalid port number 0 04:18:22 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100300}) [ 2438.823505] binder_alloc: 14515: binder_alloc_buf size 4222124650659840 failed, no address space [ 2438.842944] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2438.855291] binder: 14515:14520 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:18:22 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2438.887081] binder_alloc: binder_alloc_mmap_handler: 14515 20001000-20004000 already mapped failed -16 [ 2438.923387] binder: BINDER_SET_CONTEXT_MGR already set 04:18:22 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000d3060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:22 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06120c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2438.954561] binder: 14515:14520 ioctl 40046207 0 returned -16 [ 2438.963741] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2438.981534] binder_alloc: 14515: binder_alloc_buf, no vma [ 2438.994504] binder: 14515:14533 transaction failed 29189/-3, size 0-4222124650659840 line 3035 04:18:22 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100302}) [ 2439.003677] binder: undelivered TRANSACTION_ERROR: 29201 [ 2439.024391] binder: undelivered TRANSACTION_ERROR: 29189 04:18:22 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2439.055289] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2439.105358] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2439.127981] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:18:24 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x90700000000000, 0x0) 04:18:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000500000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:24 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000d4060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:24 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100320}) 04:18:24 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06130c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:24 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2441.798871] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2441.828795] binder_alloc: 14555: binder_alloc_buf size 4222124650659840 failed, no address space [ 2441.839677] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:18:25 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x10032f}) [ 2441.859502] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2441.866919] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2441.866965] binder: 14555:14560 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2441.895866] binder_alloc: binder_alloc_mmap_handler: 14555 20001000-20004000 already mapped failed -16 04:18:25 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06250c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2441.905690] binder: BINDER_SET_CONTEXT_MGR already set [ 2441.911205] binder: 14555:14560 ioctl 40046207 0 returned -16 [ 2441.918263] binder_alloc: 14555: binder_alloc_buf, no vma [ 2441.924363] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2441.937731] binder: 14555:14567 transaction failed 29189/-3, size 0-4222124650659840 line 3035 04:18:25 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2441.991089] binder: undelivered TRANSACTION_ERROR: 29201 [ 2442.000247] vhci_hcd: default hub control req: 2f03 v0010 i0000 l0 [ 2442.007040] binder: undelivered TRANSACTION_ERROR: 29189 04:18:25 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000d5060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000600000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2442.066283] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2442.091872] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:18:25 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x1003a1}) [ 2442.129379] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2442.169035] binder_alloc: 14583: binder_alloc_buf size 4222124650659840 failed, no address space [ 2442.187635] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2442.191575] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2442.208392] usb usb5: usbfs: process 14587 (syz-executor5) did not claim interface 0 before use [ 2442.211063] binder: 14583:14584 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2442.236404] binder_alloc: binder_alloc_mmap_handler: 14583 20001000-20004000 already mapped failed -16 [ 2442.250835] binder: BINDER_SET_CONTEXT_MGR already set [ 2442.257307] binder: 14583:14584 ioctl 40046207 0 returned -16 [ 2442.285833] binder_alloc: 14583: binder_alloc_buf, no vma [ 2442.291519] binder: 14583:14588 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2442.311267] binder: undelivered TRANSACTION_ERROR: 29201 [ 2442.325399] binder: undelivered TRANSACTION_ERROR: 29189 04:18:28 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xa0500000000000, 0x0) 04:18:28 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100500}) 04:18:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06510c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:28 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000d6060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:28 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000700000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2444.869105] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2444.888354] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:18:28 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100900}) [ 2444.918384] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2444.927288] binder_alloc: 14601: binder_alloc_buf size 4222124650659840 failed, no address space [ 2444.937191] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2444.946627] binder: 14601:14603 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2444.973626] binder_alloc: binder_alloc_mmap_handler: 14601 20001000-20004000 already mapped failed -16 [ 2445.011019] binder: BINDER_SET_CONTEXT_MGR already set 04:18:28 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000d7060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:28 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100b00}) 04:18:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a060102000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:28 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2445.032642] binder: 14601:14603 ioctl 40046207 0 returned -16 [ 2445.071748] binder: undelivered TRANSACTION_ERROR: 29201 04:18:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000a00000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2445.148671] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2445.159554] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2445.170515] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2445.191308] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2445.214020] binder_alloc: 14629: binder_alloc_buf size 4222124650659840 failed, no address space [ 2445.223957] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2445.234754] binder: 14629:14630 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2445.262991] binder_alloc: binder_alloc_mmap_handler: 14629 20001000-20004000 already mapped failed -16 [ 2445.290135] binder: BINDER_SET_CONTEXT_MGR already set [ 2445.333328] binder: 14629:14630 ioctl 40046207 0 returned -16 [ 2445.343067] binder: undelivered TRANSACTION_ERROR: 29201 04:18:31 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x100000000000000, 0x0) 04:18:31 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100c20}) 04:18:31 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:31 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000d8060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:31 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a060103000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000001200000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2447.943610] binder_alloc: 14637: binder_alloc_buf size 4222124650659840 failed, no address space [ 2447.963858] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2447.981292] vhci_hcd: SetHubDepth req not supported for USB 2.0 roothub [ 2447.985738] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2447.993303] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2447.999060] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2448.008934] binder: 14637:14640 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2448.021712] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. 04:18:31 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000d9060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2448.044738] binder_alloc: binder_alloc_mmap_handler: 14637 20001000-20004000 already mapped failed -16 [ 2448.065500] binder: BINDER_SET_CONTEXT_MGR already set [ 2448.074761] binder_alloc: 14637: binder_alloc_buf, no vma 04:18:31 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x2}) [ 2448.095238] binder: 14637:14640 ioctl 40046207 0 returned -16 [ 2448.134597] binder: undelivered TRANSACTION_ERROR: 29201 04:18:31 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:31 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a060104000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2448.140766] binder: 14637:14653 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2448.145276] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2448.184963] binder: undelivered TRANSACTION_ERROR: 29189 04:18:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000002000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:31 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000da060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2448.229972] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2448.239784] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2448.343763] binder_alloc: 14668: binder_alloc_buf size 4222124650659840 failed, no address space [ 2448.378197] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2448.399288] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2448.435707] binder: 14668:14670 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2448.473510] binder_alloc: binder_alloc_mmap_handler: 14668 20001000-20004000 already mapped failed -16 [ 2448.483325] binder: BINDER_SET_CONTEXT_MGR already set [ 2448.489277] binder: 14668:14670 ioctl 40046207 0 returned -16 [ 2448.492032] binder_alloc: 14668: binder_alloc_buf, no vma [ 2448.501101] binder: 14668:14677 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2448.513382] binder: undelivered TRANSACTION_ERROR: 29201 [ 2448.519268] binder: undelivered TRANSACTION_ERROR: 29189 04:18:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a060106000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:34 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x3}) 04:18:34 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x8000000000000000, 0x0) 04:18:34 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000db060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000004800000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:34 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2451.006697] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2451.031259] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2451.031731] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2451.047578] binder_alloc: 14685: binder_alloc_buf size 4222124650659840 failed, no address space 04:18:34 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000dc060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2451.061356] netlink: 4 bytes leftover after parsing attributes in process `syz-executor1'. [ 2451.071727] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2451.087203] binder: 14685:14687 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:18:34 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xfeffffff00000000, 0x0) [ 2451.110716] binder_alloc: binder_alloc_mmap_handler: 14685 20001000-20004000 already mapped failed -16 [ 2451.151631] binder_alloc: 14685: binder_alloc_buf, no vma 04:18:34 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2451.166283] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2451.172728] binder: BINDER_SET_CONTEXT_MGR already set [ 2451.181710] binder: 14685:14695 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2451.212015] binder: undelivered TRANSACTION_ERROR: 29201 [ 2451.224325] binder: undelivered TRANSACTION_ERROR: 29189 [ 2451.236462] binder: 14685:14687 ioctl 40046207 0 returned -16 04:18:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010a000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:34 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000dd060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000004c00000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2451.267264] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:18:34 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x4}) [ 2451.382753] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2451.398517] binder_alloc: 14716: binder_alloc_buf size 4222124650659840 failed, no address space 04:18:34 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2451.424002] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2451.443383] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2451.461586] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2451.469768] binder: 14716:14717 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2451.484236] binder_alloc: binder_alloc_mmap_handler: 14716 20001000-20004000 already mapped failed -16 [ 2451.500278] binder: BINDER_SET_CONTEXT_MGR already set [ 2451.515414] binder: 14716:14717 ioctl 40046207 0 returned -16 04:18:34 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000de060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a060110000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2451.521379] binder_alloc: 14716: binder_alloc_buf, no vma [ 2451.535382] binder: 14716:14724 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2451.547573] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2451.548284] binder: undelivered TRANSACTION_ERROR: 29201 04:18:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000006000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2451.590422] binder: undelivered TRANSACTION_ERROR: 29189 [ 2451.602141] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2451.630357] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. 04:18:34 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:34 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x5}) [ 2451.671695] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2451.688076] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2451.698639] binder_alloc: 14732: binder_alloc_buf size 4222124650659840 failed, no address space [ 2451.723760] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2451.756458] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2451.772693] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2451.772974] binder: 14732:14733 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2451.818203] binder_alloc: binder_alloc_mmap_handler: 14732 20001000-20004000 already mapped failed -16 [ 2451.840348] binder: BINDER_SET_CONTEXT_MGR already set [ 2451.851287] binder: 14732:14741 ioctl 40046207 0 returned -16 [ 2451.859209] binder_alloc: 14732: binder_alloc_buf, no vma [ 2451.864872] binder: 14732:14742 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2451.883323] binder: undelivered TRANSACTION_ERROR: 29189 [ 2451.889339] binder: undelivered TRANSACTION_ERROR: 29201 04:18:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a060118000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:37 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000df060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:37 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:37 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xffefffffff7f0000, 0x0) 04:18:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000006800000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:37 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x6}) [ 2454.273220] binder_alloc: 14753: binder_alloc_buf size 4222124650659840 failed, no address space [ 2454.282012] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2454.285926] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2454.304512] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2454.308537] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 04:18:37 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xffffffff00000000, 0x0) [ 2454.322310] binder: 14753:14756 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2454.339295] binder_alloc: binder_alloc_mmap_handler: 14753 20001000-20004000 already mapped failed -16 [ 2454.349139] binder_alloc: 14753: binder_alloc_buf, no vma [ 2454.349578] binder: BINDER_SET_CONTEXT_MGR already set [ 2454.354795] binder: 14753:14763 transaction failed 29189/-3, size 0-4222124650659840 line 3035 04:18:37 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:37 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000e0060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2454.411628] binder: 14753:14756 ioctl 40046207 0 returned -16 [ 2454.411641] binder: undelivered TRANSACTION_ERROR: 29201 [ 2454.436709] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2454.443398] binder: undelivered TRANSACTION_ERROR: 29189 04:18:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000006c00000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a060125000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:37 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:37 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000e1060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2454.566814] binder_alloc: 14778: binder_alloc_buf size 4222124650659840 failed, no address space [ 2454.592206] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2454.607352] binder: 14778:14779 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2454.643626] binder_alloc: binder_alloc_mmap_handler: 14778 20001000-20004000 already mapped failed -16 04:18:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a060151000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:37 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x7}) [ 2454.689332] binder: BINDER_SET_CONTEXT_MGR already set [ 2454.705233] binder: 14778:14779 ioctl 40046207 0 returned -16 [ 2454.712584] binder_alloc: 14778: binder_alloc_buf, no vma 04:18:37 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2454.748473] binder: 14778:14790 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2454.765648] binder: undelivered TRANSACTION_ERROR: 29201 [ 2454.771944] binder: undelivered TRANSACTION_ERROR: 29189 04:18:38 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000e2060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000007400000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2454.932061] binder_alloc: 14803: binder_alloc_buf size 4222124650659840 failed, no address space [ 2454.969859] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2454.990323] binder_alloc: binder_alloc_mmap_handler: 14803 20001000-20004000 already mapped failed -16 [ 2455.027132] binder: BINDER_SET_CONTEXT_MGR already set [ 2455.040020] binder: 14803:14806 ioctl 40046207 0 returned -16 [ 2455.041689] binder_alloc: 14803: binder_alloc_buf, no vma 04:18:40 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xffffffffff600000, 0x0) 04:18:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a0601e0030200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:40 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:40 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000e3060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:40 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x8}) 04:18:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000007a00000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2457.474539] validate_nla: 8 callbacks suppressed [ 2457.474549] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2457.488438] __nla_parse: 6 callbacks suppressed [ 2457.488448] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2457.506957] binder_alloc: 14817: binder_alloc_buf size 4222124650659840 failed, no address space 04:18:40 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000e4060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2457.523383] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2457.531024] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2457.546926] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2457.560336] binder_transaction: 2 callbacks suppressed [ 2457.560355] binder: 14817:14819 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2457.591301] binder_alloc: binder_alloc_mmap_handler: 14817 20001000-20004000 already mapped failed -16 [ 2457.603307] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2457.619345] binder: BINDER_SET_CONTEXT_MGR already set [ 2457.625039] binder_alloc: 14817: binder_alloc_buf, no vma [ 2457.633863] binder: 14817:14819 ioctl 40046207 0 returned -16 04:18:40 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2457.634765] binder: 14817:14830 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2457.665779] binder_release_work: 2 callbacks suppressed [ 2457.665787] binder: undelivered TRANSACTION_ERROR: 29201 04:18:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000000000fffffdfd00000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:40 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000e5060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a060158650200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2457.709930] binder: undelivered TRANSACTION_ERROR: 29189 [ 2457.722277] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:18:40 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0xa}) [ 2457.825837] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2457.841482] binder_alloc: 14845: binder_alloc_buf size 4222124650659840 failed, no address space [ 2457.848352] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2457.878557] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2457.887001] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2457.893131] binder: 14845:14846 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2457.909918] binder_alloc: binder_alloc_mmap_handler: 14845 20001000-20004000 already mapped failed -16 [ 2457.923619] binder: BINDER_SET_CONTEXT_MGR already set [ 2457.932267] binder: 14845:14849 ioctl 40046207 0 returned -16 [ 2457.939128] binder_alloc: 14845: binder_alloc_buf, no vma [ 2457.945488] binder: 14845:14851 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2457.959005] binder: undelivered TRANSACTION_ERROR: 29201 [ 2457.970565] binder: undelivered TRANSACTION_ERROR: 29189 04:18:43 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x4000) 04:18:43 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:43 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000e6060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:43 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a060100810200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:43 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x10}) 04:18:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000200000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2460.526780] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2460.549301] binder: 14859:14862 got transaction to invalid handle [ 2460.555701] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2460.564361] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2460.575184] binder: 14859:14862 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2460.576054] vhci_hcd: invalid port number 16 [ 2460.592681] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2460.603619] vhci_hcd: invalid port number 16 [ 2460.611024] binder_alloc: binder_alloc_mmap_handler: 14859 20001000-20004000 already mapped failed -16 04:18:43 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x48}) [ 2460.631135] binder: BINDER_SET_CONTEXT_MGR already set [ 2460.640585] binder: 14859:14867 got transaction to invalid handle [ 2460.654822] binder: 14859:14862 ioctl 40046207 0 returned -16 04:18:43 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c020200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:43 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2460.682209] binder: undelivered TRANSACTION_ERROR: 29201 [ 2460.697750] binder: 14859:14867 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:18:43 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000e7060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2460.750452] vhci_hcd: invalid port number 72 04:18:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000300000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2460.776740] binder: undelivered TRANSACTION_ERROR: 29201 [ 2460.786333] vhci_hcd: invalid port number 72 [ 2460.791048] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2460.803615] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. 04:18:44 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x4c}) [ 2460.869356] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2460.894545] binder: 14887:14888 got transaction to invalid handle [ 2460.895770] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2460.916856] binder: 14887:14888 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2460.932086] vhci_hcd: invalid port number 76 [ 2460.943465] vhci_hcd: invalid port number 76 [ 2460.968676] binder_alloc: binder_alloc_mmap_handler: 14887 20001000-20004000 already mapped failed -16 [ 2461.003498] binder: BINDER_SET_CONTEXT_MGR already set [ 2461.016257] binder: 14887:14895 got transaction to invalid handle [ 2461.024080] binder: 14887:14895 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2461.041842] binder: undelivered TRANSACTION_ERROR: 29201 [ 2461.047551] binder: undelivered TRANSACTION_ERROR: 29201 [ 2461.053113] binder: 14887:14888 ioctl 40046207 0 returned -16 04:18:46 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x60ff) 04:18:46 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c030200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:46 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x60}) 04:18:46 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:46 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000e8060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000400000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2463.644625] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2463.666986] binder: 14901:14902 got transaction to invalid handle [ 2463.667577] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2463.673260] binder: 14901:14902 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2463.687429] vhci_hcd: invalid port number 96 [ 2463.693391] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2463.702713] binder_alloc: binder_alloc_mmap_handler: 14901 20001000-20004000 already mapped failed -16 [ 2463.713395] vhci_hcd: invalid port number 96 [ 2463.722526] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2463.732499] binder: BINDER_SET_CONTEXT_MGR already set [ 2463.732507] binder: 14901:14911 got transaction to invalid handle 04:18:46 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x68}) 04:18:46 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2463.732527] binder: 14901:14911 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2463.754437] binder: undelivered TRANSACTION_ERROR: 29201 [ 2463.760590] binder: undelivered TRANSACTION_ERROR: 29201 [ 2463.766557] binder: 14901:14902 ioctl 40046207 0 returned -16 04:18:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000500000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2463.842053] vhci_hcd: invalid port number 104 04:18:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c040200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:47 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000e9060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2463.890109] vhci_hcd: invalid port number 104 [ 2463.935015] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2463.940370] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2463.951260] binder: 14923:14925 got transaction to invalid handle [ 2463.962139] binder: 14923:14925 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:18:47 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x6c}) [ 2463.983517] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2463.989529] binder_alloc: binder_alloc_mmap_handler: 14923 20001000-20004000 already mapped failed -16 [ 2463.992748] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2464.009425] binder: 14923:14932 got transaction to invalid handle [ 2464.015958] binder: 14923:14932 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2464.025571] binder: BINDER_SET_CONTEXT_MGR already set [ 2464.031914] binder: undelivered TRANSACTION_ERROR: 29201 [ 2464.038281] binder: undelivered TRANSACTION_ERROR: 29201 [ 2464.058505] binder: 14923:14925 ioctl 40046207 0 returned -16 [ 2464.095927] vhci_hcd: invalid port number 108 [ 2464.120155] vhci_hcd: invalid port number 108 04:18:49 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x7400) 04:18:49 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:49 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000600000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:49 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000ea060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:49 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c050200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:49 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x74}) [ 2466.741566] binder: 14944:14949 got transaction to invalid handle [ 2466.749441] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2466.767183] binder: 14944:14949 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2466.769347] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2466.791608] vhci_hcd: invalid port number 116 [ 2466.799100] binder_alloc: binder_alloc_mmap_handler: 14944 20001000-20004000 already mapped failed -16 [ 2466.800299] vhci_hcd: invalid port number 116 [ 2466.808790] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2466.821304] binder: BINDER_SET_CONTEXT_MGR already set [ 2466.821312] binder: 14944:14957 got transaction to invalid handle [ 2466.821332] binder: 14944:14957 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2466.826870] binder: 14944:14949 ioctl 40046207 0 returned -16 [ 2466.848842] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2466.848928] binder: undelivered TRANSACTION_ERROR: 29201 [ 2466.869421] binder: undelivered TRANSACTION_ERROR: 29201 04:18:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000700000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:50 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x7a}) [ 2466.892160] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2466.902224] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2466.956221] binder: 14961:14962 got transaction to invalid handle [ 2466.972549] binder: 14961:14962 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2466.981678] vhci_hcd: invalid port number 122 [ 2466.992614] vhci_hcd: invalid port number 122 04:18:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c060200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:50 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000eb060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:50 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2467.003355] binder_alloc: binder_alloc_mmap_handler: 14961 20001000-20004000 already mapped failed -16 [ 2467.020984] binder: 14961:14965 got transaction to invalid handle [ 2467.027754] binder: BINDER_SET_CONTEXT_MGR already set [ 2467.033361] binder: 14961:14962 ioctl 40046207 0 returned -16 04:18:50 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x300}) [ 2467.050652] binder: 14961:14965 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2467.062653] binder: undelivered TRANSACTION_ERROR: 29201 [ 2467.069808] binder: undelivered TRANSACTION_ERROR: 29201 [ 2467.120498] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2467.147181] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2467.157944] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2467.174957] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2467.202912] vhci_hcd: invalid port number 0 [ 2467.208323] vhci_hcd: invalid port number 0 04:18:52 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x9400) 04:18:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000a00000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:52 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:52 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x500}) 04:18:52 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c070200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:52 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000ec060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2469.786944] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2469.818006] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2469.829834] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2469.830747] vhci_hcd: invalid port number 0 [ 2469.844737] binder: 14988:14992 got transaction to invalid handle [ 2469.857165] binder: 14988:14992 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2469.867094] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. 04:18:53 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x600}) [ 2469.884545] binder_alloc: binder_alloc_mmap_handler: 14988 20001000-20004000 already mapped failed -16 [ 2469.904019] binder: BINDER_SET_CONTEXT_MGR already set 04:18:53 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2469.930002] binder: 14988:14992 ioctl 40046207 0 returned -16 [ 2469.936602] binder: 14988:14999 got transaction to invalid handle [ 2469.943680] binder: 14988:14999 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2469.944001] vhci_hcd: invalid port number 0 [ 2469.953462] binder: undelivered TRANSACTION_ERROR: 29201 [ 2469.963164] binder: undelivered TRANSACTION_ERROR: 29201 04:18:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040001200000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:53 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000ed060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c080200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:53 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x700}) [ 2470.108405] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2470.124703] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2470.125581] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2470.143272] binder: 15009:15010 got transaction to invalid handle [ 2470.148160] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2470.158256] binder: 15009:15010 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2470.170473] vhci_hcd: invalid port number 0 [ 2470.186011] binder_alloc: binder_alloc_mmap_handler: 15009 20001000-20004000 already mapped failed -16 [ 2470.212436] binder: BINDER_SET_CONTEXT_MGR already set [ 2470.247655] binder: 15009:15010 ioctl 40046207 0 returned -16 [ 2470.265584] binder: undelivered TRANSACTION_ERROR: 29201 [ 2470.266919] binder: 15009:15019 got transaction to invalid handle [ 2470.291613] binder: 15009:15019 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2470.320431] binder: undelivered TRANSACTION_ERROR: 29201 04:18:56 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x207100) 04:18:56 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0xa00}) 04:18:56 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000ee060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:56 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c0a0200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040004800000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2472.875340] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2472.902265] binder: 15029:15030 got transaction to invalid handle [ 2472.906691] vhci_hcd: invalid port number 0 [ 2472.913109] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:18:56 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x2000}) [ 2472.918554] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2472.943070] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2472.944814] binder: 15029:15030 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2473.010000] vhci_hcd: invalid port number 0 04:18:56 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:56 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x400000) 04:18:56 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000ef060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2473.031346] binder_alloc: binder_alloc_mmap_handler: 15029 20001000-20004000 already mapped failed -16 [ 2473.060645] binder: BINDER_SET_CONTEXT_MGR already set 04:18:56 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x3f00}) [ 2473.103211] binder: 15029:15030 ioctl 40046207 0 returned -16 [ 2473.109416] binder: 15029:15048 got transaction to invalid handle [ 2473.116210] binder: 15029:15048 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2473.125490] binder: undelivered TRANSACTION_ERROR: 29201 [ 2473.132267] binder: undelivered TRANSACTION_ERROR: 29201 04:18:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c0e0200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2473.154337] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:18:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040004c00000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2473.227933] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2473.265227] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. 04:18:56 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:56 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x4800}) [ 2473.274786] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2473.276609] binder: 15065:15067 got transaction to invalid handle [ 2473.291135] binder: 15065:15067 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2473.313836] binder_alloc: binder_alloc_mmap_handler: 15065 20001000-20004000 already mapped failed -16 [ 2473.358303] binder: BINDER_SET_CONTEXT_MGR already set 04:18:56 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c0f0200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:56 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000f0060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2473.395058] binder: 15065:15067 ioctl 40046207 0 returned -16 [ 2473.404270] vhci_hcd: invalid port number 0 [ 2473.425382] binder: 15065:15075 got transaction to invalid handle [ 2473.436451] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:18:56 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x4c00}) [ 2473.459169] binder: undelivered TRANSACTION_ERROR: 29201 [ 2473.481220] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:18:56 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2473.507751] binder: 15065:15075 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2473.532081] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. 04:18:56 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x6000}) [ 2473.558181] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2473.578552] vhci_hcd: invalid port number 0 [ 2473.580089] binder: undelivered TRANSACTION_ERROR: 29201 [ 2473.694703] vhci_hcd: invalid port number 0 04:18:59 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x50a000) 04:18:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040006000000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c100200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:59 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000f1060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:59 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:59 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x6800}) [ 2476.239506] validate_nla: 1 callbacks suppressed [ 2476.239516] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2476.255855] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2476.257960] vhci_hcd: invalid port number 0 [ 2476.271967] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:18:59 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x709000) 04:18:59 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x6c00}) 04:18:59 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000f2060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2476.287140] binder: 15105:15106 got transaction to invalid handle [ 2476.306051] binder: 15105:15106 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2476.315757] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2476.378069] vhci_hcd: invalid port number 0 [ 2476.389531] binder_alloc: binder_alloc_mmap_handler: 15105 20001000-20004000 already mapped failed -16 04:18:59 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:18:59 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c480200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:18:59 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x7400}) [ 2476.448249] binder: BINDER_SET_CONTEXT_MGR already set [ 2476.452746] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2476.466422] binder: 15105:15106 ioctl 40046207 0 returned -16 [ 2476.513700] binder: 15105:15129 got transaction to invalid handle [ 2476.539922] binder: 15105:15129 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2476.554394] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:18:59 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x712000) [ 2476.579703] binder: undelivered TRANSACTION_ERROR: 29201 [ 2476.580059] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2476.587748] binder: undelivered TRANSACTION_ERROR: 29201 [ 2476.592604] vhci_hcd: invalid port number 0 04:18:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040006800000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:18:59 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000f3060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2476.634596] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2476.706801] binder: 15140:15145 got transaction to invalid handle [ 2476.711935] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2476.713511] binder: 15140:15145 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2476.734233] binder_alloc: binder_alloc_mmap_handler: 15140 20001000-20004000 already mapped failed -16 04:18:59 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x7a00}) 04:18:59 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2476.760532] binder: BINDER_SET_CONTEXT_MGR already set [ 2476.766342] binder: 15140:15145 ioctl 40046207 0 returned -16 [ 2476.774667] binder: 15140:15148 got transaction to invalid handle 04:19:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c4c0200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2476.810510] binder: undelivered TRANSACTION_ERROR: 29201 [ 2476.816681] binder: 15140:15148 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:19:00 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000f4060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2476.867919] binder: undelivered TRANSACTION_ERROR: 29201 [ 2476.899780] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2476.905127] vhci_hcd: invalid port number 0 04:19:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040006c00000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2476.920368] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2476.943020] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. 04:19:00 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x100000}) 04:19:00 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2476.970611] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2476.994779] binder: 15164:15165 got transaction to invalid handle [ 2477.002741] binder: 15164:15165 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2477.033663] binder_alloc: binder_alloc_mmap_handler: 15164 20001000-20004000 already mapped failed -16 [ 2477.045596] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c600200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2477.074543] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2477.079050] binder: BINDER_SET_CONTEXT_MGR already set 04:19:00 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000f5060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2477.123528] binder: 15164:15167 got transaction to invalid handle [ 2477.174328] binder: undelivered TRANSACTION_ERROR: 29201 [ 2477.183024] binder: 15164:15165 ioctl 40046207 0 returned -16 [ 2477.192628] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2477.203377] binder: 15164:15167 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2477.224448] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2477.243862] binder: undelivered TRANSACTION_ERROR: 29201 [ 2477.255708] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. 04:19:02 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x740000) 04:19:02 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x1000000}) 04:19:02 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:19:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040007400000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:02 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000f6060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c680200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2479.721475] binder: 15184:15192 got transaction to invalid handle [ 2479.737616] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2479.745720] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2479.755606] binder: 15184:15192 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:19:02 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000f7060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:02 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x2000000}) [ 2479.782090] binder_alloc: binder_alloc_mmap_handler: 15184 20001000-20004000 already mapped failed -16 [ 2479.823434] binder: BINDER_SET_CONTEXT_MGR already set 04:19:03 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:19:03 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c6c0200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2479.849702] binder: 15184:15192 ioctl 40046207 0 returned -16 [ 2479.888283] binder: 15184:15208 got transaction to invalid handle 04:19:03 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000f8060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:03 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x3000000}) [ 2479.907339] binder: 15184:15208 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2479.922573] binder: undelivered TRANSACTION_ERROR: 29201 [ 2479.933680] binder: undelivered TRANSACTION_ERROR: 29201 04:19:05 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x907000) 04:19:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040007a00000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:05 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:19:05 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x4000000}) 04:19:05 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c740200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:05 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000f9060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2482.772850] validate_nla: 3 callbacks suppressed [ 2482.772860] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2482.783007] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2482.793160] __nla_parse: 8 callbacks suppressed [ 2482.793170] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2482.809946] binder: 15227:15233 got transaction to invalid handle 04:19:06 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x5000000}) [ 2482.812915] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2482.819559] binder: 15227:15233 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2482.841167] binder_alloc: binder_alloc_mmap_handler: 15227 20001000-20004000 already mapped failed -16 04:19:06 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x6000000}) 04:19:06 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2482.894301] binder: BINDER_SET_CONTEXT_MGR already set [ 2482.900300] binder: 15227:15233 ioctl 40046207 0 returned -16 [ 2482.906462] binder: 15227:15247 got transaction to invalid handle [ 2482.912882] binder: 15227:15247 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:19:06 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c7a0200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:06 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000fa060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2482.958251] binder: undelivered TRANSACTION_ERROR: 29201 [ 2482.972382] binder: undelivered TRANSACTION_ERROR: 29201 04:19:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000003000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2483.011809] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2483.087211] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2483.116528] netlink: 12 bytes leftover after parsing attributes in process `syz-executor1'. [ 2483.123197] binder: 15261:15263 got transaction to invalid handle [ 2483.126555] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2483.134791] binder: 15261:15263 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2483.152534] binder_alloc: binder_alloc_mmap_handler: 15261 20001000-20004000 already mapped failed -16 [ 2483.162287] binder: BINDER_SET_CONTEXT_MGR already set [ 2483.167653] binder: 15261:15263 ioctl 40046207 0 returned -16 [ 2483.173615] binder: 15261:15264 got transaction to invalid handle [ 2483.180398] binder: 15261:15264 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2483.189523] binder: undelivered TRANSACTION_ERROR: 29201 [ 2483.196671] binder: undelivered TRANSACTION_ERROR: 29201 04:19:08 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x940000) 04:19:08 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x7000000}) 04:19:08 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:19:08 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000300070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000005000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:08 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000fb060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2485.815338] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2485.824617] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2485.845313] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2485.850336] binder: 15275:15279 got transaction to invalid handle [ 2485.871295] binder: 15275:15279 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2485.886266] binder_alloc: binder_alloc_mmap_handler: 15275 20001000-20004000 already mapped failed -16 [ 2485.896156] binder: BINDER_SET_CONTEXT_MGR already set [ 2485.901662] binder: 15275:15279 ioctl 40046207 0 returned -16 [ 2485.908241] binder: 15275:15285 got transaction to invalid handle 04:19:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000b00070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:09 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x8000000}) 04:19:09 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xa05000) [ 2485.914723] binder: 15275:15285 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2485.924711] binder: undelivered TRANSACTION_ERROR: 29201 [ 2485.926385] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2485.932148] binder: undelivered TRANSACTION_ERROR: 29201 04:19:09 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000fc060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000006000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:09 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2486.087369] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2486.119702] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:09 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0xa000000}) 04:19:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c004000070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2486.132980] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2486.150371] binder: 15302:15308 got transaction to invalid handle [ 2486.170224] binder: 15302:15308 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:19:09 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:19:09 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000fd060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2486.214269] binder_alloc: binder_alloc_mmap_handler: 15302 20001000-20004000 already mapped failed -16 [ 2486.268553] binder: BINDER_SET_CONTEXT_MGR already set [ 2486.293435] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2486.304151] binder: 15302:15308 ioctl 40046207 0 returned -16 [ 2486.330810] binder: 15302:15322 got transaction to invalid handle 04:19:09 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x20000000}) 04:19:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000007000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2486.343500] binder: 15302:15322 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2486.353516] binder: undelivered TRANSACTION_ERROR: 29201 [ 2486.360551] binder: undelivered TRANSACTION_ERROR: 29201 [ 2486.379172] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:09 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x3f000000}) 04:19:09 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c005100070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2486.442274] binder: 15327:15328 got transaction to invalid handle [ 2486.471921] binder: 15327:15328 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2486.509026] binder_alloc: binder_alloc_mmap_handler: 15327 20001000-20004000 already mapped failed -16 [ 2486.543292] binder: BINDER_SET_CONTEXT_MGR already set [ 2486.577178] binder: 15327:15328 ioctl 40046207 0 returned -16 [ 2486.590285] binder: undelivered TRANSACTION_ERROR: 29201 04:19:12 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:19:12 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x48000000}) 04:19:12 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x1000000) 04:19:12 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000fe060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000300070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000000a000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2489.060294] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2489.068992] validate_nla: 3 callbacks suppressed [ 2489.069001] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2489.070107] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:19:12 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060000ff060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000b00070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:12 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x4c000000}) [ 2489.142739] binder: 15347:15352 got transaction to invalid handle [ 2489.168782] binder: 15347:15352 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:19:12 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) [ 2489.222997] binder_alloc: binder_alloc_mmap_handler: 15347 20001000-20004000 already mapped failed -16 [ 2489.240255] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2489.251983] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2489.272107] binder: BINDER_SET_CONTEXT_MGR already set [ 2489.281805] binder: 15347:15370 got transaction to invalid handle [ 2489.300254] binder: 15347:15352 ioctl 40046207 0 returned -16 [ 2489.304031] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:19:12 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x60000000}) [ 2489.315035] binder: 15347:15370 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:19:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c005100070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:12 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100030000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2489.355374] binder: undelivered TRANSACTION_ERROR: 29201 [ 2489.363153] binder: undelivered TRANSACTION_ERROR: 29201 04:19:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000000f000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2489.476133] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2489.503921] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2489.521641] binder: 15384:15385 got transaction to invalid handle [ 2489.531265] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2489.535198] binder: 15384:15385 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2489.560490] binder_alloc: binder_alloc_mmap_handler: 15384 20001000-20004000 already mapped failed -16 [ 2489.570600] binder: 15384:15387 got transaction to invalid handle [ 2489.570717] binder: BINDER_SET_CONTEXT_MGR already set [ 2489.576936] binder: 15384:15387 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2489.591764] binder: 15384:15385 ioctl 40046207 0 returned -16 [ 2489.610345] binder: undelivered TRANSACTION_ERROR: 29201 [ 2489.639579] binder: undelivered TRANSACTION_ERROR: 29201 04:19:15 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xfeffffff) 04:19:15 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x68000000}) 04:19:15 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:19:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000012000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:15 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100050000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000202070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2492.139645] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2492.144270] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2492.166325] binder: 15398:15400 got transaction to invalid handle [ 2492.172866] netlink: 'syz-executor0': attribute type 1 has an invalid length. 04:19:15 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x6c000000}) [ 2492.193505] binder: 15398:15400 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2492.203003] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2492.213995] binder_alloc: binder_alloc_mmap_handler: 15398 20001000-20004000 already mapped failed -16 04:19:15 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x74000000}) 04:19:15 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000102060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:15 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x0}, 0x0) 04:19:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000203070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2492.348847] binder: 15398:15400 got transaction to invalid handle [ 2492.383963] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:15 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x7a000000}) [ 2492.397502] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2492.407555] binder: undelivered TRANSACTION_ERROR: 29201 [ 2492.418789] binder: 15398:15400 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2492.442325] binder: undelivered TRANSACTION_ERROR: 29201 [ 2492.471702] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:18 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xff600000) 04:19:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000020000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:18 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x2) 04:19:18 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x10000000000000}) 04:19:18 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000103060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000204070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2495.227517] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2495.236929] validate_nla: 2 callbacks suppressed [ 2495.236940] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2495.268210] binder: 15438:15439 got transaction to invalid handle [ 2495.276926] binder: 15438:15439 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2495.286321] vhci_hcd: invalid port number 0 [ 2495.288481] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:19:18 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x100000000000000}) 04:19:18 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000104060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2495.319539] binder_alloc: binder_alloc_mmap_handler: 15438 20001000-20004000 already mapped failed -16 04:19:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000205070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2495.396554] binder: BINDER_SET_CONTEXT_MGR already set [ 2495.396785] binder: 15438:15456 got transaction to invalid handle [ 2495.432318] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:18 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x3) [ 2495.441495] binder: 15438:15439 ioctl 40046207 0 returned -16 [ 2495.443951] vhci_hcd: invalid port number 0 [ 2495.459118] binder: undelivered TRANSACTION_ERROR: 29201 04:19:18 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000105060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2495.487806] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2495.488439] binder: 15438:15456 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:19:18 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x200000000000000}) [ 2495.555569] binder: undelivered TRANSACTION_ERROR: 29201 [ 2495.600593] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2495.627806] vhci_hcd: invalid port number 0 04:19:21 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xfffffffe) 04:19:21 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000206070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000048000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:21 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x4) 04:19:21 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x300000000000000}) 04:19:21 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000106060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2498.267991] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2498.278849] vhci_hcd: invalid port number 0 [ 2498.290404] binder: 15476:15486 got transaction to invalid handle [ 2498.300134] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:21 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x400000000000000}) [ 2498.325319] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2498.335386] binder: 15476:15486 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2498.360665] binder_alloc: binder_alloc_mmap_handler: 15476 20001000-20004000 already mapped failed -16 [ 2498.365632] vhci_hcd: invalid port number 0 04:19:21 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000107060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:21 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x400000000000) 04:19:21 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x500000000000000}) [ 2498.421212] binder: 15476:15494 got transaction to invalid handle [ 2498.434185] binder: BINDER_SET_CONTEXT_MGR already set 04:19:21 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x5) [ 2498.468454] binder: 15476:15486 ioctl 40046207 0 returned -16 [ 2498.479214] binder: undelivered TRANSACTION_ERROR: 29201 04:19:21 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000207070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2498.520042] binder: 15476:15494 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2498.532039] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2498.557474] vhci_hcd: invalid port number 0 [ 2498.564174] binder: undelivered TRANSACTION_ERROR: 29201 04:19:21 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x6) 04:19:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000004c000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:21 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x600000000000000}) 04:19:21 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000108060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2498.644910] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2498.678256] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:19:21 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000208070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2498.735544] vhci_hcd: invalid port number 0 [ 2498.741213] binder: 15521:15524 got transaction to invalid handle [ 2498.757912] binder: 15521:15524 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:19:21 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x700000000000000}) 04:19:22 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x7) [ 2498.802437] binder_alloc: binder_alloc_mmap_handler: 15521 20001000-20004000 already mapped failed -16 [ 2498.833558] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2498.853796] binder: BINDER_SET_CONTEXT_MGR already set [ 2498.873231] binder: 15521:15524 ioctl 40046207 0 returned -16 [ 2498.875957] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:19:22 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010a060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2498.902248] binder: 15521:15535 got transaction to invalid handle [ 2498.918033] vhci_hcd: invalid port number 0 [ 2498.921661] binder: 15521:15535 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2498.940677] binder: undelivered TRANSACTION_ERROR: 29201 [ 2498.962701] binder: undelivered TRANSACTION_ERROR: 29201 [ 2499.034172] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:24 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x60ffffffffff) 04:19:24 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x800000000000000}) 04:19:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000060000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:24 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x8) 04:19:24 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c00020a070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:24 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010e060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2501.545464] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2501.548065] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2501.565967] vhci_hcd: invalid port number 0 [ 2501.577359] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2501.585614] binder: 15548:15558 got transaction to invalid handle 04:19:24 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0xa00000000000000}) 04:19:24 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x740000000000) [ 2501.600487] binder: 15548:15558 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:19:24 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010f060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2501.652643] binder_alloc: binder_alloc_mmap_handler: 15548 20001000-20004000 already mapped failed -16 [ 2501.676356] vhci_hcd: invalid port number 0 04:19:24 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xa) 04:19:24 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c00020e070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2501.700633] vhci_hcd: invalid port number 0 [ 2501.714149] binder: BINDER_SET_CONTEXT_MGR already set [ 2501.732571] binder: 15548:15558 ioctl 40046207 0 returned -16 [ 2501.782403] binder: 15548:15578 got transaction to invalid handle [ 2501.802874] binder: 15548:15578 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2501.817548] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:25 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x2000000000000000}) [ 2501.832359] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2501.839386] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2501.867599] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:19:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000068000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2501.879051] binder: undelivered TRANSACTION_ERROR: 29201 [ 2501.884594] binder: undelivered TRANSACTION_ERROR: 29201 [ 2501.921393] vhci_hcd: invalid port number 0 04:19:25 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000110060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:25 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x3f00000000000000}) [ 2501.952454] binder: 15588:15589 got transaction to invalid handle [ 2501.966642] binder: 15588:15589 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:19:25 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xe) [ 2501.996796] binder_alloc: binder_alloc_mmap_handler: 15588 20001000-20004000 already mapped failed -16 04:19:25 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c00020f070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2502.038319] binder: BINDER_SET_CONTEXT_MGR already set [ 2502.064414] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2502.078995] binder: 15588:15589 ioctl 40046207 0 returned -16 [ 2502.084927] vhci_hcd: invalid port number 0 04:19:25 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x4800000000000000}) 04:19:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000006c000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2502.110625] binder: undelivered TRANSACTION_ERROR: 29201 [ 2502.129320] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2502.153465] vhci_hcd: invalid port number 0 [ 2502.175422] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2502.280933] binder: 15608:15610 got transaction to invalid handle [ 2502.289342] binder: 15608:15610 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2502.306324] binder_alloc: binder_alloc_mmap_handler: 15608 20001000-20004000 already mapped failed -16 [ 2502.325298] binder: BINDER_SET_CONTEXT_MGR already set [ 2502.330246] binder: 15608:15612 got transaction to invalid handle [ 2502.330615] binder: 15608:15610 ioctl 40046207 0 returned -16 [ 2502.337309] binder: 15608:15612 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2502.352205] binder: undelivered TRANSACTION_ERROR: 29201 [ 2502.364839] binder: undelivered TRANSACTION_ERROR: 29201 04:19:27 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x4c00000000000000}) 04:19:27 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000148060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:27 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x7fffffffefff) 04:19:27 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xf) 04:19:27 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000210070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000074000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:28 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x10) [ 2504.772491] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2504.785542] vhci_hcd: invalid port number 0 [ 2504.790324] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2504.799965] binder: 15617:15625 got transaction to invalid handle [ 2504.810286] binder: 15617:15625 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:19:28 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x6000000000000000}) 04:19:28 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600014c060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000248070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:28 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x940000000000) [ 2504.908440] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2504.935851] binder_alloc: binder_alloc_mmap_handler: 15617 20001000-20004000 already mapped failed -16 [ 2504.937380] vhci_hcd: invalid port number 0 04:19:28 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x48) 04:19:28 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x6800000000000000}) [ 2505.004260] binder: BINDER_SET_CONTEXT_MGR already set [ 2505.013623] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2505.036631] binder: 15617:15625 ioctl 40046207 0 returned -16 [ 2505.082557] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2505.090648] binder: 15617:15653 got transaction to invalid handle [ 2505.115709] binder: 15617:15653 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2505.124750] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:19:28 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000160060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000007a000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2505.130693] binder: undelivered TRANSACTION_ERROR: 29201 [ 2505.141628] binder: undelivered TRANSACTION_ERROR: 29201 [ 2505.150873] vhci_hcd: invalid port number 0 04:19:28 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x6c00000000000000}) 04:19:28 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x4c) 04:19:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c00024c070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2505.260957] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:28 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000168060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:28 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x7400000000000000}) [ 2505.322363] binder: 15665:15668 got transaction to invalid handle [ 2505.329382] vhci_hcd: invalid port number 0 [ 2505.341039] binder: 15665:15668 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:19:28 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x60) [ 2505.426931] binder_alloc: binder_alloc_mmap_handler: 15665 20001000-20004000 already mapped failed -16 [ 2505.436576] binder: BINDER_SET_CONTEXT_MGR already set [ 2505.441899] binder: 15665:15668 ioctl 40046207 0 returned -16 [ 2505.461779] binder: 15665:15682 got transaction to invalid handle [ 2505.466337] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000260070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2505.468632] binder: 15665:15682 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2505.490510] vhci_hcd: invalid port number 0 [ 2505.493858] binder: undelivered TRANSACTION_ERROR: 29201 [ 2505.516345] binder: undelivered TRANSACTION_ERROR: 29201 04:19:31 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x20710000000000) 04:19:31 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x68) 04:19:31 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x7a00000000000000}) 04:19:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000100000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:31 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600016c060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:31 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000268070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2508.084557] validate_nla: 5 callbacks suppressed [ 2508.084568] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2508.085961] binder_alloc: 15694: binder_alloc_buf size 4222124650659840 failed, no address space [ 2508.108371] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2508.120213] vhci_hcd: invalid port number 0 04:19:31 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0xffffffff00000000}) [ 2508.131129] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2508.142923] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2508.160402] binder: 15694:15695 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:19:31 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000174060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:31 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x6c) [ 2508.201516] binder_alloc: binder_alloc_mmap_handler: 15694 20001000-20004000 already mapped failed -16 04:19:31 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x90700000000000) 04:19:31 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c00026c070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2508.282336] vhci_hcd: invalid port number 0 [ 2508.289531] binder: BINDER_SET_CONTEXT_MGR already set [ 2508.310448] binder: 15694:15695 ioctl 40046207 0 returned -16 04:19:31 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x2}) [ 2508.351833] binder_alloc: 15694: binder_alloc_buf, no vma [ 2508.373747] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2508.383422] binder: 15694:15721 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2508.386111] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:19:31 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600017a060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:31 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x3}) [ 2508.443377] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2508.451266] binder: undelivered TRANSACTION_ERROR: 29201 [ 2508.457559] binder: undelivered TRANSACTION_ERROR: 29189 [ 2508.474627] vhci_hcd: invalid port number 0 04:19:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000200000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:31 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x74) [ 2508.582847] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2508.621823] vhci_hcd: invalid port number 0 04:19:31 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000274070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2508.649322] binder_alloc: 15741: binder_alloc_buf size 4222124650659840 failed, no address space 04:19:31 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x4}) 04:19:31 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100090000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2508.690718] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2508.692551] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2508.758661] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2508.769766] binder: 15741:15742 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2508.787319] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2508.800515] vhci_hcd: invalid port number 0 04:19:32 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x7a) [ 2508.811842] binder_alloc: binder_alloc_mmap_handler: 15741 20001000-20004000 already mapped failed -16 [ 2508.814064] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2508.837008] binder: BINDER_SET_CONTEXT_MGR already set [ 2508.850425] binder_alloc: 15741: binder_alloc_buf, no vma 04:19:32 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x5}) [ 2508.863089] binder: 15741:15742 ioctl 40046207 0 returned -16 [ 2508.882069] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2508.891622] binder: 15741:15754 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2508.903651] binder: undelivered TRANSACTION_ERROR: 29201 [ 2508.913600] binder: undelivered TRANSACTION_ERROR: 29189 [ 2509.012525] vhci_hcd: invalid port number 0 04:19:34 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xa0500000000000) 04:19:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c00027a070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000300000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:34 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060001000b0000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:34 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xf0) 04:19:34 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x6}) [ 2511.423913] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2511.431485] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2511.441106] vhci_hcd: invalid port number 0 [ 2511.456337] binder_alloc: 15773: binder_alloc_buf size 4222124650659840 failed, no address space [ 2511.460512] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:34 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x7}) [ 2511.474630] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2511.490926] binder: 15773:15777 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:19:34 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x300) [ 2511.530118] binder_alloc: binder_alloc_mmap_handler: 15773 20001000-20004000 already mapped failed -16 04:19:34 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x100000000000000) [ 2511.580112] binder: BINDER_SET_CONTEXT_MGR already set [ 2511.593941] binder: 15773:15777 ioctl 40046207 0 returned -16 [ 2511.615840] binder_alloc: 15773: binder_alloc_buf, no vma [ 2511.621505] binder: 15773:15790 transaction failed 29189/-3, size 0-4222124650659840 line 3035 04:19:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200510022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:34 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100180000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2511.654208] vhci_hcd: invalid port number 0 [ 2511.686163] binder: undelivered TRANSACTION_ERROR: 29189 [ 2511.692011] binder: undelivered TRANSACTION_ERROR: 29201 04:19:34 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x500) 04:19:34 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x8}) 04:19:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000400000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:35 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0xa}) [ 2511.856216] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2511.867570] binder_alloc: 15810: binder_alloc_buf size 4222124650659840 failed, no address space [ 2511.873858] vhci_hcd: invalid port number 0 [ 2511.876829] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2511.890503] binder: 15810:15812 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:19:35 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x600) [ 2511.936255] binder_alloc: binder_alloc_mmap_handler: 15810 20001000-20004000 already mapped failed -16 04:19:35 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200040022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2511.981312] binder: BINDER_SET_CONTEXT_MGR already set [ 2511.990645] vhci_hcd: invalid port number 0 [ 2511.999811] binder: 15810:15812 ioctl 40046207 0 returned -16 [ 2512.015280] binder_alloc: 15810: binder_alloc_buf, no vma [ 2512.022526] binder: 15810:15821 transaction failed 29189/-3, size 0-4222124650659840 line 3035 04:19:35 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x10}) 04:19:35 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x700) [ 2512.063178] binder: undelivered TRANSACTION_ERROR: 29201 [ 2512.081270] binder: undelivered TRANSACTION_ERROR: 29189 04:19:35 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100510000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2512.153510] vhci_hcd: invalid port number 0 [ 2512.231186] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:37 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x8000000000000000) 04:19:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000500000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200510022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:37 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x48}) 04:19:37 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xa00) 04:19:37 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100030000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2514.716414] vhci_hcd: invalid port number 0 [ 2514.728333] validate_nla: 11 callbacks suppressed [ 2514.728343] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2514.747044] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2514.757026] binder_alloc: 15846: binder_alloc_buf size 4222124650659840 failed, no address space 04:19:37 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x4c}) [ 2514.766245] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2514.768825] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2514.782486] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2514.792187] binder: 15846:15850 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:19:38 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x60}) [ 2514.819713] binder_alloc: binder_alloc_mmap_handler: 15846 20001000-20004000 already mapped failed -16 [ 2514.829675] vhci_hcd: invalid port number 0 [ 2514.864578] binder: BINDER_SET_CONTEXT_MGR already set 04:19:38 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xe00) 04:19:38 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100050000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2514.903686] binder: undelivered TRANSACTION_ERROR: 29201 [ 2514.909530] binder: 15846:15858 transaction failed 29189/-22, size 0-4222124650659840 line 2896 [ 2514.923074] vhci_hcd: invalid port number 0 04:19:38 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070222ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:38 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x68}) [ 2514.963553] binder: 15846:15850 ioctl 40046207 0 returned -16 [ 2514.979541] binder: undelivered TRANSACTION_ERROR: 29189 [ 2515.041961] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2515.052778] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2515.071008] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2515.071644] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2515.093367] vhci_hcd: invalid port number 0 04:19:40 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xfeffffff00000000) 04:19:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000600000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:40 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100090000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:40 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x6c}) 04:19:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070322ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:40 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xf00) [ 2517.787555] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2517.789920] vhci_hcd: invalid port number 0 [ 2517.799969] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2517.809313] binder_alloc: 15885: binder_alloc_buf size 4222124650659840 failed, no address space [ 2517.825692] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2517.839181] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2517.851295] binder: 15885:15889 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2517.860989] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2517.877576] binder_alloc: binder_alloc_mmap_handler: 15885 20001000-20004000 already mapped failed -16 04:19:41 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x74}) 04:19:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070422ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2517.889312] binder: BINDER_SET_CONTEXT_MGR already set [ 2517.896244] binder: 15885:15889 ioctl 40046207 0 returned -16 [ 2517.902273] binder_alloc: 15885: binder_alloc_buf, no vma [ 2517.923735] binder: 15885:15896 transaction failed 29189/-3, size 0-4222124650659840 line 3035 04:19:41 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xffefffffff7f0000) 04:19:41 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x2000) [ 2517.945581] binder: undelivered TRANSACTION_ERROR: 29201 [ 2517.959228] binder: undelivered TRANSACTION_ERROR: 29189 04:19:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000700000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:41 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060001000b0000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2518.039335] vhci_hcd: invalid port number 0 [ 2518.046173] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:19:41 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x7a}) 04:19:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070522ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:41 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x20af) [ 2518.117345] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2518.155046] binder_alloc: 15916: binder_alloc_buf size 4222124650659840 failed, no address space 04:19:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070622ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2518.219837] vhci_hcd: invalid port number 0 [ 2518.221736] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2518.247413] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2518.251825] binder: 15916:15918 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:19:41 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x300}) [ 2518.281670] binder_alloc: binder_alloc_mmap_handler: 15916 20001000-20004000 already mapped failed -16 04:19:41 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100180000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:41 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x3f00) [ 2518.353571] binder: BINDER_SET_CONTEXT_MGR already set [ 2518.366466] vhci_hcd: invalid port number 0 [ 2518.367951] binder: 15916:15918 ioctl 40046207 0 returned -16 [ 2518.389840] binder_alloc: 15916: binder_alloc_buf, no vma [ 2518.409677] binder: undelivered TRANSACTION_ERROR: 29201 [ 2518.420545] binder: 15916:15934 transaction failed 29189/-3, size 0-4222124650659840 line 3035 04:19:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070722ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2518.454456] binder: undelivered TRANSACTION_ERROR: 29189 [ 2518.481243] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:44 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xffffffff00000000) 04:19:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000a00000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:44 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x500}) 04:19:44 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x4000) 04:19:44 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070822ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:44 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100510000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2521.050512] binder_alloc: 15950: binder_alloc_buf size 4222124650659840 failed, no address space [ 2521.087310] vhci_hcd: invalid port number 0 [ 2521.103699] validate_nla: 8 callbacks suppressed [ 2521.103708] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2521.122905] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2521.125258] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2521.145288] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 04:19:44 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x600}) [ 2521.158073] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2521.180184] binder: 15950:15951 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:19:44 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070a22ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2521.218286] binder_alloc: binder_alloc_mmap_handler: 15950 20001000-20004000 already mapped failed -16 [ 2521.255466] binder: BINDER_SET_CONTEXT_MGR already set 04:19:44 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x4800) [ 2521.282164] binder: 15950:15951 ioctl 40046207 0 returned -16 [ 2521.305856] binder: undelivered TRANSACTION_ERROR: 29201 04:19:44 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060200007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000001200000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2521.361375] vhci_hcd: invalid port number 0 [ 2521.365271] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:19:44 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070e22ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2521.486995] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2521.521335] binder_alloc: 15979: binder_alloc_buf size 4222124650659840 failed, no address space [ 2521.553990] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2521.572112] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2521.579358] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2521.597548] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2521.615460] binder: 15979:15981 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2521.631500] binder_alloc: binder_alloc_mmap_handler: 15979 20001000-20004000 already mapped failed -16 [ 2521.665430] binder: BINDER_SET_CONTEXT_MGR already set [ 2521.671157] binder: 15979:15981 ioctl 40046207 0 returned -16 [ 2521.678268] binder_alloc: 15979: binder_alloc_buf, no vma [ 2521.695388] binder: 15979:15988 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2521.715922] binder: undelivered TRANSACTION_ERROR: 29201 [ 2521.723637] binder: undelivered TRANSACTION_ERROR: 29189 04:19:47 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xffffffffff600000) 04:19:47 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x700}) 04:19:47 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x4c00) 04:19:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070f22ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:47 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060300007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000002000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2524.188109] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2524.196194] vhci_hcd: invalid port number 0 [ 2524.203122] binder_alloc: 15997: binder_alloc_buf size 4222124650659840 failed, no address space [ 2524.211890] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2524.220237] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2524.221409] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 04:19:47 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0xa00}) [ 2524.243092] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2524.256832] binder: 15997:16002 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:19:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200071022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2524.298052] binder_alloc: binder_alloc_mmap_handler: 15997 20001000-20004000 already mapped failed -16 04:19:47 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x6000) 04:19:47 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060400007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2524.341231] vhci_hcd: invalid port number 0 [ 2524.347857] binder_alloc: 15997: binder_alloc_buf, no vma [ 2524.380466] binder: BINDER_SET_CONTEXT_MGR already set 04:19:47 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x2000}) [ 2524.405636] binder: 15997:16011 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2524.423626] binder: 15997:16014 ioctl 40046207 0 returned -16 [ 2524.423651] binder: undelivered TRANSACTION_ERROR: 29189 [ 2524.442782] binder: undelivered TRANSACTION_ERROR: 29201 04:19:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000004800000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2524.483434] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2524.553150] vhci_hcd: invalid port number 0 [ 2524.612119] binder_alloc: 16027: binder_alloc_buf size 4222124650659840 failed, no address space [ 2524.623703] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2524.660327] binder: 16027:16030 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2524.678688] binder_alloc: binder_alloc_mmap_handler: 16027 20001000-20004000 already mapped failed -16 [ 2524.688545] binder: BINDER_SET_CONTEXT_MGR already set [ 2524.693841] binder: 16027:16030 ioctl 40046207 0 returned -16 [ 2524.694000] binder_alloc: 16027: binder_alloc_buf, no vma [ 2524.706349] binder: 16027:16033 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2524.715579] binder: undelivered TRANSACTION_ERROR: 29201 [ 2524.721130] binder: undelivered TRANSACTION_ERROR: 29189 04:19:50 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x6800) 04:19:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200074822ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:50 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x3f00}) 04:19:50 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060500007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:50 executing program 3: r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f0000000200)={0x3, 0x3}) clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r1, 0x17) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2) ioctl$EVIOCGABS0(r3, 0x80184540, &(0x7f0000000140)=""/161) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) 04:19:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000004c00000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2527.236231] vhci_hcd: invalid port number 0 [ 2527.246741] validate_nla: 3 callbacks suppressed [ 2527.246750] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2527.249462] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2527.270524] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:19:50 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x4800}) [ 2527.272220] binder_alloc: 16044: binder_alloc_buf size 4222124650659840 failed, no address space [ 2527.302181] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2527.311267] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2527.321021] binder: 16044:16045 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:19:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200074c22ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:50 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x4000, 0x0) ioctl$TIOCLINUX7(r2, 0x541c, &(0x7f0000000080)={0x7, 0x9}) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2527.362054] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2527.379784] binder: BINDER_SET_CONTEXT_MGR already set [ 2527.385426] binder_alloc: binder_alloc_mmap_handler: 16044 20001000-20004000 already mapped failed -16 [ 2527.391217] binder_alloc: 16044: binder_alloc_buf, no vma 04:19:50 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060600007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2527.438155] vhci_hcd: invalid port number 0 [ 2527.452718] binder: 16044:16045 ioctl 40046207 0 returned -16 [ 2527.458970] binder: undelivered TRANSACTION_ERROR: 29201 [ 2527.475764] binder: 16044:16052 transaction failed 29189/-3, size 0-4222124650659840 line 3035 04:19:50 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x6c00) [ 2527.496310] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2527.534518] binder: undelivered TRANSACTION_ERROR: 29189 04:19:50 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x4c00}) 04:19:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000006000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:50 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x400, 0x0) getresgid(&(0x7f0000000180)=0x0, &(0x7f00000001c0), &(0x7f0000000200)) getgroups(0x2, &(0x7f0000000240)=[0xffffffffffffffff, 0xee01]) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x2000, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_user='access=user'}, {@afid={'afid', 0x3d, 0x6}}, {@dfltgid={'dfltgid', 0x3d, r4}}, {@cache_none='cache=none'}, {@uname={'uname', 0x3d, '\'e'}}, {@dfltgid={'dfltgid', 0x3d, r5}}], [{@dont_measure='dont_measure'}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@dont_hash='dont_hash'}]}}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2527.543034] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2527.557354] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2527.583899] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200076022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2527.644315] vhci_hcd: invalid port number 0 04:19:50 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x7400) [ 2527.692904] binder_alloc: 16076: binder_alloc_buf size 4222124650659840 failed, no address space [ 2527.723454] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 04:19:50 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x6000}) 04:19:50 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060700007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2527.752134] binder: 16076:16077 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2527.764941] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2527.785339] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:19:51 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200076822ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2527.835385] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2527.837643] binder_alloc: binder_alloc_mmap_handler: 16076 20001000-20004000 already mapped failed -16 [ 2527.843044] vhci_hcd: invalid port number 0 [ 2527.873009] binder: BINDER_SET_CONTEXT_MGR already set 04:19:51 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x6800}) [ 2527.881107] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2527.889795] binder: 16076:16077 ioctl 40046207 0 returned -16 [ 2527.905691] binder_alloc: 16076: binder_alloc_buf, no vma [ 2527.915865] binder: 16076:16095 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2527.925018] binder: undelivered TRANSACTION_ERROR: 29201 [ 2527.937190] binder: undelivered TRANSACTION_ERROR: 29189 04:19:51 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x7a00) 04:19:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000006800000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2527.986404] vhci_hcd: invalid port number 0 04:19:51 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060800007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:51 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x6c00}) 04:19:51 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200076c22ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2528.098231] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2528.151952] binder_alloc: 16110: binder_alloc_buf size 4222124650659840 failed, no address space [ 2528.157103] vhci_hcd: invalid port number 0 [ 2528.165281] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2528.192595] binder: 16110:16111 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2528.221612] binder_alloc: binder_alloc_mmap_handler: 16110 20001000-20004000 already mapped failed -16 [ 2528.271477] binder: BINDER_SET_CONTEXT_MGR already set [ 2528.292482] binder: 16110:16111 ioctl 40046207 0 returned -16 [ 2528.301284] binder_alloc: 16110: binder_alloc_buf, no vma [ 2528.307565] binder: 16110:16120 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2528.317411] binder: undelivered TRANSACTION_ERROR: 29201 [ 2528.324283] binder: undelivered TRANSACTION_ERROR: 29189 04:19:53 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x1, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000140)={0x4, 0x0, 0x3, 0x24f4}) ioctl$DRM_IOCTL_SG_FREE(r0, 0x40106439, &(0x7f0000000180)={0x100000001, r1}) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x200200, 0x0) r3 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r3, 0x7cc7, 0x0) syz_open_dev$ndb(&(0x7f0000000300)='/dev/nbd#\x00', 0x0, 0x20000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r3, 0x17) ptrace$cont(0x18, r3, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') getsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000001900)=@assoc_value={0x0, 0x7}, &(0x7f0000001940)=0x8) sendmsg$inet_sctp(r2, &(0x7f00000019c0)={&(0x7f0000000340)=@in6={0xa, 0x4e24, 0x5, @ipv4={[], [], @broadcast}, 0xe5f}, 0x1c, &(0x7f0000001840)=[{&(0x7f0000000380)="51351b979e23e18406605c6a84c718e88a39f9485033db54b442dbc6772d5da6a8d6934f8c942e5351f0b4e4659f4dff2553dd2b9e44a898b8419e3b", 0x3c}, {&(0x7f00000003c0)="be79cabc2b98b14fefef6054b2ce86e4ac4dbc4991e186912fb2211e1422547056f64d83ca75499c112fec812ba23eb8ea98f06fd24884a2c4dff7b52957d4ea563dd918224bf460c07edf89410e56f702a443991fc6670d3788bc8c1d908a6979c3bb784d4e07f13232293eb595b1fd415c26159d14368c2899af4155292902d7340cc023421119f11d2a43826957d5768e71af80af6e0cd37855dbab2d99d1618c20b2146568f9e439a17bbe1e4bceb0ea9a292f7c9c46a67c68937b7a493b2a626837534d6e13e5a1060e33e0d59cd8c7250092fb077a6d07ef73dd262818847aa11bf1134298c774d977a0f89f3c575ec542ca33b7d60ae6fe55b296785d4478df57f8fb2120367df495eb8a5fdeb93a5760638352434ea3ad2becbadaf4c69018144be81468439916527e84cb04e2bceeeb6e7703a955b91a78f49a16b1d1b1bdd65e5092f8175eaa3f857582b117515bde1fe83e982747540653a09bc236853cb2b50f40217250af75365d4aba6efeed78c915c191102b57b1564dfaee0ec673437df755053190566a94053cacf5f38d9477b98fe1a663a67788d0f8cabb47ca22da496d94ec9ac472b711638ded92be60ef6884015a277bca24810bb8751cae862ed7a58965140ab3e5ae364f6d1ca455fef2d6ec0872a5a545159b956cbdfc52ccb926d6fd7764e8fa2b7dabd50ce3545be34140ec371329560944e3c6025d609456763add3344336fa81c480f335e50c48ae8482f32c29ab9ad3a9c2fef55effe8764d649af0018afb4d2c27f008a60657fc4681d8674ddc9abe271acb84f3e7702a657fb466dffdd93e815d7248ee975a3f82ab058fde5ffa37a412ae10d8676d0372e87889b07d4da844710f2cece933ba16fd3936ec3978acda0b1bc82b7ee13b2d2c1fcad83549506e487ff35468b02991ae529467fc169f092eace0cafdf6b194f5f85ede886dfc8fb6effe1eae94257a51ca827e102427bdc51a80b0caff659b6338466305fd57f4d149c324b9b6464cd2315555fdd0fb10d8379dcc898100bc70a33b5270e9dea1223dd6c7d023ac5f94e52520f1593fcdf38f6bff8b9c4dd257a8eb2d148a2d7f4ce602c8cdd309d1db746c7bfadb8e446aa776bb29e339dcee93541f67b8e4a126355efe8ea0601d2de3923de3fd7cc563c211b7b74a7178bdcf7fd15d569e839cf72fb1a712fd8b03df99c209655f12c8eb67c87e496c32fa8a4eee86f5f81347b8242710ac81386d235b387c1aece4bd8280619b7a8a4e509eae6ed48628eaf5d9fa8f02ff2bc088bdc74a11e6a46d79545d594971dfab0789068ccf4431a07e345ad2b981e044196b48b408822a1fe80abb196f92963c9f5cc1d5d3e4dfceadb3e21d521708869e18b36bd7e59c38e1388dfb042f16a955e797fea641abba601100d538127f1b12bb0aa3ef80767a659eeff47c770cfb29412c50a217921ea72f757ae603dc5374df558d753545a4c117ce75a6482ba0331c1faac6ee40751624fcd6aa47420a6408fda860b1724b7cf60a7bca111dcfe4942211d09bc83a2631f75775fb5e803c2f020541e1a4dae3c2dd28f70e86ab6e4812c0bc9b29e0060ed074112cddff3616b3fa896a9fcb124d17140f86e9f5d35d24d623c94714d4b62896b987b10c26c7ec8b0982ad43b68acdd20f2d549b84ef9dc523506801dfc242e4a378f48ab097675686f6f8445e9f1cc24fccf4d8bc932bb5f1a0c6ab1f04f7a45d19b99375d638fb5e80ceeaea65df60fe8d4424a668f0e8a52843e4a8d48cf6ab2dc0b50bea4f9405354aca5750ec0edbe9b7651361898311dc002d5a63ad8e9891e15ec5abbf4c74c9c5673937d0306a5baf4f9bcb326b8acd3a16fe843c882bfc850de188720d7bc1ff18bca3e18657ab03c2ad9f5b6e924f62947943cddaaf7670b2b519c5236b1069bbc9823172e3b3cdb629175c169f7f60f1b0f68bab0c00d0521fdac41dac4adf84878cba0a674b09bc928a361bb37e1bc5f0714ba5c47f9417e9658b08c3a08ebad6f67defd13b006edb96a939e198164a4ad63c64f4fcb8686b1eb1a72a826320fd479ab13e1fbbff050f75ee5c8f0a400c72c63d6ec0f561fc17cba7d0ee95842daf76831ed7681a3214350d81777bb4b4e4f4e2502a5ddce26db302cf5995cd48f63dd6688ad8c83e02670ee846e5c90eb2339580cc2dc0d06c1592153bfbf838157d0d213ece70ab878193215498731b1b55225762d24d685f371a5126f61b4f7c8f30b732a5dae58977285f278c6f39cd891998c6c6167db8434aff08b9c83359483a41ac71a9f3e16a674b0d3f00eb3f0d1786c01742858ea4c15bd51432098f6c31f327b1036e3f859afbeccfe5b984535441a9556db58032a6cd25b988cc0afd05b6e23f88bc0b876ba49bdaa4fcde4de3db3fbb4c8dddabfb2b86630a1d280f33737ba826b08ddf7e325462792fcdcbabde0c0ee205b909ff58fc4a2c8d2396c5b458c6c8bf20edff6117f37a3a4636301acfe38ed21eaf3e903ecb224f82b6f40fb4b5d2cc7022d663375b659f8beae14f6d15896f9568ee05e09b34682b7473528594ea63fc221742ebd71afd2fb9da26dac24446e482d013e04f72d8fa8c53bf9b9778a65947ec32a50baeffdc732a6e77e7b1c5352d8c6da9e1e3b015dc6503503bd988073b55170f36142bd0e7d0dc32fb3745a32def2100646848bb6f6773361fb31dc7ea2f8e85fc02c64617983e8825a29be03d015ceb057c999b0abb0f456bf2fd10fed4e62fca32cc89e59c8c3794e4a2713ef28c0e57a4372e5121a7a8e5d463d9f44b6a8c782400a8c30b4453cdc801749b7bb911e8f9f5e9c822e6d7b8917c4bc4bd7d74c24a9dd8c95b355860a03e4a39b19fffc2da60b826176b2b2ebf258b5880d6b68906087bf7bbf0c81d20f17e175d58d65848bd2a3d29010b5c1a98e583c57d1030a7a72e58d34457f790f22f93f305e86ff4ba73b2c8a19ef4f4588be214578fa4f457dddcec7e1d6879e6696c1735c87244a53da2dbb5374025c42c4405c34372f095e3bb6d3131110c35ada9409112f76e29a8ee090f9aa396ced7465f43b9838f839dedb6da4573781254d24b4684a13b8f4586cecae4531b2c13189c28d94a3f3a22b4a381c56be9ab305bedddaff7fd9c14c42738fdd198c61ce879ffbb1f32d33445d7f1cefb6b53089b50107ebe81a36ceac622f5573bf7870f875878f7927e593e19dc3c357e21aee291e326fd8e458ade804d74d11cbbb5b5de5d7a94cfa8ae9c01472667bc9cd176840749c0a62e07bf6b2798feddaec0ec59a1cb4f881678c61b250fed61d392e4ecb1b73cbdcb3df41d3c0b20a6c1e01ef50af952aa4ae0a3dd88952dd71307ca825312b1e4871ec1ec9123f024ea094fcf4e913e01d0901ef248cac0bfbb3d1a49f66e77eb2c0a570de2d62b750857c4ec3c682df48de37314e3d1defa8b51a75a4f833c5c7a0fe19d4261ce29d15a3104e052239117f26fe546b2a62850499f76461abd0a450687c7f3bd9ee3e0e69572ed03b413de73e5906a3435274be40c098a542357ee32abb91e017219234d3819d60c8184c7baf5294e5897e32c34886c726df5913d89044d6f383f328f1073d8c1ad59ca082b176ac7d259839dfab831dca51edbedf9d043ba2cfacb86912cd1108f6dc14ef112f3cee560f0524a4ca56b8ab53561eeabbcf2eda169ada850525183f1ca86949939659cbb5ef0fb91bee4ddc3c35261081ef8b75453527b889148dc28ba607ecab2b4be54e1930156a89596d9eb2c1db91ffda4e569954f02875a27062f1984ed9b65da672da49c5acac49c6cd86840ac24b3d8d637866d660ee9e487843a56ec6fbabadba4834d6176dd52a6d8cecade252c96d87a44945f62b9c90b52edf063b90914c9d4918a372685d471edcccc7cf52b1dcaf40e82434fc30dd3b6f5dbe975fe8189946df5988e9e774810ca5e89c00da173c40634d0a135cc9d3fb3e22c9602db21da72dafe5178b9aae5dedc525058a96b2f907664a7fcebe7e21023d1c202b5985dd411e13d5fdf01013e29b735e91621587751d1a51e631d339eaff877f9285bd318903a33794f0237556524d6ae36b96714a6c9ff29899d7c61fe724f355063e134d8ff9fdb098256c21fe9e24ba38c03b28f5b0863e52ee063f228ee2feb06b8fc7a2bb43e86d4d16d1d9229a68681290dc39165c42736a7c91c1e34c9d1aff94f40ffb9119bd90ea2fc438d93aadfc5bdd31ca0080b647768ddbd16effd4683a76ede45c131a4376d450e569f2499c23c5676638ea3d90fc14fd150d70a085645a5dc82d30f6a5dc6e7693bd7ccab5aeeaf0a78d0c21860033a43c072b3c9c40d95ab16bbf2d6e2364bba204391cf02c1084deb653cdd7959c46cbc848dd0a7139c8fff0c1043d624bbdcefc384cebbab0c3bc749e153d8cc2342f59e81094d9cffce540313f44abc92ed67a0286aeae38c690be0d3191a627ccffcb907ba5751ccd8969448658b7642322c6c302bfa8251ba002f38dac147d503a8d7bc93ee4dff24c683292a90cf0faf1bcbd144b4515ccc7d3830516b760646f7b651d58214af72863397ea8918d13b06ec1e350264c7e238954a56398d6daef83be88c72c7147bb246e1f6809521fdbabbc556dbc2a9e6286cd750cdbc4ae07430f6424e6e87114afffb8c31407d749539ad419eb3bbb4b6675a8394b4b34723f6b3713ea85025d7db87aad72ad15f60574b2e0e585d0864dfc745c4d2aa04b3451d76509cf82ed3cfd71a9a35d6c997ca5f81df2956ec530cdfd739a21e31db714d193cb1338ada4e91f21e2745e3509702450f726d90f4209043a83cd938f032d202ddb5e1ede1b58bb8f7e6b4cd289624375acdc664d5828c3a75af580434d1f49e000c639f09df204a08fb0f1afccef9051b302f944329905cb940c777a84427a45d549b9045cc4a77b6d09adcf53e7fc8fa28ee9eac0fd1045c878b107067500f69db6467bd4217911859774ffaabc7ec4f02221cef9775c25a82be002d95c28e5345fe6e24bf41a8cddb5e7486fac22f4001ffecd57236a3555d5ea23e76d99680dfb374d64240692690f830dacec6792f01b5002de3300f03b4e7f84f6daddec56d36a2d9a683fea309e10093d7deefa2a7036bbd7798e6ebda17279091d2a5d78505d9bf52773d9e111b4a19a82ca7f7dbcbbc6b9c56f1f5486b16660450d652a52d844cf6f77289f3f7097c91f1d4c3d603cd531e830512cc437141a666cb4ae74dc570f5c6525f318c47d7b9a0b0490c483ad8fb3309062c4df4b98dd836920afe73a7571deb095c3e2f27c0bf0297e9bda77118d554da23a087960cf8c71ab7017532f4755c7a9eb9b78cb0934a81cb857486f61ce8e8fd6d1027a74fa63a3e36e89008b206915a31d9dbfeda76efa0126ba66510bd1ec412462ae8d04443ff8476106d5ccfbc2688659e4cabec0b58b1fc1a10a889e6943ff06cb35b4940438d67470fd9c09435b292a404b479a17f535f0fb0f741bafdfa55319a2a2d4e29c85e5ba903ca27594eac614de361698339cc4109d61be241683f30cd195b4057f1a387e3473e1cd697db7db1226f2ebfbd8254043cbc5523f8aa4e9a084261cbf4d79d3a392d3ae995db3b912835f4a1c390c250cd00047d6367b914c2dd717c9722896aed41205c1fae9bbbc2e7b90fabf29447aac627e2852e51f9d38cc879c7af5d0cc1dd4b9ee0c92dba344394d12bd707bf3eeb0bc2a2fe99814e9356f55a9f53b74015e3e", 0x1000}, {&(0x7f00000013c0)="f10bc5ae669d27a0230556b4768c1da1e03a337db8b305827f0dcc78db9a11774aaa1ca7d228e3085f171b9474746f8dcee4c15c77fb07f4e31b1b0d35dd43a9c34af9a5b62506cfeccd234434235d038769307cf9fed881e5159c52d0962815003b97a2f4e06adc0924c692785fb7d134ae474411d08000e91630cacda7232fe0746386d05582f96c7e24af304ced7391b8ff7dc65528728e802efb6463", 0x9e}, {&(0x7f0000001480)="d79aaf97527b25f261115075211267d1e36ffcafa8b72f3498e5b211fc77d0fd5c", 0x21}, {&(0x7f00000014c0)="d38f2cee05ce2899b6285b2fc92258cd683f8e98bba24ba1eec01b043cea762dc471abde001e4998f00226f94758f3ad2a69cccce118e1c881a7aa83a4197af9f20238a86b0464231ecb1e7b7475e65e4dd79d1202b5eb77587e9aadd163b119922b1610d55a6fb3e4137147d71bc818ea7c1350b5dec47f10ec3a96028cdd14cf437655b2a9aae407e0bd1dbdae9d8825af065b", 0x94}, {&(0x7f0000001580)="e852c11df02fd72a7d20b93ed3f0e78894f4f9d6a20580d69b3c4271b1d52089faffb89c9cf26ffdd03191210a71b5990dccaeef65950867", 0x38}, {&(0x7f00000015c0)="f3f60887680a59772ebed8531773fc462382039bdddb0ab7626ac4ac7c4b1c3835b62f0487e560e7274608f9082f4b6dc8cd95570ac894f084a19311d22bae0b0e6061e79c92166e036e56bc0d54a58e80d26481f58b2b92a9bb896307357b3d444e70d4cde2f6a4bc397da7a20fe7368ed99de160b8fefc39f7b07b31436c1b99e77d7e0a261d0887dba9ef05e01e771b17be653413ca3e9d37e59eea4e9387fbe22da9135dbf76ee158b1069dad55af8063e659beeaef9844f8038fc32bec57eea5710e82b6ba5d1c9", 0xca}, {&(0x7f00000016c0)="3aafc5d30bb1c1adc405f4a25723ac8fde82a238", 0x14}, {&(0x7f0000001700)="c322a56c4481bfac52ff7f45a188cd6995fd6a8c87805d4ee6f8d725753c267fea77517672395f3abf8dc476b6c0194dbc8c685cfe97ef544c154b7d2b391e556c74031fb79d0166a05db5f9425a7cc17de69d321bd58d4c0bd9af4c56dffd5f24b2ebc4d0f80419e1", 0x69}, {&(0x7f0000001780)="778d841117e97f89ffbb6dd382627c181c00005fe658d3f4b4815638fb5ab1a02fa660c049eff55d759fa979574bc7166a27be4ff35c2fcef995c45c1004d398099fb6a517c14e793750fe02bd6d1fad10d7ba0a0622d4e543da215bcbaebf3f66fb0177420360e66f366d7ebe9444a227d91f202e1c96597d2868fa32ef35f76deaefbb3407f68921463ec9ca62124dd8d6c19d390643a0a173bad5c5220998b30da60e1ca735", 0xa7}], 0xa, &(0x7f0000001980)=[@sndrcv={0x30, 0x84, 0x1, {0x7, 0x1, 0x20a, 0x81, 0x2, 0x9, 0x2, 0x9, r6}}], 0x30, 0x40}, 0x800) sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r5, 0x0, 0x70bd2a, 0x25dfdbfc, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4000880) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r3, 0x0, 0x0) 04:19:53 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x7400}) 04:19:53 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200077422ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:53 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xaf20) 04:19:53 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060a00007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:53 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000006c00000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2530.761637] vhci_hcd: invalid port number 0 [ 2530.769428] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2530.788213] binder_alloc: 16126: binder_alloc_buf size 4222124650659840 failed, no address space 04:19:54 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xf000) 04:19:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200077a22ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:54 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x7a00}) 04:19:54 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x40002, 0x0) ioctl$KVM_S390_UCAS_MAP(r1, 0x4018ae50, &(0x7f0000000080)={0x7, 0x5, 0x1f}) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2530.814423] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2530.827584] binder: 16126:16134 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2530.854132] binder_alloc: binder_alloc_mmap_handler: 16126 20001000-20004000 already mapped failed -16 [ 2530.887189] binder: BINDER_SET_CONTEXT_MGR already set [ 2530.909146] binder: 16126:16134 ioctl 40046207 0 returned -16 04:19:54 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060e00007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2530.955429] binder_alloc: 16126: binder_alloc_buf, no vma [ 2530.956433] binder: undelivered TRANSACTION_ERROR: 29201 [ 2530.971868] binder: 16126:16141 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2530.992026] vhci_hcd: invalid port number 0 04:19:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070051ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2531.022028] binder: undelivered TRANSACTION_ERROR: 29189 04:19:54 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x34000) 04:19:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000007400000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:54 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x100000}) [ 2531.082726] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:54 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060f00007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:54 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x1000000}) [ 2531.173420] binder_alloc: 16170: binder_alloc_buf size 4222124650659840 failed, no address space [ 2531.183161] vhci_hcd: invalid port number 0 [ 2531.195039] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2531.211564] binder: 16170:16173 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:19:54 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x400300) [ 2531.248263] binder_alloc: binder_alloc_mmap_handler: 16170 20001000-20004000 already mapped failed -16 [ 2531.293451] binder: BINDER_SET_CONTEXT_MGR already set [ 2531.302618] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070051ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2531.336050] binder: 16170:16173 ioctl 40046207 0 returned -16 [ 2531.342316] binder_alloc: 16170: binder_alloc_buf, no vma [ 2531.351123] vhci_hcd: invalid port number 0 [ 2531.352715] binder: 16170:16182 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2531.385371] binder: undelivered TRANSACTION_ERROR: 29189 [ 2531.391136] binder: undelivered TRANSACTION_ERROR: 29201 04:19:54 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x2000000}) 04:19:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000007a00000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2531.536776] vhci_hcd: invalid port number 0 [ 2531.561537] binder_alloc: 16192: binder_alloc_buf size 4222124650659840 failed, no address space [ 2531.583074] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2531.594709] binder_alloc: binder_alloc_mmap_handler: 16192 20001000-20004000 already mapped failed -16 [ 2531.604900] binder: BINDER_SET_CONTEXT_MGR already set [ 2531.610765] binder: 16192:16195 ioctl 40046207 0 returned -16 [ 2531.617300] binder_alloc: 16192: binder_alloc_buf, no vma 04:19:57 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100061000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:57 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xf0ffff) 04:19:57 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff03f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:19:57 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x3000000}) 04:19:57 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = msgget(0x2, 0x10) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000580)='/dev/vga_arbiter\x00', 0x92100, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000005c0)={0xfffffffffffffffd, 0x0, 0x10000, 0x5}) ioctl$DRM_IOCTL_SG_ALLOC(r3, 0xc0106438, &(0x7f0000000600)={0x65, r4}) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000140)={{{@in=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@mcast1}}, &(0x7f0000000000)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f00000006c0)={{{@in=@empty, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@mcast1}}, &(0x7f00000007c0)=0xfffffffffffffe58) getpgid(r0) getresgid(&(0x7f00000003c0), &(0x7f0000000400)=0x0, &(0x7f0000000440)) msgctl$IPC_SET(r2, 0x1, &(0x7f0000000480)={{0x9, r5, r6, r7, r8, 0x81, 0x193d}, 0x8, 0x8000, 0x6, 0x1, 0x1, 0x7, r0, r0}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ioctl$DRM_IOCTL_GET_CAP(r3, 0xc010640c, &(0x7f0000000640)={0xfffffffffffffffa, 0x4}) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$FICLONERANGE(r3, 0x4020940d, &(0x7f0000000280)={r3, 0x0, 0x5, 0x100, 0x2}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r9 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000500)='/dev/btrfs-control\x00', 0x0, 0x0) write$P9_RREADLINK(r9, &(0x7f0000000540)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) ptrace$cont(0x7, r0, 0x0, 0x0) 04:19:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000fffffdfd00000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2533.939332] validate_nla: 16 callbacks suppressed [ 2533.939341] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2533.940518] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2533.956078] vhci_hcd: invalid port number 0 [ 2533.963768] binder: 16205:16210 got transaction to invalid handle [ 2533.971437] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:19:57 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x1000000) [ 2533.995616] binder_transaction: 2 callbacks suppressed [ 2533.995637] binder: 16205:16210 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2534.033987] binder_alloc: binder_alloc_mmap_handler: 16205 20001000-20004000 already mapped failed -16 04:19:57 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x4000000}) [ 2534.049827] binder: BINDER_SET_CONTEXT_MGR already set [ 2534.056742] binder: 16205:16210 ioctl 40046207 0 returned -16 [ 2534.078141] binder: 16205:16217 got transaction to invalid handle 04:19:57 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff0bf16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2534.094605] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2534.097373] binder_release_work: 2 callbacks suppressed [ 2534.097381] binder: undelivered TRANSACTION_ERROR: 29201 [ 2534.108554] binder: 16205:16217 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:19:57 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100064800007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2534.172619] binder: undelivered TRANSACTION_ERROR: 29201 [ 2534.183024] vhci_hcd: invalid port number 0 [ 2534.187800] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:19:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000fdfdffff00000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:19:57 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x5000000}) 04:19:57 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x2000000) [ 2534.294828] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2534.327024] binder: 16231:16233 got transaction to invalid handle [ 2534.327044] binder: 16231:16233 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:19:57 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff51f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2534.347920] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2534.361437] vhci_hcd: invalid port number 0 04:19:57 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x6000000}) [ 2534.405078] binder_alloc: binder_alloc_mmap_handler: 16231 20001000-20004000 already mapped failed -16 [ 2534.416811] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2534.450581] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2534.458386] binder: BINDER_SET_CONTEXT_MGR already set 04:19:57 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x3000000) [ 2534.487782] binder: 16231:16233 ioctl 40046207 0 returned -16 [ 2534.508286] vhci_hcd: invalid port number 0 [ 2534.517028] binder: 16231:16244 got transaction to invalid handle [ 2534.523546] vhci_hcd: invalid port number 0 [ 2534.546473] binder: undelivered TRANSACTION_ERROR: 29201 [ 2534.566794] binder: 16231:16244 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2534.608792] binder: undelivered TRANSACTION_ERROR: 29201 [ 2534.636998] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:20:00 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_dev$radio(&(0x7f0000000140)='/dev/radio#\x00', 0x2, 0x2) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffff9c, 0x84, 0x11, &(0x7f0000000180)={0x0, 0x6}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000200)={r3, 0x3, 0xdb3b7d4984600112}, &(0x7f0000000240)=0xc) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x210003, 0x4bcc) syz_open_procfs$namespace(r0, &(0x7f0000000280)='ns/pid_for_children\x00') ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sched_getaffinity(r0, 0x8, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:00 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100064c00007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f10a52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:00 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x7000000}) 04:20:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000f00000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:00 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x4000000) [ 2537.044113] vhci_hcd: invalid port number 0 [ 2537.045327] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2537.050423] binder_alloc: 16257: binder_alloc_buf size 4222124650659840 failed, no address space [ 2537.067760] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2537.083597] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:00 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x8000000}) [ 2537.089475] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2537.109599] binder: 16257:16264 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:20:00 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x0, 0x0) pwritev(r1, &(0x7f0000000640)=[{&(0x7f0000000280)="d06c590a03e0c7091b8db551ffc96a1b4cf0fb615f69c117d184f136e2abcf60bcecbcd8dca36e7cab0138bce8e0f62848d50479cc94dbdd7683aee17e11b1d50407836a970f9d6600071cdaa80d177417393d5f0f2f179f85e12dca895215293e7a55d63dc494", 0x67}, {&(0x7f0000000300)="557c0ed814e6a03578032a3627bc6ca00bac1173aef22e7ef4e7c8adeb81b2d5db6f2456ad69155f5fcf3575cc038a54fa22732340e825e7d14bb23166e9e27b38aa4c8f6579b9820937cd1939e5424a3af8db930370f7d40d236fbee571be85a65ae94f38772519228ed2c0f03bb32a743c69f8cb0669a3cb356b7dab24d3c0f9fe6ac945c6ae8b55198a01545ac1d074d1d3e25e7a7caf40c34c79", 0x9c}, {&(0x7f00000003c0)="729ff8bcd64f483f54f0ff213ee2b6e68d67b54a54d871f03d75e02bef36737253ed620d64cd1010356dccdb03ad9636d75e643fdc42d635c61c83888afdaef100246fdb1b105a37bdd555e31bddfdac373478763a09ec4fd1af46b24d3fde73e4c1fbfbc364ea6a119a7ca581a187606c67fa0765c9225682941b7e2d834569e146946b46d93561abfa922480651a8e07366addf8d2c60a96349ed79f9c3602825a34a5b6", 0xa5}, {&(0x7f0000000480)="147feb0902c884a5ace16e06a24c9b73f396b813d5164c4a57d4ef96ecc917de8c658ddf9f8a2c402253990cb3e5237d45ba64a657aa78f6ad0c51914d90dc07e7fbc3f3383f397f6d7ee2991007031466804139a1f270f01f6e69ca75fa471fa53cad993fd2c300bcb306570696d22fd775aeab7b1a861a7dd307d64c429b866c3c166d2b96b8416a5b1c105f7985a9263fd7", 0x93}, {&(0x7f0000000540)="d947fe3d1e47ff1f1fde2a16c7f4f058f9b1ed8588141383e1c791c7d835aa25f98a62893341e05655dc4a330faf74651162641ba3a7ca2421d727e9762014fd4c8899284fdafe8d11f85afb61b05a0afac817c3c5a61d1bde3de51592a1c1e66622aae2df77f56ce9ff48f644ceee3e21182f4de487bbe049d5e8eabdb09d6f0220fb28ef461a88edd0ebf7c0ef3b9282ed5604e66244dff795d2742d3acb203c011b9178f0b91dfb83dc14f0da735b35cdf1d08075d135b5c3d832adf5592122b5b718cb72ff8ac0861d9e4d5a72", 0xcf}], 0x5, 0x0) r2 = socket(0xa, 0x6, 0x4) setsockopt$EBT_SO_SET_COUNTERS(r2, 0x0, 0x81, &(0x7f00000001c0)={'broute\x00', 0x0, 0x0, 0x0, [], 0x3, &(0x7f0000000140)=[{}, {}, {}, {}, {}], 0x0, [{}, {}, {}]}, 0xa8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2537.137242] binder_alloc: binder_alloc_mmap_handler: 16257 20001000-20004000 already mapped failed -16 04:20:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f12552"], 0x2c}, 0x1, 0x2}, 0x0) [ 2537.199009] binder: BINDER_SET_CONTEXT_MGR already set [ 2537.207637] vhci_hcd: invalid port number 0 [ 2537.224501] binder: 16257:16264 ioctl 40046207 0 returned -16 04:20:00 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x5000000) [ 2537.258937] binder_alloc: 16257: binder_alloc_buf, no vma [ 2537.300319] binder: 16257:16279 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2537.300923] binder: undelivered TRANSACTION_ERROR: 29201 04:20:00 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100066000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2537.341269] binder: undelivered TRANSACTION_ERROR: 29189 04:20:00 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0xa000000}) 04:20:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000001000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:00 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x400, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x1, &(0x7f0000000080)=0x6, 0x4) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0xf}, 0x1, 0x2}, 0x0) 04:20:00 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x6000000) [ 2537.533682] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2537.548782] vhci_hcd: invalid port number 0 04:20:00 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x20000000}) [ 2537.589805] binder_alloc: 16299: binder_alloc_buf size 4222124650659840 failed, no address space [ 2537.627552] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:00 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x51}, 0x1, 0x2}, 0x0) 04:20:00 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x8000, 0x0) ioctl$VIDIOC_G_INPUT(r1, 0x80045626, &(0x7f0000000080)) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2537.657468] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2537.686600] vhci_hcd: invalid port number 0 04:20:00 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100066800007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2537.711355] binder: 16299:16307 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2537.738837] binder_alloc: binder_alloc_mmap_handler: 16299 20001000-20004000 already mapped failed -16 04:20:00 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x3f000000}) [ 2537.783769] binder: BINDER_SET_CONTEXT_MGR already set 04:20:00 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x7000000) [ 2537.807354] binder: 16299:16307 ioctl 40046207 0 returned -16 [ 2537.837019] binder: undelivered TRANSACTION_ERROR: 29201 [ 2537.865026] vhci_hcd: invalid port number 0 04:20:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0xc0}, 0x1, 0x2}, 0x0) 04:20:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000002000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:01 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(r0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x9, 0xa800) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r2, 0x800448d3, &(0x7f0000000140)={{0xfffffffffffffffc, 0x8000, 0xfffffffffffffffd, 0x4, 0x3, 0x3}, 0x7f, 0x400000000000, 0x10000, 0x30c, 0xc6, "80fc6434eb702c3c7a40a38f6598ada0e5ae4438866f70c3802792b87beb8f76a95db728257637802cc8ca42c43bafbdddc7ce97261e6dbe9afdb41cd6b22370bfd28c8f1bad36c5e5c37e81b9a84bf6abf0b49c4123503cb4fb01a6b60c9f1914ad7bbde04b8a8f7e5b923a1594e0d452ced6f81d03d7ee593a8f913f786bcb"}) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:01 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x48000000}) [ 2537.920579] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:01 executing program 3: r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:01 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x8000000) [ 2538.042006] vhci_hcd: invalid port number 0 04:20:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0xec0}, 0x1, 0x2}, 0x0) [ 2538.072603] binder_alloc: 16341: binder_alloc_buf size 4222124650659840 failed, no address space 04:20:01 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100066c00007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:01 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x4c000000}) [ 2538.163656] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2538.203300] binder: 16341:16347 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:20:01 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xa000000) [ 2538.258132] binder_alloc: binder_alloc_mmap_handler: 16341 20001000-20004000 already mapped failed -16 [ 2538.267843] vhci_hcd: invalid port number 0 [ 2538.291330] binder: BINDER_SET_CONTEXT_MGR already set 04:20:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x33fe0}, 0x1, 0x2}, 0x0) 04:20:01 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x60000000}) 04:20:01 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000180)={{{@in6=@mcast2, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6}}, &(0x7f0000000280)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000002c0)={{{@in=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @local}}, 0x0, @in=@dev}}, &(0x7f00000003c0)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000400)={{{@in6=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@local}}, &(0x7f0000000500)=0xe8) mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x8, &(0x7f0000000540)={'trans=unix,', {[{@privport='privport'}, {@dfltuid={'dfltuid', 0x3d, r2}}], [{@hash='hash'}, {@euid_lt={'euid<', r3}}, {@appraise='appraise'}, {@uid_eq={'uid', 0x3d, r4}}]}}) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2538.315460] binder: 16341:16347 ioctl 40046207 0 returned -16 [ 2538.321551] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2538.338760] binder: undelivered TRANSACTION_ERROR: 29201 04:20:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000003000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2538.474693] vhci_hcd: invalid port number 0 [ 2538.493984] binder_alloc: 16381: binder_alloc_buf size 4222124650659840 failed, no address space [ 2538.506722] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2538.516155] binder: 16381:16382 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:20:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2000002c}, 0x1, 0x2}, 0x0) 04:20:01 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x68000000}) [ 2538.529860] binder_alloc: binder_alloc_mmap_handler: 16381 20001000-20004000 already mapped failed -16 [ 2538.549860] binder: BINDER_SET_CONTEXT_MGR already set [ 2538.561071] binder: 16381:16382 ioctl 40046207 0 returned -16 [ 2538.568229] binder_alloc: 16381: binder_alloc_buf, no vma 04:20:01 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100067400007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2538.573993] binder: 16381:16384 transaction failed 29189/-3, size 0-4222124650659840 line 3035 04:20:01 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xe000000) [ 2538.625349] binder: undelivered TRANSACTION_ERROR: 29189 [ 2538.630921] binder: undelivered TRANSACTION_ERROR: 29201 04:20:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000004000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x7ffff000}, 0x1, 0x2}, 0x0) [ 2538.715404] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2538.730335] vhci_hcd: invalid port number 0 [ 2538.748200] binder_alloc: 16398: binder_alloc_buf size 4222124650659840 failed, no address space 04:20:01 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xf000000) [ 2538.757406] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2538.784382] binder_alloc: binder_alloc_mmap_handler: 16398 20001000-20004000 already mapped failed -16 [ 2538.797399] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:02 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x6c000000}) [ 2538.835266] binder: BINDER_SET_CONTEXT_MGR already set [ 2538.855579] binder: 16398:16399 ioctl 40046207 0 returned -16 04:20:02 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100067a00007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0xfffffdef}, 0x1, 0x2}, 0x0) [ 2538.912532] vhci_hcd: invalid port number 0 [ 2538.917158] binder_alloc: 16398: binder_alloc_buf, no vma [ 2539.012314] validate_nla: 22 callbacks suppressed [ 2539.012323] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2539.071132] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:04 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000140)={{0x0, @loopback, 0x4e21, 0x0, 'wrr\x00', 0x1, 0x1b6, 0xa}, {@empty, 0x4e22, 0x3, 0x1, 0x80000000, 0x7e}}, 0x44) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:04 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x74000000}) 04:20:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000005000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:04 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x10000000) 04:20:04 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2, 0x2}, 0x0) 04:20:04 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010006f000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2541.475802] vhci_hcd: invalid port number 0 [ 2541.503154] binder_alloc: 16427: binder_alloc_buf size 4222124650659840 failed, no address space [ 2541.510510] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2541.512407] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2541.532338] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2541.537733] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 04:20:04 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x7a000000}) [ 2541.556752] binder_transaction: 2 callbacks suppressed [ 2541.556771] binder: 16427:16431 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2541.563826] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2541.595284] binder_alloc: binder_alloc_mmap_handler: 16427 20001000-20004000 already mapped failed -16 04:20:04 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) tkill(r0, 0x26) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2541.614013] binder: BINDER_SET_CONTEXT_MGR already set [ 2541.635922] binder: 16427:16431 ioctl 40046207 0 returned -16 [ 2541.647775] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2541.666801] binder_release_work: 2 callbacks suppressed [ 2541.666851] binder: undelivered TRANSACTION_ERROR: 29201 [ 2541.676244] binder_alloc: 16427: binder_alloc_buf, no vma 04:20:04 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3, 0x2}, 0x0) 04:20:04 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x9, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:04 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x10000000000000}) [ 2541.681118] vhci_hcd: invalid port number 0 [ 2541.683921] binder: 16427:16436 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2541.722077] binder: undelivered TRANSACTION_ERROR: 29189 04:20:04 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100069201007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000006000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:05 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x20000000) [ 2541.864393] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2541.915753] vhci_hcd: invalid port number 0 04:20:05 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x5, 0x2}, 0x0) [ 2541.941075] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2541.949380] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2541.956994] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2541.959129] binder_alloc: 16463: binder_alloc_buf size 4222124650659840 failed, no address space [ 2541.977921] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 04:20:05 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x100000000000000}) 04:20:05 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x3f000000) [ 2541.989142] binder: 16463:16466 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2542.028105] binder_alloc: binder_alloc_mmap_handler: 16463 20001000-20004000 already mapped failed -16 04:20:05 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060003007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2542.089758] binder: BINDER_SET_CONTEXT_MGR already set [ 2542.107114] vhci_hcd: invalid port number 0 [ 2542.112162] binder: 16463:16466 ioctl 40046207 0 returned -16 [ 2542.124375] binder_alloc: 16463: binder_alloc_buf, no vma [ 2542.134454] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2542.139058] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2542.148871] binder: 16463:16477 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2542.175814] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2542.176118] binder: undelivered TRANSACTION_ERROR: 29189 04:20:05 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x200000000000000}) 04:20:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000007000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2542.190368] binder: undelivered TRANSACTION_ERROR: 29201 04:20:05 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x40000000) [ 2542.279603] binder_alloc: 16484: binder_alloc_buf size 4222124650659840 failed, no address space [ 2542.282479] vhci_hcd: invalid port number 0 [ 2542.289014] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2542.370130] binder: 16484:16486 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2542.414469] binder_alloc: binder_alloc_mmap_handler: 16484 20001000-20004000 already mapped failed -16 [ 2542.431246] binder: BINDER_SET_CONTEXT_MGR already set [ 2542.437393] binder_alloc: 16484: binder_alloc_buf, no vma [ 2542.443057] binder: 16484:16494 ioctl 40046207 0 returned -16 [ 2542.447164] binder: 16484:16495 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2542.458533] binder: undelivered TRANSACTION_ERROR: 29201 [ 2542.464200] binder: undelivered TRANSACTION_ERROR: 29189 04:20:08 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$bt_rfcomm(0x1f, 0x3, 0x3) fgetxattr(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="57797374656d2e47504c00af0b839a5ff44daddb52ad027206ebe1e70bd2da501ec9c49fac0d314e9d5ed1f542120c010000000e25ccf8744b028604defe3b0dfb127e8cb66910324ebc0705d18480dd4a8548ee0263c2660861534e70c194660004ed02a6f94b16f0b264daf466379bc7d9486b8a7fb3032eb1425aa869f40ce981069bb5cb5fb1d0861828a45f7b7f307e4699682dfe318f58a87e9c9bb84eb499d862257215453ec6fe073086b826dc7d76d51cd0ef22cc386eb258e11401a1b96c55"], &(0x7f0000000140)=""/254, 0xfe) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r1, 0x17) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) r3 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x3ff, 0x100) ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000080)={0x397fb89a, 0x400, 0x1, 0x800, 0x15, 0x0, 0x10000, 0x4, 0xfffffffffffffe00, 0xa76, 0x1, 0xffffffff}) ptrace$cont(0x7, r1, 0x0, 0x0) 04:20:08 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x6, 0x2}, 0x0) 04:20:08 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060005007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:08 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x300000000000000}) 04:20:08 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x48000000) 04:20:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000000000000000000a000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2544.895327] validate_nla: 2 callbacks suppressed [ 2544.895337] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2544.906485] vhci_hcd: invalid port number 0 [ 2544.912680] binder_alloc: 16499: binder_alloc_buf size 4222124650659840 failed, no address space [ 2544.921044] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2544.922835] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2544.942459] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2544.951742] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2544.966729] binder: 16499:16503 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:20:08 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x400000000000000}) 04:20:08 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getpgid(r0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2544.990187] binder_alloc: binder_alloc_mmap_handler: 16499 20001000-20004000 already mapped failed -16 04:20:08 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x8, 0x2}, 0x0) [ 2545.017865] binder: BINDER_SET_CONTEXT_MGR already set [ 2545.023760] binder: 16499:16503 ioctl 40046207 0 returned -16 [ 2545.036701] binder_alloc: 16499: binder_alloc_buf, no vma [ 2545.044815] binder: 16499:16511 transaction failed 29189/-3, size 0-4222124650659840 line 3035 04:20:08 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x4c000000) [ 2545.100996] vhci_hcd: invalid port number 0 [ 2545.107011] binder: undelivered TRANSACTION_ERROR: 29201 [ 2545.113793] binder: undelivered TRANSACTION_ERROR: 29189 04:20:08 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060006007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000012000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2545.142834] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:20:08 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x500000000000000}) 04:20:08 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x9, 0x2}, 0x0) [ 2545.260969] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2545.269294] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2545.298838] binder_alloc: 16531: binder_alloc_buf size 4222124650659840 failed, no address space [ 2545.300679] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2545.323980] vhci_hcd: invalid port number 0 [ 2545.334905] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2545.348652] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:20:08 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x600000000000000}) [ 2545.356236] binder: 16531:16534 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2545.383483] binder_alloc: binder_alloc_mmap_handler: 16531 20001000-20004000 already mapped failed -16 [ 2545.403859] binder_alloc: 16531: binder_alloc_buf, no vma [ 2545.410004] binder: BINDER_SET_CONTEXT_MGR already set [ 2545.413620] binder: 16531:16541 transaction failed 29189/-3, size 0-4222124650659840 line 3035 04:20:08 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x60000000) 04:20:08 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x700000000000000}) [ 2545.431395] binder: 16531:16534 ioctl 40046207 0 returned -16 [ 2545.437682] binder: undelivered TRANSACTION_ERROR: 29189 [ 2545.437820] vhci_hcd: invalid port number 0 [ 2545.443444] binder: undelivered TRANSACTION_ERROR: 29201 [ 2545.462428] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2545.477360] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000020000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2545.506789] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:20:08 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060007007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2545.564534] vhci_hcd: invalid port number 0 [ 2545.569302] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2545.594363] vhci_hcd: invalid port number 0 [ 2545.620239] binder_alloc: 16551: binder_alloc_buf size 4222124650659840 failed, no address space [ 2545.652915] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2545.685937] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2545.718430] binder_alloc: binder_alloc_mmap_handler: 16551 20001000-20004000 already mapped failed -16 [ 2545.735754] binder: BINDER_SET_CONTEXT_MGR already set [ 2545.741195] binder: 16551:16552 ioctl 40046207 0 returned -16 [ 2545.747686] binder_alloc: 16551: binder_alloc_buf, no vma 04:20:11 executing program 3: clone(0x40800200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_procfs(r0, &(0x7f0000000000)='net/ip6_tables_targets\x00') r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0xa8, r3, 0x200, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}]}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x10, 0x7148d3d45b4c4b7a}}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}]}, @IPVS_CMD_ATTR_DEST={0x20, 0x2, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x100000000}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@broadcast}]}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0xffff}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x2000000}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x81}, 0x1) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:11 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x800000000000000}) 04:20:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0xa, 0x2}, 0x0) 04:20:11 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x68000000) 04:20:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000048000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:11 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010006000a007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2548.119717] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2548.142963] vhci_hcd: invalid port number 0 [ 2548.150101] binder_alloc: 16566: binder_alloc_buf size 4222124650659840 failed, no address space [ 2548.151294] IPVS: ftp: loaded support on port[0] = 21 04:20:11 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0xa00000000000000}) 04:20:11 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x6c000000) 04:20:11 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010006000e007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2548.192480] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2548.221108] binder_transaction: 2 callbacks suppressed [ 2548.221127] binder: 16566:16574 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:20:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0xb, 0x2}, 0x0) [ 2548.275505] binder_alloc: binder_alloc_mmap_handler: 16566 20001000-20004000 already mapped failed -16 [ 2548.353593] vhci_hcd: invalid port number 0 [ 2548.382476] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2548.391454] binder: BINDER_SET_CONTEXT_MGR already set [ 2548.397433] binder_alloc: 16566: binder_alloc_buf, no vma [ 2548.403311] binder: 16566:16574 ioctl 40046207 0 returned -16 [ 2548.417191] binder: 16566:16578 transaction failed 29189/-3, size 0-4222124650659840 line 3035 04:20:11 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x74000000) 04:20:11 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x2000000000000000}) [ 2548.438026] binder_release_work: 2 callbacks suppressed [ 2548.438033] binder: undelivered TRANSACTION_ERROR: 29201 [ 2548.450793] binder: undelivered TRANSACTION_ERROR: 29189 [ 2548.569226] vhci_hcd: invalid port number 0 [ 2548.591825] IPVS: ftp: loaded support on port[0] = 21 04:20:11 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) r1 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0xf91, 0x200001) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000080)) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:11 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010006000f007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000000000000000004c000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:11 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x10, 0x2}, 0x0) 04:20:11 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x3f00000000000000}) 04:20:11 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x7a000000) [ 2548.763962] vhci_hcd: invalid port number 0 [ 2548.773224] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2548.792887] binder_alloc: 16606: binder_alloc_buf size 4222124650659840 failed, no address space 04:20:11 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x4800000000000000}) 04:20:12 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x9effffff) [ 2548.817373] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2548.843238] binder: 16606:16615 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2548.874265] vhci_hcd: invalid port number 0 [ 2548.879559] binder_alloc: binder_alloc_mmap_handler: 16606 20001000-20004000 already mapped failed -16 [ 2548.912268] binder: BINDER_SET_CONTEXT_MGR already set 04:20:12 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x4c00000000000000}) 04:20:12 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x280, 0x0) ioctl$BLKTRACESTOP(r0, 0x1275, 0x0) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r1, 0x17) ptrace$cont(0x18, r1, 0x0, 0x0) capget(&(0x7f0000000000)={0x39980732, r1}, &(0x7f0000000080)={0x0, 0x6229, 0x9d, 0x7, 0x1, 0xac2}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 04:20:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x11, 0x2}, 0x0) [ 2548.939529] binder: 16606:16615 ioctl 40046207 0 returned -16 [ 2548.943113] binder_alloc: 16606: binder_alloc_buf, no vma [ 2549.012072] binder: undelivered TRANSACTION_ERROR: 29201 [ 2549.018488] binder: 16606:16626 transaction failed 29189/-3, size 0-4222124650659840 line 3035 04:20:12 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20\x00', 0x12000, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000180)=@sack_info={0x0, 0x100, 0xe53b}, &(0x7f00000001c0)=0xc) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000200)=r1, 0x4) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x20101, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r3, 0x29, 0x1, &(0x7f0000000080), 0x4) ptrace$setopts(0x4206, r2, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) tkill(r2, 0x17) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f0000000240)) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 04:20:12 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060020007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:12 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xaf200000) [ 2549.057349] vhci_hcd: invalid port number 0 [ 2549.068983] binder: undelivered TRANSACTION_ERROR: 29189 04:20:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000060000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:12 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x6000000000000000}) 04:20:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x12, 0x2}, 0x0) 04:20:12 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xf0ffffff) [ 2549.370378] vhci_hcd: invalid port number 0 [ 2549.381742] binder_alloc: 16654: binder_alloc_buf size 4222124650659840 failed, no address space [ 2549.391774] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2549.410106] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 04:20:12 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x6800000000000000}) [ 2549.436115] binder: 16654:16658 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2549.452205] binder_alloc: binder_alloc_mmap_handler: 16654 20001000-20004000 already mapped failed -16 [ 2549.496276] binder: BINDER_SET_CONTEXT_MGR already set [ 2549.503042] binder: 16654:16658 ioctl 40046207 0 returned -16 [ 2549.513804] binder_alloc: 16654: binder_alloc_buf, no vma [ 2549.522553] binder: 16654:16666 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2549.538744] vhci_hcd: invalid port number 0 04:20:12 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010006003f007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:12 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xfffff000) 04:20:12 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x13, 0x2}, 0x0) [ 2549.544125] binder: undelivered TRANSACTION_ERROR: 29201 [ 2549.552238] binder: undelivered TRANSACTION_ERROR: 29189 04:20:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000068000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2549.688866] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2549.701504] binder_alloc: 16679: binder_alloc_buf size 4222124650659840 failed, no address space [ 2549.765212] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2549.790249] binder: 16679:16680 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2549.823382] binder_alloc: binder_alloc_mmap_handler: 16679 20001000-20004000 already mapped failed -16 [ 2549.836588] binder: BINDER_SET_CONTEXT_MGR already set [ 2549.842144] binder_alloc: 16679: binder_alloc_buf, no vma [ 2549.848095] binder: 16679:16680 ioctl 40046207 0 returned -16 [ 2549.854072] binder: 16679:16684 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2549.864301] binder: undelivered TRANSACTION_ERROR: 29201 [ 2549.872888] binder: undelivered TRANSACTION_ERROR: 29189 04:20:15 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x7, 0x10000) ioctl$sock_ax25_SIOCADDRT(r2, 0x890b, &(0x7f0000000140)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x4, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @null, @null, @default, @bcast]}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:15 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x6c00000000000000}) 04:20:15 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xffffff7f) 04:20:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x25, 0x2}, 0x0) 04:20:15 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060040007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000000000000000006c000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2552.348861] vhci_hcd: invalid port number 0 [ 2552.353535] validate_nla: 19 callbacks suppressed [ 2552.353543] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2552.360272] binder_alloc: 16689: binder_alloc_buf size 4222124650659840 failed, no address space [ 2552.390270] netlink: 'syz-executor0': attribute type 1 has an invalid length. 04:20:15 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x7400000000000000}) 04:20:15 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xffffff9e) [ 2552.396187] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2552.418770] binder: 16689:16691 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2552.429050] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2552.442033] binder_alloc: binder_alloc_mmap_handler: 16689 20001000-20004000 already mapped failed -16 [ 2552.464288] binder: BINDER_SET_CONTEXT_MGR already set [ 2552.483496] binder: 16689:16691 ioctl 40046207 0 returned -16 04:20:15 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x50b000, 0x0) ioctl$TCFLSH(r1, 0x540b, 0x81) wait4(0x0, 0x0, 0x80000000, 0x0) ioctl$PPPIOCSMAXCID(r1, 0x40047451, &(0x7f0000000080)=0x2) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2552.495368] binder_alloc: 16689: binder_alloc_buf, no vma [ 2552.517948] binder: undelivered TRANSACTION_ERROR: 29201 [ 2552.524078] binder: 16689:16700 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2552.541975] vhci_hcd: invalid port number 0 04:20:15 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060048007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x51, 0x2}, 0x0) 04:20:15 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xfffffff0) [ 2552.571292] binder: undelivered TRANSACTION_ERROR: 29189 04:20:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000000000074000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2552.641159] netlink: 'syz-executor1': attribute type 1 has an invalid length. 04:20:15 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x7a00000000000000}) [ 2552.688714] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2552.716426] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:15 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0xffffffff00000000}) 04:20:15 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x40030000000000) [ 2552.741543] vhci_hcd: invalid port number 0 [ 2552.752972] binder_alloc: 16726: binder_alloc_buf size 4222124650659840 failed, no address space [ 2552.773848] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 04:20:15 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x300, 0x2}, 0x0) [ 2552.830540] binder_alloc: binder_alloc_mmap_handler: 16726 20001000-20004000 already mapped failed -16 [ 2552.837670] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:20:16 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010006004c007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2552.881188] binder: BINDER_SET_CONTEXT_MGR already set [ 2552.888918] vhci_hcd: invalid port number 0 [ 2552.900535] netlink: 'syz-executor1': attribute type 1 has an invalid length. [ 2552.914024] binder_alloc: 16726: binder_alloc_buf, no vma [ 2552.924666] binder: 16726:16729 ioctl 40046207 0 returned -16 04:20:16 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x2}) 04:20:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000000000000000007a000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2552.957116] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2552.973087] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2553.036078] vhci_hcd: invalid port number 0 [ 2553.091192] binder_alloc: 16749: binder_alloc_buf size 4222124650659840 failed, no address space [ 2553.120412] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2553.148363] binder_alloc: binder_alloc_mmap_handler: 16749 20001000-20004000 already mapped failed -16 [ 2553.159370] binder_alloc: 16749: binder_alloc_buf, no vma [ 2553.162512] binder: BINDER_SET_CONTEXT_MGR already set [ 2553.171084] binder: 16749:16750 ioctl 40046207 0 returned -16 04:20:18 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) write$FUSE_BMAP(r0, &(0x7f0000000080)={0x18, 0x0, 0x5, {0xffffffffffffffff}}, 0x18) clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r1, 0x17) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 04:20:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x500, 0x2}, 0x0) 04:20:18 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xf0ffffffffffff) 04:20:18 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060060007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:18 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x3}) 04:20:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340400000000000fffffdfd000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2555.624810] vhci_hcd: invalid port number 0 [ 2555.626085] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2555.649891] binder_alloc: 16761: binder_alloc_buf size 4222124650659840 failed, no address space 04:20:18 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) syz_open_dev$video4linux(&(0x7f0000000000)='/dev/v4l-subdev#\x00', 0x6, 0x80000) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:18 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x4}) 04:20:18 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x600, 0x2}, 0x0) [ 2555.677888] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2555.691133] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2555.700967] binder_transaction: 4 callbacks suppressed [ 2555.700986] binder: 16761:16764 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:20:18 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x100000000000000) [ 2555.743630] binder_alloc: binder_alloc_mmap_handler: 16761 20001000-20004000 already mapped failed -16 04:20:19 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060068007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2555.836504] binder: BINDER_SET_CONTEXT_MGR already set [ 2555.844349] vhci_hcd: invalid port number 0 [ 2555.861595] binder: 16761:16764 ioctl 40046207 0 returned -16 04:20:19 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x700, 0x2}, 0x0) 04:20:19 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x5}) 04:20:19 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x200040, 0x0) ioctl$BLKROTATIONAL(r2, 0x127e, &(0x7f0000000080)) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2555.881562] binder_alloc: 16761: binder_alloc_buf, no vma [ 2555.901464] binder: 16761:16786 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2555.910520] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2555.936330] binder_release_work: 4 callbacks suppressed [ 2555.936337] binder: undelivered TRANSACTION_ERROR: 29189 [ 2555.966657] binder: undelivered TRANSACTION_ERROR: 29201 [ 2555.975728] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2555.983024] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000002000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:19 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x900, 0x2}, 0x0) 04:20:19 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x200000000000000) [ 2556.041754] vhci_hcd: invalid port number 0 04:20:19 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x6}) 04:20:19 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010006006c007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:19 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0xa00, 0x2}, 0x0) [ 2556.207653] binder: 16807:16814 got transaction to invalid handle [ 2556.214115] binder: 16807:16814 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2556.241811] vhci_hcd: invalid port number 0 [ 2556.242353] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:19 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x300000000000000) [ 2556.260498] binder_alloc: binder_alloc_mmap_handler: 16807 20001000-20004000 already mapped failed -16 [ 2556.300390] binder: BINDER_SET_CONTEXT_MGR already set 04:20:19 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x7}) [ 2556.317904] binder: 16807:16814 ioctl 40046207 0 returned -16 [ 2556.324186] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2556.339167] binder: 16807:16819 got transaction to invalid handle [ 2556.353616] binder: undelivered TRANSACTION_ERROR: 29201 [ 2556.360189] binder: 16807:16819 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:20:19 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0xb00, 0x2}, 0x0) 04:20:19 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060074007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2556.395302] binder: undelivered TRANSACTION_ERROR: 29201 [ 2556.452216] vhci_hcd: invalid port number 0 04:20:19 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x400000000000000) [ 2556.475406] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:22 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x1000) 04:20:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000003000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:22 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x8}) 04:20:22 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0xc00, 0x2}, 0x0) 04:20:22 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010006007a007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:22 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x500000000000000) [ 2559.038944] binder: 16849:16851 got transaction to invalid handle [ 2559.051152] vhci_hcd: invalid port number 0 [ 2559.056067] validate_nla: 7 callbacks suppressed [ 2559.056077] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2559.061907] binder: 16849:16851 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2559.079696] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:20:22 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0xd00, 0x2}, 0x0) [ 2559.080167] binder_alloc: binder_alloc_mmap_handler: 16849 20001000-20004000 already mapped failed -16 [ 2559.096975] binder: BINDER_SET_CONTEXT_MGR already set [ 2559.102433] binder: 16849:16851 ioctl 40046207 0 returned -16 [ 2559.108644] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2559.117418] binder: 16849:16858 got transaction to invalid handle [ 2559.124018] binder: 16849:16858 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2559.133774] binder: undelivered TRANSACTION_ERROR: 29201 04:20:22 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0xa}) [ 2559.147740] binder: undelivered TRANSACTION_ERROR: 29201 04:20:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000004000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:22 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x600000000000000) 04:20:22 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060192007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:22 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0xe00, 0x2}, 0x0) [ 2559.272826] vhci_hcd: invalid port number 0 [ 2559.348594] binder: 16867:16873 got transaction to invalid handle [ 2559.374470] binder: 16867:16873 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2559.390909] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2559.403143] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2559.412913] binder_alloc: binder_alloc_mmap_handler: 16867 20001000-20004000 already mapped failed -16 [ 2559.436249] binder: 16867:16878 got transaction to invalid handle [ 2559.441453] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2559.445532] binder: BINDER_SET_CONTEXT_MGR already set [ 2559.465603] binder: 16867:16878 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2559.474746] binder: 16867:16873 ioctl 40046207 0 returned -16 [ 2559.481145] binder: undelivered TRANSACTION_ERROR: 29201 [ 2559.496813] binder: undelivered TRANSACTION_ERROR: 29201 [ 2559.528883] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2559.537159] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:25 executing program 3: clone(0x80000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:25 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x10}) 04:20:25 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0xf00, 0x2}, 0x0) 04:20:25 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x700000000000000) 04:20:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000005000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:25 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060001000600f0007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2562.027838] binder: 16883:16885 got transaction to invalid handle [ 2562.051155] binder: 16883:16885 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2562.063522] vhci_hcd: invalid port number 0 [ 2562.064995] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:20:25 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1100, 0x2}, 0x0) [ 2562.099795] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2562.107415] binder_alloc: binder_alloc_mmap_handler: 16883 20001000-20004000 already mapped failed -16 [ 2562.125442] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:25 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x48}) [ 2562.151349] binder: BINDER_SET_CONTEXT_MGR already set [ 2562.158555] binder: 16883:16899 got transaction to invalid handle [ 2562.192124] binder: 16883:16899 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2562.206250] binder: 16883:16885 ioctl 40046207 0 returned -16 04:20:25 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x800000000000000) 04:20:25 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060002007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:25 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1200, 0x2}, 0x0) [ 2562.233529] binder: undelivered TRANSACTION_ERROR: 29201 [ 2562.251133] binder: undelivered TRANSACTION_ERROR: 29201 04:20:25 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x22240, 0x0) ioctl$VIDIOC_S_CROP(r2, 0x4014563c, &(0x7f0000000140)={0x0, {0x2, 0x9, 0x5, 0x80}}) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x8001) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000006000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:25 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x4c}) [ 2562.411700] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2562.446259] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2562.452926] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:20:25 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1300, 0x2}, 0x0) 04:20:25 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f0000000000)={0x7ff}) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2562.501025] vhci_hcd: invalid port number 0 [ 2562.511663] binder: 16922:16926 got transaction to invalid handle 04:20:25 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x60}) [ 2562.552202] binder: 16922:16926 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:20:25 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xa00000000000000) 04:20:25 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060003007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2562.616036] binder_alloc: binder_alloc_mmap_handler: 16922 20001000-20004000 already mapped failed -16 04:20:25 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1400, 0x2}, 0x0) [ 2562.685340] vhci_hcd: invalid port number 0 [ 2562.695739] binder: 16922:16936 got transaction to invalid handle [ 2562.705589] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2562.714777] binder: BINDER_SET_CONTEXT_MGR already set [ 2562.720785] binder: 16922:16936 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:20:25 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x68}) [ 2562.731462] binder: 16922:16945 ioctl 40046207 0 returned -16 [ 2562.737576] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2562.750071] binder: undelivered TRANSACTION_ERROR: 29201 [ 2562.769480] binder: undelivered TRANSACTION_ERROR: 29201 04:20:25 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xe00000000000000) 04:20:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000007000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2562.858101] vhci_hcd: invalid port number 0 04:20:26 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1500, 0x2}, 0x0) 04:20:26 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x6c}) [ 2562.892890] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:26 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xf00000000000000) 04:20:26 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1600, 0x2}, 0x0) [ 2562.956714] binder: 16957:16959 got transaction to invalid handle [ 2562.980792] vhci_hcd: invalid port number 0 [ 2562.985703] binder: 16957:16959 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2563.048985] binder_alloc: binder_alloc_mmap_handler: 16957 20001000-20004000 already mapped failed -16 [ 2563.102437] binder: BINDER_SET_CONTEXT_MGR already set [ 2563.122710] binder: 16957:16959 ioctl 40046207 0 returned -16 [ 2563.129208] binder: 16957:16974 got transaction to invalid handle [ 2563.139353] binder: 16957:16974 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2563.152495] binder: undelivered TRANSACTION_ERROR: 29201 [ 2563.176483] binder: undelivered TRANSACTION_ERROR: 29201 04:20:28 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060004007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:28 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x74}) 04:20:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1700, 0x2}, 0x0) 04:20:28 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x1000000000000000) 04:20:28 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) write$binfmt_misc(r1, &(0x7f0000000140)={'syz1', "406677d5d405a592731c1730fb842d5b856145f476cdb5e6f388ee61297017806211888fe9bf2625e977d0ae5268160ae05354ff6985b547f0905204941afe386c54ee71033c179887d0c897e28cd12dda22ef62944503b3752bbd3881a70818364700182f0e8a0b5e5766bad95bc94048ec386532df7c0378ebd79568b566ca387b3406469b22ce4a547a19fa0763ff772284fe62d6a72d1d26207d6f099ca2275d6cb679013ffe0dd2ba3affa2d0d92b29bfc8bd4612458b28cc613317bbeaf225dce2911ec7964518efeb58e7fe4bcba1e7a4eb966f7fd0a33d1419c113852beb052c67aabea649408000f0ae219d850c54bcf527d38dd62b71349c96e59051a0bd3a728cd6be0a1583f218a03d3e8fc93fbcb7294936c18208c120c60a581369a41f1e008fcddc5d67c65df91f2a23869d326dbac4867607cc341f99e67eb462a17b5535ea919c83eac0c47beb0351f388377bc53612f51c02eca1af86f4a369d271d6cf57bc50d48616062aaf5196956ceb2ea1380f75cb415373e57e5cfe4afff026736d1e733c4c23bd39dee11909b1840d0350733d6c779db5a019527a4f0cd9d289bb80c1c7e8170d0c8a94c6abcbaefda2dde415d1b3bd3016a936c3a2b70aa42975c6e697224a8042f5fd0156becf8028e0b964201e929402059ed22bd8f54fba6d3ee23740a0095a9318f488f2ffcd92660c576a04b117daa25f360c0ad36bc45c96c2403810a57bba526145d0944d1a3b68230593a1f3db6ec5e572c6b7fd2898f068cb974558ae6c8422b832f411b97ddf871eff0b23c6a485c68f37e40264d3f1e1d06d317383af1ce4b6d30da9836afd10badaa267f9892c6ac9c95c3d2057aa2f0c4cfe71ce0b0b55e85e483f8cb54a443f36b0861eab12621e2555ab55c62286467993bb89ef5eb052496875dcbb5daec640e13ebc714b36087bb4c1259bd7440604592986cdf4756ab2a11fd53d31ab7e0069be1524c1dcc7c4fbbd87ad3c3b7c8b8c19f957f222fb08e9e9202ceeb1be2d8b00e70d2d78365d046aa2f72b0ede391999f7017dc157293bccf6e88b6403b5b0aaa6fcba76603e6c010c9073de11a50453e8b3cd88f6d4c81a7d09e7be8fa16b286165ad773d2861b215b0808112f1eb88f2273a67cc16b14d6ca86993a6e0b0076c33987028e59a9ed05fc61f081fefba44632a911a4c2d0bd6f1aa1d52040ac7591401bda1f0459a7f41751294adf343a53818f5a98580868656192c37ce6cc47b271e74fa087c48cf5a91a8ac0693aaa648ce98ff5192106fdb3c2a537b982da107a4c151ce9f9d606d57e19986055c2abfc33fbf3ff679f73790f347f3a509b07b715e47db897076928e05329406946e67ba5748b3f29cf69723077dcfff719756563c21ec2f5d563ea02afee2ebc4dfc9273729ba6a07bb163498867befb9b3497ccdce31fbc58876a9524c1bc2bc343bc366410f3b0edef1a64492cfd51afc1e776f3f0078f19043ef7fe1da22ae1d5e6703360ca88a93cf14a1a0a586ee8e90fa6640c2666cbaaa8aa1d446ea0b9a8427206327b22c04dcb63124b937ca5da49a369bedb7f1686cb4ea5563aa8582ab75468d363e5fd5e8657aa535a1ceb16b1e8abb6082a91e76bfe4c37d261b31004ad7a6ee1a35c6aee1b0a7b8295a4e2b0e5ecfe354f6e361bc0c9784ee1cddbdec5a955f7723085d7e11bc3beeffe5562a8c081c7c16d1a2679d4045647414bbd159bc901b1526c1d7cd3be21b243f80c9d97c9d5e4763181e6a80118b8961f606a8858a610b18b4ec676bdf20a7362b0030b2dd7b8fa3925a3b9cdfa57687a7bee67f7050d103b9222752b6dad8e1f6178a2a3dcdc3bc1a2d23d01fe8cf72ef40727829ea991e7ef5aeac6cdb0abc4bd69d613a774a82bedef3daba3e7def0b5251907c8f5c54460f8e5684f0900855fb885ecf28bfbd78bbc8d6280d1f7d2a2d900b640835fa4f2a448cc18b0beb2f23b36eefe85410566a786c91bd93f5ecd2eaa16dadef51880a65c57484924ec97072bc418dea958cceead097736ebe79bd29abfdef2ae88e7e0f11a14c4730de7a8e4bdaf9f6657d6f12bfaf7e9337fd4cd41289a2036deace9e6bad0ae09b332fcb6238d9ea6fb86983d3cf8cc26d0e19c82b0fadce239f4271e5193f2c9005b857772528c279709585ee703c4a66fa6abf70a95773c73386a12e42e955f1f90506c208e1c66391bf54bc584a483f9b4d5f3e1dd9c35adf21abf3d0908025c82b625fa78641d7bea8f4909730bad4e483ff58cc423260b756646ec974f2c76bd820828c4117d3fd985ca9194025cbcbbb3d9899de06b164bd4e98ab430a3ef49a6d9084559878eace0b1eae70a969523259c0177a7c2425f80a1df27f4b23ef5212ad07d9689adc2adeacaf7f1f1776e9d3996f6e92c74cbdf3a30761d01358b0591662ee57969d78d472bb26cef2a52408c48a3acfdfcaf71547607d30ff558807349532c1792dcf921c91c83ce0e50ad6ba7c6e9f995169113bfd2adbed7c6de9ac7f069130e0acdaf6d4351cea7d604db7ee48301ff78252c1dc6f21a1918673dbedc028152ed1c6e792b6fe11c253c196dd1e07883a5ffb37d77d8ac90875c9fd9c643cdc7849a2bd7e59f2772b71b1edc1b39ff5c42613d3b13e67e6d41436ddd35be6c5bbf2f3441440fc9986525891d35d45d1f524eb1283f2211be356e57a665d9a21df878e6d817bb6f97f6712967b1d74166d987b78f9b92cf540f094933761fd3a0318d2c55c706f577641e38e3d642eaea96a81639d40887412ff48a3c12e2b0a8314931cb127dffa40e9bcbd1f97e8a6c1e10495fec612fd165893f8addf4a26494264a605f3731cd1402a75e284844983939407a02417055058c7184766032b673c39a8ae6ce855aaa519e69ba9ee1fafefbe7b431c66fa650bac27b1e5adad8f0a41013f70a71fed6599fc7df02d13e4cd3d73f2725231418eb5f96fc78ec0f1be32cbc499eb99e3d1a0d9aa6a88dc1fea2fbbfcaaeaf82f83e8d615832c108b4a148410fca561519484df344723194b5c20352e6a31f59e8c1460729ac1d7914ae1445dcc31bd694294025329b77a438a7a5efe01a07e24e2c6b91dbcf533bf612813a9b48d1078404860d66ac2b49168879c394e37da3097c36fd055372b4705149ba3c20c532f4f97e181c8e08fc7d1ad3f60bb66d494ad7a4012b710d375cd00b306a83065306f19aa732903701e546056255117636fe4ee314f4b1f6074623f4487bf3b8def24f13686d92d4fe95be0400a7e7f410504bc7bd5f2408c98836279a2110f0b1f6ed0366280c477a5a452a27f706ffda7f59a2e2e3f6a5be276e9cf3c2e53373c174931680e60e02902f930f5a0876807cc7d1fdf3c9b6889f9e103f1199467597c3ad61f46a22492dd0bf0f3319d36e8c470719f5d5d51eb1144b3ec2c7bf4486022f27e7a22fc368c82b8c1e8953a33333f3167900630c4e548f8b7f078cbefd6cf876dbdb2b959d335d952109a6224ae1d1cbbbc2f7da685ac9bdc35e7bd2d882897cd16262d503218978dc5deefaa15c9fd3e1beabf16553e2eba16b4e53ba744f55e86cd7e6bf145fa6d329d7055c403500c70640688f119bcc794a98ea453722b967dfac8cbf5c5dd840f334e8d37c7b365b1e4b1647d779168e979c02ac1c1db13be99026e9d196140b40e2564b2667d15aca70dba0a4a5795f28d403ed26a7cb2b388eeee777e8af35334a38f033091986b3ac81c62aba89cddf5320d20b319c9ce5b4a584775241f5813fa7305a4ecbcccf4312ed4df4b619b518a9c81c1ee62cd70411f288536253e5ebd83fe5a91b90d3a13ba69574752ad81780cd30cea9cef6c261af3a145a3a1e9a84fd8ade50b99cd3d036d5746d5f872ecf6a98d5264dfd67adac7bbdb060e2b864a41e89a318eedb87831767563be8348323f171d27f6952d4a91b43c305b95d8c8026162b153b98de09404eeaefa4316b09e24dabbce24f56e108d530bfe6fd92568c24380cda941cedf90699f9163639d2419487c4541ac8211bcd84ccebe0e6ea402d39324910fcf6f511f0a70193f947d5ddaa6191dc5611b6170a9ad56fc252c03bac8d113fd502ebb05492fe123c78139b66bc6bb2324fca3b5271c1ffb36ca9c880c0a5af4cdbbc017352e643368433c066c804499d581765ebbd098f97f36afef2dcc2853b808f7c16579769ad5cc2fc2a01aed6416b4994ce7da1588458af3eb263758f620fbf7935e380942258aafcc2badbe601b0f5e4b77732f5ab0661b2dafc131c28c1e7aa707820374e76c346715538a2444fbea385df9f9b67b71717fad2e265a1393896b2ca92685af978ace1f630d1360166e57ff495d68c4cebae096ea4bcb7b1bac6a89f3bc9d614dff9059a7fbf974e6771e2f7e800d786722586467055801c04077ee00b4f9b5b399615a61a2fd001569be52a7e16f0497ce694a0a20a6b67ad72805523bfa4f97589938c29adff3160b40147d7d6e5b8f359f684f771fa19b8d0c9fa1dd49bcf7a6b046a50cc991e71d00cb4453c8e5cfc051b3138dffa420d90c514811d7cbeab362a2b5ba17ca3692ea15991d069e055ec82ddbe309c7c15d362add0c23a8f9a3bdb98281b13d951f16eb71327d47ca766b991fdfed34fb5abfe7c9fdcbdc71547dfb200350ea1155a0e6653f867241feee754f67458d9c423ce5df72058a875b0d6f1a54414db5d82d0d1651765d5c7d9567eda11180b85c444f7136541152201ec06d65259236f6b278b47a06df4ae8311e475f732bea5cdbdcb2c6b24d90844a4efa9450e9b6fc70d283d97cfc16154ab514ee8291040418b995be920d297189376f008fb644cee327752c606312dbd967e10468bf847fabd177e11b9375d7b1e4a9fbf9315e73dada5daf4ceebfcb39d4d8b4db38e2062771e584e84643a9676bd1d9ef1a059182b9a7453604cfa57b34b6b30b45853bdc1af7bde587d8bbc98ee9fe07056a7784534ad943ed4482afc713764f6cfdac55454fa49bc084d0e2ebddb9b46eaa59169080c27d018c61814a2473bc59e1d3ba195c001453a1049e0862b37df927e92a17fa68b78f7e728245c710743c44483665175876000c28a843264dbc20de03d4b77ecce6ba2d80d0e0f12ff1440dddfe347c28617313b2fd85a96ba46e1522bad4d6694124bf0f32797554a8e373212919f909881487e435adc2274f99005c036116fe8360c7090874833b7baa62ae57d6e3128dae63a2358162db784f37a2ae2a51855982b6cd3b18ea01fdb971d562da8f5764ff8720269a77d5b5f1a1a159cf5354887f15acf4718b77906af22d97d5f5a295ce5d68dd3ecf96a62151c6505a98661874bc77231805089fa3937717263093953b94f4c955d4dd083689fe779999188a6a81d684f679dd5dd547b6ab5fa1578d68b4ef0437043b3ef3ebcce95336629e19b169327aec6b7a3f565e1408231d11b1333c2b04c7784e095c5b33a89794a0407678c1c8221381b87b9eeb9db54aa9580faa7bf0e3411a0399adc46374029aa27101274deceef940b152089946dcf4c980cd7f4dcdb6a15dbca02f3f6a6f66e4911c4c224ed3a807f544ab75976a10d681e6ca75daa8cdb1a114270b50eaf1d89694c17de1d60763ab127f61f004d2ea07011c36ad3bebb3b6e1a8e6b40c547b14d2d53a88fa67b9f5b95aef8de561b1f09fe463721a2dd438d5540c015605a8aa36d0bf4238562aa1fc97c73bb3f98d4b6e5ccd13ff39fe176d5275d57c825506"}, 0x1004) ptrace$cont(0x19, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000000a000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2565.612266] vhci_hcd: invalid port number 0 [ 2565.636149] validate_nla: 4 callbacks suppressed [ 2565.636159] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2565.648511] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2565.672737] binder: 16984:16988 got transaction to invalid handle 04:20:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1800, 0x2}, 0x0) 04:20:28 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x7a}) [ 2565.681215] binder: 16984:16988 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2565.692655] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2565.708640] binder_alloc: binder_alloc_mmap_handler: 16984 20001000-20004000 already mapped failed -16 [ 2565.740790] binder: BINDER_SET_CONTEXT_MGR already set 04:20:28 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x80080) ioctl$NBD_SET_SIZE(r2, 0xab02, 0x3) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1900, 0x2}, 0x0) [ 2565.792752] binder: 16984:16988 ioctl 40046207 0 returned -16 [ 2565.792859] vhci_hcd: invalid port number 0 [ 2565.805758] binder: undelivered TRANSACTION_ERROR: 29201 04:20:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000012000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:29 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060005007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:29 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x2000000000000000) 04:20:29 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x300}) 04:20:29 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) r2 = accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000000)) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000000140)={0x4, {{0xa, 0x4e23, 0x4e8c, @empty, 0xfffffffffffff801}}}, 0x88) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2565.986822] binder: 17009:17016 got transaction to invalid handle [ 2566.000500] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2566.019584] netlink: 'syz-executor0': attribute type 1 has an invalid length. 04:20:29 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1a00, 0x2}, 0x0) 04:20:29 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x500}) [ 2566.033904] vhci_hcd: invalid port number 0 [ 2566.037232] binder: 17009:17016 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2566.055726] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:29 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x3f00000000000000) [ 2566.119775] binder_alloc: binder_alloc_mmap_handler: 17009 20001000-20004000 already mapped failed -16 [ 2566.153315] binder: BINDER_SET_CONTEXT_MGR already set 04:20:29 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1b00, 0x2}, 0x0) 04:20:29 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060006007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2566.181009] binder: 17009:17016 ioctl 40046207 0 returned -16 [ 2566.200259] vhci_hcd: invalid port number 0 04:20:29 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x0, 0x2) ftruncate(r0, 0x1000) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000240)={0x7, 0x7, 0x4, 0x70000, {}, {0x2, 0xc, 0xffffffffffff7966, 0x4a, 0x81, 0x11a23aa1, "85f1c36f"}, 0x10001, 0x1, @planes=&(0x7f0000000200)={0x6, 0x2, @userptr=0x10000, 0xffffffffffffffac}, 0x4}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r1, 0x17) ptrace$cont(0x18, r1, 0x0, 0x0) fcntl$lock(r2, 0x25, &(0x7f0000000000)={0x0, 0x7, 0x5, 0xfff, r1}) ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000140)={0x0, 0x0, [], @raw_data=[0x4, 0x603b5b8c, 0x1, 0x8001, 0x40, 0x7, 0xba94, 0x3, 0x7, 0x2, 0x8, 0xc0000000, 0x7fffffff, 0xfffffffffffffffb, 0x7, 0x100, 0xd6, 0xc08, 0x64, 0x5, 0xffffffffffffffc1, 0x9, 0x101, 0x2, 0x6, 0xfffffffffffffff8, 0x208d, 0x66, 0x5a28, 0x7ff, 0x3, 0x5]}) setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000340)=0x4000000201, 0x66bdf5c4c9540ac9) ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f00000002c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x8, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={'nr', 0x0}, 0x2, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 04:20:29 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x600}) [ 2566.267305] binder: 17009:17041 got transaction to invalid handle [ 2566.277723] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2566.317307] binder: 17009:17041 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2566.333773] binder: undelivered TRANSACTION_ERROR: 29201 [ 2566.351553] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2566.377849] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2566.385251] binder: undelivered TRANSACTION_ERROR: 29201 04:20:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000048000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:29 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(r0, 0x0, 0x7fffffff, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x202, 0x0) sendmsg$nl_route(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)=@setneightbl={0x88, 0x43, 0x301, 0x70bd29, 0x25dfdbff, {0x7}, [@NDTA_THRESH3={0x8, 0x4, 0x5}, @NDTA_THRESH3={0x8, 0x4, 0xffffffff}, @NDTA_PARMS={0x38, 0x6, [@NDTPA_PROXY_DELAY={0xc, 0xd, 0x8}, @NDTPA_PROXY_DELAY={0xc, 0xd, 0x25}, @NDTPA_QUEUE_LEN={0x8, 0x8, 0x4}, @NDTPA_GC_STALETIME={0xc, 0x6, 0x6}, @NDTPA_APP_PROBES={0x8, 0x9, 0x3}]}, @NDTA_PARMS={0x24, 0x6, [@NDTPA_GC_STALETIME={0xc, 0x6, 0x4}, @NDTPA_UCAST_PROBES={0x8, 0xa, 0x2}, @NDTPA_DELAY_PROBE_TIME={0xc, 0x7, 0x1}]}, @NDTA_THRESH2={0x8, 0x3, 0x1ff}]}, 0x88}, 0x1, 0x0, 0x0, 0x8001}, 0x48c1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:29 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x4000000000000000) 04:20:29 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1c00, 0x2}, 0x0) [ 2566.440642] vhci_hcd: invalid port number 0 04:20:29 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060007007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2566.516283] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:20:29 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x700}) [ 2566.568012] binder: 17062:17067 got transaction to invalid handle 04:20:29 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() uselib(&(0x7f0000000280)='./file0\x00') wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x2000000000, 0x800) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x68, r3, 0x10, 0x70bd28, 0x25dfdbfd, {{}, 0x0, 0x4108, 0x0, {0x4c, 0x18, {0x6, @media='eth\x00'}}}, ["", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x40000}, 0x4040080) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:29 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1d00, 0x2}, 0x0) [ 2566.612130] binder: 17062:17067 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2566.638129] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2566.649171] binder_alloc: binder_alloc_mmap_handler: 17062 20001000-20004000 already mapped failed -16 [ 2566.673111] vhci_hcd: invalid port number 0 04:20:29 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x4800000000000000) [ 2566.695646] binder: BINDER_SET_CONTEXT_MGR already set [ 2566.700947] binder: 17062:17067 ioctl 40046207 0 returned -16 04:20:29 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0xa00}) 04:20:29 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1e00, 0x2}, 0x0) [ 2566.753180] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2566.772212] binder: undelivered TRANSACTION_ERROR: 29201 [ 2566.776718] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:20:30 executing program 3: clone(0x20804000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0xf) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000004c000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2566.890281] vhci_hcd: invalid port number 0 04:20:30 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060008007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:30 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x2000}) 04:20:30 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x4c00000000000000) [ 2566.975178] binder_alloc: binder_alloc_mmap_handler: 17097 20001000-20004000 already mapped failed -16 04:20:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1f00, 0x2}, 0x0) [ 2567.019414] binder: BINDER_SET_CONTEXT_MGR already set [ 2567.027348] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2567.055201] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:30 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) ptrace$peek(0x2, r0, &(0x7f0000000400)) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2280, 0x0) getsockopt$EBT_SO_GET_INIT_ENTRIES(r2, 0x0, 0x83, &(0x7f0000000340)={'nat\x00', 0x0, 0x4, 0xf8, [], 0x3, &(0x7f0000000200)=[{}, {}, {}], &(0x7f0000000240)=""/248}, &(0x7f00000003c0)=0x78) getsockopt$inet_tcp_buf(r2, 0x6, 0x2b, &(0x7f0000000140)=""/144, &(0x7f0000000080)=0x90) [ 2567.095163] binder: 17097:17102 ioctl 40046207 0 returned -16 [ 2567.126274] vhci_hcd: invalid port number 0 [ 2567.131322] binder_transaction: 2 callbacks suppressed [ 2567.131333] binder: 17097:17117 got transaction to invalid handle 04:20:30 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x3f00}) 04:20:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2000, 0x2}, 0x0) [ 2567.159736] binder_transaction: 2 callbacks suppressed [ 2567.159756] binder: 17097:17117 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:20:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000060000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:30 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x6000000000000000) 04:20:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2100, 0x2}, 0x0) 04:20:30 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010006000a007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2567.300487] vhci_hcd: invalid port number 0 04:20:30 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x4800}) 04:20:30 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x6800000000000000) [ 2567.405025] binder: 17133:17140 got transaction to invalid handle [ 2567.408505] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2567.432696] binder: 17133:17140 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:20:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2200, 0x2}, 0x0) [ 2567.481713] vhci_hcd: invalid port number 0 [ 2567.482170] binder_alloc: binder_alloc_mmap_handler: 17133 20001000-20004000 already mapped failed -16 04:20:30 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x4c00}) [ 2567.527266] binder: BINDER_SET_CONTEXT_MGR already set [ 2567.544111] binder: 17133:17151 got transaction to invalid handle [ 2567.554789] binder: 17133:17140 ioctl 40046207 0 returned -16 04:20:30 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2300, 0x2}, 0x0) [ 2567.609543] binder_release_work: 3 callbacks suppressed [ 2567.609551] binder: undelivered TRANSACTION_ERROR: 29201 [ 2567.619887] binder: 17133:17151 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2567.659402] binder: undelivered TRANSACTION_ERROR: 29201 [ 2567.743251] vhci_hcd: invalid port number 0 04:20:33 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0xfffffffffffffffc, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) accept4$nfc_llcp(r2, &(0x7f0000000140), &(0x7f0000000080)=0x60, 0x80000) 04:20:33 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010006000e007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:33 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x6c00000000000000) 04:20:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000068000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:33 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2400, 0x2}, 0x0) 04:20:33 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x6000}) [ 2570.194057] vhci_hcd: invalid port number 0 [ 2570.206646] binder: 17166:17174 got transaction to invalid handle [ 2570.226123] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2570.232188] binder: 17166:17174 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:20:33 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2500, 0x2}, 0x0) 04:20:33 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x6800}) [ 2570.272852] binder_alloc: binder_alloc_mmap_handler: 17166 20001000-20004000 already mapped failed -16 04:20:33 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x19) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2570.319232] binder: BINDER_SET_CONTEXT_MGR already set 04:20:33 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x7400000000000000) 04:20:33 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010006000f007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2570.365277] binder: 17166:17174 ioctl 40046207 0 returned -16 [ 2570.405410] vhci_hcd: invalid port number 0 04:20:33 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x6c00}) [ 2570.433309] binder: 17166:17190 got transaction to invalid handle [ 2570.465916] binder: 17166:17190 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:20:33 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x7a00000000000000) 04:20:33 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2600, 0x2}, 0x0) [ 2570.515431] binder: undelivered TRANSACTION_ERROR: 29201 [ 2570.522034] binder: undelivered TRANSACTION_ERROR: 29201 [ 2570.533251] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000006c000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:33 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x2000, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000080)={0x1f, 0x0, 0x2, 0x4}) ioctl$DRM_IOCTL_AGP_UNBIND(r2, 0x40106437, &(0x7f0000000140)={r3, 0x3}) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) tgkill(r0, r0, 0x26) [ 2570.628573] vhci_hcd: invalid port number 0 04:20:33 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060010007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2570.676110] validate_nla: 8 callbacks suppressed [ 2570.676120] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2570.696908] binder: 17209:17210 got transaction to invalid handle 04:20:33 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x7400}) [ 2570.721882] binder: 17209:17210 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:20:34 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x9effffff00000000) 04:20:34 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x200, 0x0) getpeername$packet(0xffffffffffffff9c, &(0x7f0000000140)={0x11, 0x0, 0x0}, &(0x7f0000000180)=0x14) getpeername$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f00000003c0)={&(0x7f0000000080), 0xc, &(0x7f0000000380)={&(0x7f0000000300)=@ipv4_delroute={0x44, 0x19, 0x100, 0x70bd29, 0x25dfdbff, {0x2, 0x34, 0x0, 0xffffffff, 0xfe, 0x0, 0xff, 0x7, 0x400}, [@RTA_MULTIPATH={0xc, 0x9, {0x6, 0x0, 0x9, r3}}, @RTA_IIF={0x8, 0x1, r4}, @RTA_ENCAP_TYPE={0x8, 0x15, 0x2}, @RTA_ENCAP={0xc, 0x16, @typed={0x8, 0x39, @pid=r0}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2700, 0x2}, 0x0) [ 2570.785926] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2570.802344] binder_alloc: binder_alloc_mmap_handler: 17209 20001000-20004000 already mapped failed -16 [ 2570.802399] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2570.828241] vhci_hcd: invalid port number 0 [ 2570.855862] binder: BINDER_SET_CONTEXT_MGR already set 04:20:34 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x7a00}) [ 2570.892667] binder: 17209:17210 ioctl 40046207 0 returned -16 [ 2570.921387] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2570.932769] binder: 17209:17233 got transaction to invalid handle 04:20:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2800, 0x2}, 0x0) [ 2570.968823] binder: 17209:17233 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2571.000093] binder: undelivered TRANSACTION_ERROR: 29201 04:20:34 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060048007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:34 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xaf20000000000000) [ 2571.039330] binder: undelivered TRANSACTION_ERROR: 29201 [ 2571.053242] vhci_hcd: invalid port number 0 04:20:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000074000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:34 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x100000}) 04:20:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2900, 0x2}, 0x0) [ 2571.186961] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2571.198963] binder: 17249:17254 got transaction to invalid handle [ 2571.214836] vhci_hcd: invalid port number 0 [ 2571.219899] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2571.227352] binder: 17249:17254 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:20:34 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x1000000}) [ 2571.258482] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2571.275701] binder_alloc: binder_alloc_mmap_handler: 17249 20001000-20004000 already mapped failed -16 [ 2571.285465] binder: BINDER_SET_CONTEXT_MGR already set [ 2571.291052] binder: 17249:17254 ioctl 40046207 0 returned -16 04:20:34 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2a00, 0x2}, 0x0) 04:20:34 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xf0ffffff00000000) [ 2571.329288] binder: 17249:17258 got transaction to invalid handle [ 2571.339739] binder: undelivered TRANSACTION_ERROR: 29201 [ 2571.345965] binder: 17249:17258 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2571.371875] binder: undelivered TRANSACTION_ERROR: 29201 [ 2571.408312] vhci_hcd: invalid port number 0 [ 2571.495685] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:20:37 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sendmsg$nl_crypto(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)=@alg={0xe8, 0x10, 0x100, 0x70bd2d, 0x25dfdbff, {{'ansi_cprng\x00'}, [], [], 0x2400, 0x400}, [{0x8, 0x1, 0x9}]}, 0xe8}, 0x1, 0x0, 0x0, 0x804}, 0x4) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:37 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010006004c007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0063404000007a000000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:37 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x2000000}) 04:20:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2b00, 0x2}, 0x0) 04:20:37 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xffffff7f00000000) [ 2573.969036] binder: 17275:17281 got transaction to invalid handle [ 2573.987034] vhci_hcd: invalid port number 0 [ 2574.000381] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2574.007950] binder: 17275:17281 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2574.023788] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2574.036348] binder_alloc: binder_alloc_mmap_handler: 17275 20001000-20004000 already mapped failed -16 [ 2574.051785] binder: BINDER_SET_CONTEXT_MGR already set [ 2574.060358] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:37 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x3000000}) 04:20:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2c00, 0x2}, 0x0) 04:20:37 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = open(&(0x7f0000000000)='./file0\x00', 0x40, 0x100) ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0205647, &(0x7f0000000140)={0xa30000, 0x10001, 0x8, [], &(0x7f0000000080)={0x990a2e, 0x7, [], @ptr}}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x15) ptrace$cont(0x18, r0, 0x10000000000000af, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ioctl$KDENABIO(r2, 0x4b36) ioctl$EVIOCSKEYCODE(r2, 0x40084504, &(0x7f00000001c0)=[0x4, 0x1f]) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) ioctl$VIDIOC_ENUMSTD(r2, 0xc0485619, &(0x7f0000000180)={0x100000000, 0xb700, "1c1a0bbe8ece978b1dda9ee3de64f5180b7a4ad49ceee089", {0x9}}) [ 2574.069295] binder: 17275:17291 got transaction to invalid handle [ 2574.087540] binder: 17275:17281 ioctl 40046207 0 returned -16 [ 2574.098340] binder: 17275:17291 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:20:37 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xffffffff00000000) 04:20:37 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060060007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2574.191302] binder: undelivered TRANSACTION_ERROR: 29201 [ 2574.201147] vhci_hcd: invalid port number 0 [ 2574.211041] binder: undelivered TRANSACTION_ERROR: 29201 04:20:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000030000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:37 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x4000000}) 04:20:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2d00, 0x2}, 0x0) [ 2574.324065] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2574.340559] binder: 17311:17315 got transaction to invalid handle [ 2574.358288] binder: 17311:17315 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2574.368024] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2574.380286] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2574.397427] binder_alloc: binder_alloc_mmap_handler: 17311 20001000-20004000 already mapped failed -16 [ 2574.401903] vhci_hcd: invalid port number 0 [ 2574.411687] binder: BINDER_SET_CONTEXT_MGR already set [ 2574.417577] binder: 17311:17319 got transaction to invalid handle 04:20:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2e00, 0x2}, 0x0) 04:20:37 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0xfffffffffffff000) [ 2574.424170] binder: 17311:17315 ioctl 40046207 0 returned -16 [ 2574.445676] binder: 17311:17319 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2574.463086] binder: undelivered TRANSACTION_ERROR: 29201 04:20:37 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x5000000}) [ 2574.490521] binder: undelivered TRANSACTION_ERROR: 29201 04:20:37 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060068007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:37 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000050000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2574.628958] vhci_hcd: invalid port number 0 04:20:37 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x2f00, 0x2}, 0x0) [ 2574.708223] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2574.726257] binder: 17334:17335 got transaction to invalid handle [ 2574.732542] binder: 17334:17335 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2574.777455] binder_alloc: binder_alloc_mmap_handler: 17334 20001000-20004000 already mapped failed -16 [ 2574.814069] binder: BINDER_SET_CONTEXT_MGR already set [ 2574.822227] binder: 17334:17335 ioctl 40046207 0 returned -16 [ 2574.834419] binder: 17334:17342 got transaction to invalid handle [ 2574.840829] binder: 17334:17342 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2574.860978] binder: undelivered TRANSACTION_ERROR: 29201 [ 2574.870494] binder: undelivered TRANSACTION_ERROR: 29201 04:20:40 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x2, 0xa, 0x100000001, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCGMRU(r2, 0x80047453, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) ioctl$KVM_PPC_GET_PVINFO(r3, 0x4080aea1, 0xfffffffffffffffd) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:40 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000030326f5859c7d8b39332ac00039932007d80cf54c2cc060501ff0080fffd050012000029000c000100060000007d0a06010c"], 0x35}, 0x1, 0x2}, 0x0) 04:20:40 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x6000000}) 04:20:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3000, 0x2}, 0x0) 04:20:40 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010006006c007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000060000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2577.171671] vhci_hcd: invalid port number 0 [ 2577.195213] binder: 17352:17355 got transaction to invalid handle [ 2577.214373] validate_nla: 1 callbacks suppressed [ 2577.214382] netlink: 'syz-executor0': attribute type 1 has an invalid length. 04:20:40 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0xc000, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r1, 0x4c09, 0x100) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:40 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x7000000}) [ 2577.238402] binder: 17352:17355 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2577.259389] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2577.270697] binder_alloc: binder_alloc_mmap_handler: 17352 20001000-20004000 already mapped failed -16 04:20:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3100, 0x2}, 0x0) [ 2577.313450] binder: BINDER_SET_CONTEXT_MGR already set [ 2577.325455] binder: 17352:17355 ioctl 40046207 0 returned -16 [ 2577.337891] binder: 17352:17359 got transaction to invalid handle [ 2577.344699] vhci_hcd: invalid port number 0 04:20:40 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060074007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:40 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x1, &(0x7f0000000080)=[{0x0}]}) ioctl$DRM_IOCTL_NEW_CTX(r2, 0x40086425, &(0x7f0000000180)={r3, 0x1}) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2577.360579] binder: undelivered TRANSACTION_ERROR: 29201 [ 2577.380825] binder: 17352:17359 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2577.396652] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2577.407807] binder: undelivered TRANSACTION_ERROR: 29201 04:20:40 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x8000000}) 04:20:40 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000070000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3200, 0x2}, 0x0) 04:20:40 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x80, 0x0) ioctl$sock_x25_SIOCADDRT(r1, 0x890b, &(0x7f0000000080)={@null=' \x00', 0x5, 'ip6erspan0\x00'}) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c00000003060501ff060000005f0a06010c000200070022ff02f16b52eef14f386b0a522a03da2ebd7502423d165b80efe31c143d92bc053951728d5eb9e1d10dd20ebc30942df2b1de88d28bb5769b263aaf504c765e3f8595bc82df24818d020c317856b4e14e46b3be98a8962fe2ab86822f024c46f4de7937ef6b8af2f6b9460741d61675468743efc74effeabf84d6a16bf22e4e1e85c34b0000000000000002af7a71490f28437dc9c2fd05"], 0x2c}, 0x1, 0x2}, 0x0) [ 2577.539367] vhci_hcd: invalid port number 0 04:20:40 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0xa000000}) [ 2577.576704] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2577.584039] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2577.647255] netlink: 24 bytes leftover after parsing attributes in process `syz-executor4'. [ 2577.671592] binder: 17388:17394 got transaction to invalid handle 04:20:40 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3300, 0x2}, 0x0) [ 2577.694279] binder: 17388:17394 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2577.701953] vhci_hcd: invalid port number 0 [ 2577.710657] binder_alloc: binder_alloc_mmap_handler: 17388 20001000-20004000 already mapped failed -16 [ 2577.725199] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2577.725998] binder: 17388:17397 got transaction to invalid handle [ 2577.732495] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2577.746702] binder: BINDER_SET_CONTEXT_MGR already set [ 2577.753129] netlink: 24 bytes leftover after parsing attributes in process `syz-executor4'. [ 2577.784374] binder: 17388:17397 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:20:40 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x20000000}) 04:20:41 executing program 4: syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x2, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:41 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000600010006007a007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2577.792997] binder: 17388:17394 ioctl 40046207 0 returned -16 [ 2577.793719] binder: undelivered TRANSACTION_ERROR: 29201 [ 2577.835326] binder: undelivered TRANSACTION_ERROR: 29201 04:20:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3400, 0x2}, 0x0) [ 2577.893814] vhci_hcd: invalid port number 0 04:20:41 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340400000000a0000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2577.951273] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2577.992022] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2578.003979] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2578.020290] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2578.051378] binder_alloc: binder_alloc_mmap_handler: 17415 20001000-20004000 already mapped failed -16 [ 2578.065565] binder: BINDER_SET_CONTEXT_MGR already set [ 2578.070894] binder: 17415:17417 ioctl 40046207 0 returned -16 04:20:43 executing program 3: clone(0x2033102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x400000, 0x0) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:43 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x3f000000}) 04:20:43 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3500, 0x2}, 0x0) 04:20:43 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060001000600f0007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:43 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0xe7, &(0x7f00008a7000)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2, 0x0, 0x4000840}, 0x0) 04:20:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340400000000f0000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2580.555200] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2580.567090] binder_transaction: 2 callbacks suppressed [ 2580.567100] binder: 17428:17430 got transaction to invalid handle [ 2580.573530] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2580.589329] vhci_hcd: invalid port number 0 04:20:43 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3600, 0x2}, 0x0) 04:20:43 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x48000000}) [ 2580.598324] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2580.603015] binder_transaction: 2 callbacks suppressed [ 2580.603034] binder: 17428:17430 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2580.633271] binder_alloc: binder_alloc_mmap_handler: 17428 20001000-20004000 already mapped failed -16 [ 2580.680069] binder: BINDER_SET_CONTEXT_MGR already set [ 2580.684974] binder: 17428:17445 got transaction to invalid handle [ 2580.693102] binder: 17428:17445 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2580.706408] vhci_hcd: invalid port number 0 04:20:43 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000040)={0x0, 0x0, 0xa, 0x0, [], [{0x6, 0x9, 0xfff, 0x3, 0x9, 0x9}, {0x400, 0x4, 0x6017, 0x9, 0x136, 0x1}], [[], [], [], [], [], [], [], [], [], []]}) [ 2580.730289] binder: 17428:17430 ioctl 40046207 0 returned -16 [ 2580.735365] binder_release_work: 2 callbacks suppressed [ 2580.735372] binder: undelivered TRANSACTION_ERROR: 29201 04:20:43 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x4c000000}) 04:20:43 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060092017d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:44 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000120000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2580.775328] binder: undelivered TRANSACTION_ERROR: 29201 [ 2580.875341] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2580.896699] vhci_hcd: invalid port number 0 [ 2580.912274] binder: 17456:17459 got transaction to invalid handle [ 2580.918965] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2580.932669] binder: 17456:17459 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2580.946561] binder_alloc: binder_alloc_mmap_handler: 17456 20001000-20004000 already mapped failed -16 [ 2580.956666] binder: BINDER_SET_CONTEXT_MGR already set [ 2580.962208] binder: 17456:17459 ioctl 40046207 0 returned -16 [ 2580.969424] binder: 17456:17462 got transaction to invalid handle [ 2580.987069] binder: 17456:17462 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2581.002656] binder: undelivered TRANSACTION_ERROR: 29201 [ 2581.009617] binder: undelivered TRANSACTION_ERROR: 29201 04:20:46 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x842, 0x31) write$P9_RREMOVE(r1, &(0x7f0000000140)={0x7, 0x7b, 0x2}, 0x7) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x1, 0x40) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) write$FUSE_LK(r1, &(0x7f0000000180)={0x28, 0x0, 0x4, {{0x7fff, 0xffffffff, 0x3, r0}}}, 0x28) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:46 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3700, 0x2}, 0x0) 04:20:46 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x60000000}) 04:20:46 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000040)=ANY=[@ANYRES32=r0], 0x4}, 0x1, 0x2}, 0x0) 04:20:46 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060000037d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:46 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000200000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2583.601848] validate_nla: 1 callbacks suppressed [ 2583.601858] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2583.607156] binder: 17473:17476 got transaction to invalid handle [ 2583.625806] vhci_hcd: invalid port number 0 [ 2583.635211] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:46 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3800, 0x2}, 0x0) 04:20:46 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x141000, 0x0) setsockopt$inet_tcp_buf(r1, 0x6, 0xd, &(0x7f0000000080)="b972182901bf", 0x6) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f00000000c0)=ANY=[@ANYRES32], 0xc7}, 0x1, 0x2}, 0x0) 04:20:46 executing program 3: clone(0x80000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:46 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x68000000}) [ 2583.670567] binder: 17473:17476 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2583.701349] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2583.750044] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2583.765333] binder_alloc: binder_alloc_mmap_handler: 17473 20001000-20004000 already mapped failed -16 [ 2583.775014] binder: BINDER_SET_CONTEXT_MGR already set [ 2583.786928] binder: 17473:17476 ioctl 40046207 0 returned -16 04:20:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3900, 0x2}, 0x0) 04:20:47 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) set_thread_area(&(0x7f0000000040)={0x1f, 0x20100000, 0x0, 0x1, 0x8, 0x3, 0x6, 0xfffffffffffffffa, 0x407b, 0x4}) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:47 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x6c000000}) [ 2583.816164] vhci_hcd: invalid port number 0 [ 2583.831510] binder: undelivered TRANSACTION_ERROR: 29201 [ 2583.842342] binder: 17473:17489 got transaction to invalid handle 04:20:47 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060000057d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2583.938274] binder: 17473:17489 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2583.960782] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:20:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3a00, 0x2}, 0x0) [ 2583.987360] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2583.996555] vhci_hcd: invalid port number 0 [ 2583.997213] binder: undelivered TRANSACTION_ERROR: 29201 [ 2584.010032] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:47 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x74000000}) 04:20:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000480000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2584.039943] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2584.097898] vhci_hcd: invalid port number 0 04:20:47 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060000067d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2584.137759] binder: 17517:17518 got transaction to invalid handle 04:20:47 executing program 4: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:47 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x7a000000}) [ 2584.182933] binder: 17517:17518 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2584.190861] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2584.234018] binder_alloc: binder_alloc_mmap_handler: 17517 20001000-20004000 already mapped failed -16 [ 2584.277267] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2584.277452] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2584.284894] binder: BINDER_SET_CONTEXT_MGR already set [ 2584.306848] vhci_hcd: invalid port number 0 [ 2584.312121] binder: 17517:17530 got transaction to invalid handle [ 2584.329332] binder: 17517:17530 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2584.330547] binder: 17517:17518 ioctl 40046207 0 returned -16 [ 2584.346771] binder: undelivered TRANSACTION_ERROR: 29201 [ 2584.359910] binder: undelivered TRANSACTION_ERROR: 29201 [ 2584.371599] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2584.386542] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2584.421754] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:20:47 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x100, 0x0) recvfrom$ax25(r3, &(0x7f0000000140)=""/191, 0xbf, 0x10000, &(0x7f0000000200)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3}, [@default, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null]}, 0x48) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) wait4(r0, &(0x7f00000003c0), 0x1, &(0x7f0000000400)) r4 = getuid() stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000300)={0xa8, 0x0, 0x5, [{{0x4, 0x3, 0x4, 0x200, 0x2, 0x1, {0x2, 0x7ff, 0x9, 0x101, 0x101, 0xa085, 0xbe, 0x3a99, 0x52, 0x0, 0x1, r4, r5, 0x7, 0xff}}, {0x2, 0x7, 0x0, 0xff}}]}, 0xa8) 04:20:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3b00, 0x2}, 0x0) 04:20:47 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x10000000000000}) 04:20:47 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060000077d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:47 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340400000004c0000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:47 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x410000, 0x0) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000140)={0x9, 0x12, 0xffffffffffff8001, 0x100000001, "ab8605410d77bc7ee02449200a55a7710b697f95fcccc1eaa9900ee56a128017"}) setxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.ima\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="022d220000cf4cf9e3af883563a0f9a4e0"], 0x11, 0x1) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r1, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000380)={&(0x7f0000000200)={0x170, r2, 0x2, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7ff}]}, @TIPC_NLA_NODE={0x3c, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1000}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffffffffff9}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MEDIA={0x74, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x20000000400000}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffffffffffb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9cd}, @TIPC_NLA_PROP_WIN={0x8}]}]}, @TIPC_NLA_BEARER={0x8c, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'eth', 0x3a, 'bond_slave_0\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x4, @remote, 0x2}}, {0x14, 0x2, @in={0x2, 0x4e24, @remote}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x170}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) 04:20:47 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x100000000000000}) 04:20:47 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3c00, 0x2}, 0x0) [ 2584.697620] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2584.708745] binder: 17546:17548 got transaction to invalid handle [ 2584.715022] binder: 17546:17548 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2584.727519] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2584.740828] vhci_hcd: invalid port number 0 [ 2584.776020] binder_alloc: binder_alloc_mmap_handler: 17546 20001000-20004000 already mapped failed -16 [ 2584.814414] binder: BINDER_SET_CONTEXT_MGR already set 04:20:48 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x8c, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) prctl$PR_SET_FPEXC(0xc, 0x10000) 04:20:48 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = fcntl$getown(0xffffffffffffff9c, 0x9) ptrace$getregs(0xe, r0, 0x8, &(0x7f0000000140)=""/113) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r1, 0x17) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) [ 2584.841906] vhci_hcd: invalid port number 0 [ 2584.846650] binder: 17546:17548 ioctl 40046207 0 returned -16 [ 2584.856305] binder: 17546:17555 got transaction to invalid handle [ 2584.861404] binder: undelivered TRANSACTION_ERROR: 29201 [ 2584.862559] binder: 17546:17555 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2584.870013] binder: undelivered TRANSACTION_ERROR: 29201 04:20:48 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060001000600000a7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000600000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:48 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x200000000000000}) 04:20:48 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3d00, 0x2}, 0x0) 04:20:48 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x400000, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000240)={0x0, 0x200}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f00000002c0)=@assoc_value={r3, 0x8}, &(0x7f0000000300)=0x8) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) sysfs$3(0x3) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3, r0}) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000340)=0x100000, 0x4) arch_prctl$ARCH_SET_CPUID(0x1012, 0x0) r4 = open(&(0x7f0000000380)='./file0\x00', 0x101000, 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r4, 0x84, 0x15, &(0x7f00000003c0)={0xc18}, 0x1) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x1, 0x0) ioctl$KVM_GET_IRQCHIP(r5, 0xc208ae62, &(0x7f0000000140)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2585.019847] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2585.092056] binder_alloc: binder_alloc_mmap_handler: 17581 20001000-20004000 already mapped failed -16 04:20:48 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c0001000600bf2f4401040000d80600000022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:48 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060001000600000e7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2585.134061] binder: BINDER_SET_CONTEXT_MGR already set [ 2585.139586] vhci_hcd: invalid port number 0 04:20:48 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3e00, 0x2}, 0x0) [ 2585.178041] binder: 17581:17582 ioctl 40046207 0 returned -16 [ 2585.197979] netlink: 12 bytes leftover after parsing attributes in process `syz-executor4'. 04:20:48 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x300000000000000}) 04:20:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000680000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2585.238751] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:48 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x3f00, 0x2}, 0x0) [ 2585.324005] binder_alloc: binder_alloc_mmap_handler: 17605 20001000-20004000 already mapped failed -16 [ 2585.357681] vhci_hcd: invalid port number 0 [ 2585.359602] binder: BINDER_SET_CONTEXT_MGR already set 04:20:48 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x14000, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x9000000) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:48 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x400000000000000}) 04:20:48 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340400000006c0000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2585.379128] binder: 17605:17606 ioctl 40046207 0 returned -16 04:20:48 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060001000600000f7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:48 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4000, 0x2}, 0x0) [ 2585.515807] vhci_hcd: invalid port number 0 [ 2585.520748] binder_alloc: binder_alloc_mmap_handler: 17617 20001000-20004000 already mapped failed -16 [ 2585.562131] binder: BINDER_SET_CONTEXT_MGR already set [ 2585.572210] binder: 17617:17618 ioctl 40046207 0 returned -16 [ 2585.590808] binder_transaction: 5 callbacks suppressed [ 2585.590817] binder: 17617:17628 got transaction to invalid handle [ 2585.604156] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2585.620548] binder_transaction: 5 callbacks suppressed [ 2585.620565] binder: 17617:17628 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:20:51 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x10001, 0x1) setsockopt$MISDN_TIME_STAMP(r2, 0x0, 0x1, &(0x7f0000000080), 0x4) tkill(r0, 0x17) ptrace$cont(0x20, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:51 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x500000000000000}) 04:20:51 executing program 4: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x2080, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x14) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r1, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f00000000c0)=ANY=[]}, 0x1, 0x2}, 0x0) readahead(r0, 0x7, 0x2) 04:20:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000740000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:51 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4100, 0x2}, 0x0) 04:20:51 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060000207d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2588.213674] vhci_hcd: invalid port number 0 [ 2588.228938] binder: 17637:17648 got transaction to invalid handle [ 2588.248396] binder: 17637:17648 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:20:51 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4200, 0x2}, 0x0) 04:20:51 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x2000, 0x0) ioctl$NBD_CLEAR_QUE(r0, 0xab05) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r1, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x55107bc3b654d7ba) 04:20:51 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x600000000000000}) 04:20:51 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = accept4$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @dev}, &(0x7f0000000180)=0x10, 0x80800) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffff9c, 0x84, 0xe, &(0x7f00000001c0)={0x0, 0x3, 0x3, 0xa4, 0x2b5, 0xa28, 0x7ff, 0x9, {0x0, @in6={{0xa, 0x4e22, 0xf142, @empty, 0xba}}, 0x2, 0x9, 0x0, 0x7, 0x4}}, &(0x7f0000000280)=0xb0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000002c0)={r2, 0x1}, &(0x7f0000000300)=0x8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) r4 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x40) ioctl$RTC_EPOCH_READ(r4, 0x8008700d, &(0x7f0000000080)) [ 2588.283222] binder_alloc: binder_alloc_mmap_handler: 17637 20001000-20004000 already mapped failed -16 [ 2588.354251] binder: BINDER_SET_CONTEXT_MGR already set 04:20:51 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060001000600003f7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2588.403872] vhci_hcd: invalid port number 0 [ 2588.434905] binder_release_work: 6 callbacks suppressed [ 2588.434912] binder: undelivered TRANSACTION_ERROR: 29201 [ 2588.445964] binder: 17637:17648 ioctl 40046207 0 returned -16 04:20:51 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4300, 0x2}, 0x0) 04:20:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340400000007a0000000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:51 executing program 4: r0 = openat$vfio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vfio/vfio\x00', 0x0, 0x0) bind$vsock_dgram(r0, &(0x7f0000000240)={0x28, 0x0, 0x0, @host}, 0x10) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f0000000100)={0x5, 0x3, 'client1\x00', 0x1, "40225ca4a3972481", "cd3d5b886e918dffcbe997d824b0edd277854d7e976951235b653868962c4afc", 0x4, 0x20}) prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x9, &(0x7f00000001c0)=[{0x10001, 0x100000001, 0x466, 0x1}, {0x8001, 0x73d, 0x7, 0x8}, {0x1, 0x1, 0xffffffff, 0xffffffff}, {0x400, 0xffffffff, 0x64, 0x100000001}, {0xffffffffffffffff, 0x1, 0x1, 0x8}, {0x4, 0x7, 0xa, 0x8}, {0x1, 0x2}, {0xf094, 0xffffffffffffffff}, {0x7, 0x6, 0x100000001, 0x5}]}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r1, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="5105000003060501ff0080fffd05c6de0012000000000c000100060000007d0a06010c000200070022ff02f1"], 0x2c}, 0x1, 0x2}, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer2\x00', 0x80, 0x0) ioctl$VIDIOC_ENUMAUDIO(r2, 0xc0345641, &(0x7f0000000080)={0x7fffffff, "7273d587626eeb5a467dd548c681c0f0b56021e5b7955f0f8bdac84d70849fee", 0x3}) openat$userio(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/userio\x00', 0x240, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) 04:20:51 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x700000000000000}) 04:20:51 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060000407d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2588.623072] audit: type=1326 audit(1546834851.779:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=17680 comm="syz-executor4" exe="/root/syz-executor4" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ad2a code=0x0 [ 2588.648335] validate_nla: 10 callbacks suppressed [ 2588.648347] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2588.660837] __nla_parse: 1 callbacks suppressed 04:20:51 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x800000000000000}) 04:20:51 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4400, 0x2}, 0x0) [ 2588.660846] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2588.690628] vhci_hcd: invalid port number 0 [ 2588.704798] binder: 17678:17684 got transaction to invalid handle [ 2588.711507] binder: 17678:17684 transaction failed 29201/-22, size 0-4222124650659840 line 2896 04:20:51 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060000487d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:52 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4500, 0x2}, 0x0) [ 2588.786090] binder_alloc: binder_alloc_mmap_handler: 17678 20001000-20004000 already mapped failed -16 [ 2588.793011] vhci_hcd: invalid port number 0 [ 2588.842746] binder: BINDER_SET_CONTEXT_MGR already set [ 2588.871155] binder: 17678:17697 got transaction to invalid handle [ 2588.891337] binder: undelivered TRANSACTION_ERROR: 29201 [ 2588.895673] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2588.898314] binder: 17678:17693 ioctl 40046207 0 returned -16 04:20:52 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0xa00000000000000}) [ 2588.921083] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2588.947713] binder: 17678:17697 transaction failed 29201/-22, size 0-4222124650659840 line 2896 [ 2588.976631] binder: undelivered TRANSACTION_ERROR: 29201 [ 2589.028506] vhci_hcd: invalid port number 0 [ 2589.410321] audit: type=1326 audit(1546834852.569:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=17680 comm="syz-executor4" exe="/root/syz-executor4" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45ad2a code=0x0 04:20:54 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x4, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) tkill(r0, 0x15) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x102, 0x0) ioctl$UI_SET_ABSBIT(r2, 0x40045567, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 04:20:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4600, 0x2}, 0x0) 04:20:54 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060001000600004c7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000001000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:54 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x2000000000000000}) 04:20:54 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, 0x0}) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xc22, 0x1) clock_gettime(0x0, &(0x7f0000003040)={0x0, 0x0}) recvmmsg(r0, &(0x7f0000002f40)=[{{&(0x7f0000000180)=@ipx, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000200)=""/249, 0xf9}, {&(0x7f0000000300)=""/96, 0x60}, {&(0x7f0000000380)=""/125, 0x7d}, {&(0x7f0000000400)=""/174, 0xae}], 0x4, &(0x7f0000000500)=""/119, 0x77}, 0x7f}, {{&(0x7f0000000580)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, &(0x7f00000017c0)=[{&(0x7f0000000600)=""/157, 0x9d}, {&(0x7f00000006c0)=""/103, 0x67}, {&(0x7f0000000740)=""/4096, 0x1000}, {&(0x7f0000001740)=""/74, 0x4a}], 0x4, &(0x7f0000001800)=""/138, 0x8a}, 0xd531700000000000}, {{&(0x7f00000018c0)=@ipx, 0x80, &(0x7f0000001940), 0x0, &(0x7f0000001980)=""/152, 0x98}, 0x7}, {{&(0x7f0000001a40)=@x25={0x9, @remote}, 0x80, &(0x7f0000002e40)=[{&(0x7f0000001ac0)=""/197, 0xc5}, {&(0x7f0000001bc0)=""/75, 0x4b}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000002c40)=""/35, 0x23}, {&(0x7f0000002c80)=""/8, 0x8}, {&(0x7f0000002cc0)=""/13, 0xd}, {&(0x7f0000002d00)=""/25, 0x19}, {&(0x7f0000002d40)=""/251, 0xfb}], 0x8, &(0x7f0000002ec0)=""/107, 0x6b}, 0xc24}], 0x4, 0x40000040, &(0x7f0000003080)={r2, r3+10000000}) getsockname$netrom(r4, &(0x7f00000030c0)={{0x3, @netrom}, [@remote, @netrom, @bcast, @rose, @remote, @bcast, @remote, @bcast]}, &(0x7f0000003140)=0x48) perf_event_open(&(0x7f0000000080)={0x7, 0x70, 0x8001, 0x6, 0x3, 0x686, 0x0, 0xe75, 0x10, 0xf, 0x3f, 0x4, 0x7, 0x20, 0x1, 0xffffffffffff8000, 0x9, 0xe922, 0x1, 0x8, 0x7, 0x6, 0x4, 0x1, 0xd476, 0x60d614f, 0xef0, 0x1, 0x2, 0x5, 0xffffffff, 0x4, 0x27b, 0xfffffffffffffffb, 0x20, 0x2, 0x0, 0x100000001, 0x0, 0x1, 0x4, @perf_bp={&(0x7f0000000040), 0x1}, 0x0, 0x800, 0x6, 0x0, 0x81, 0xffffffff, 0x3}, r1, 0xffffffffffffffff, 0xffffffffffffff9c, 0xa) [ 2591.456338] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2591.459544] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2591.472262] vhci_hcd: invalid port number 0 [ 2591.481244] binder_alloc: 17720: binder_alloc_buf size 4222124650659840 failed, no address space 04:20:54 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x3f00000000000000}) 04:20:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4700, 0x2}, 0x0) [ 2591.512056] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2591.515475] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2591.556981] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2591.580591] binder: 17720:17721 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2591.594066] vhci_hcd: invalid port number 0 04:20:54 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060000607d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2591.620525] binder_alloc: binder_alloc_mmap_handler: 17720 20001000-20004000 already mapped failed -16 04:20:54 executing program 4: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x7, 0x200) connect$caif(r0, &(0x7f0000000040)=@rfm={0x25, 0x3f, "c16e7ededd58397e8c22a60ab913bf84"}, 0x18) 04:20:54 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4800, 0x2}, 0x0) 04:20:54 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x4800000000000000}) [ 2591.671751] binder_alloc: 17720: binder_alloc_buf, no vma [ 2591.687132] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2591.699787] binder: BINDER_SET_CONTEXT_MGR already set [ 2591.737197] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2591.759436] vhci_hcd: invalid port number 0 [ 2591.767992] binder: 17720:17734 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2591.785276] binder: 17720:17737 ioctl 40046207 0 returned -16 [ 2591.785282] binder: undelivered TRANSACTION_ERROR: 29201 [ 2591.800362] binder: undelivered TRANSACTION_ERROR: 29189 04:20:57 executing program 3: r0 = syz_open_dev$midi(&(0x7f0000000280)='/dev/midi#\x00', 0x10001, 0x100) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000001a00)={{{@in6=@dev, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f0000001b00)=0xe8) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000440), &(0x7f0000000480)=0x4) sendmsg$kcm(r0, &(0x7f0000002280)={&(0x7f0000001b40)=@hci={0x1f, r1, 0x2}, 0x80, &(0x7f0000002100)=[{&(0x7f0000001bc0)="3229c089f75d749b109732406ae7ccafb503b569d59fc7085e7149e5d3e356f66b25b5474589c8c3fa790a0ff6c555e2e7f2fe558d840fe8d4f0b5332bacdb933626d35075e9a3f6d33df37ffd7fe5d97ef71913c5ab43d13714e73a37643608ae6a093eaa5a2e695228bd279b4509a424d5b3d421fac0ceccba5be1c94f6d2db57d7f1197e40fd0648dd2d0e7e1713891a5288267689bc61ee8e8d8f616fb21e20dfd8205907c4cacf1356f8212a2ceb36a18bf7c65a33b5f7b4d99358fe52e3367a408ea4a062ea1", 0xc9}, {&(0x7f00000003c0)="04c1dac60b7c7d9dfc6b28c2080c7fa2a84ca26c7d9c48461b4ae1142c905862b5fd502aa3d01ba9fa10ef77da4270902206d45dfb7f24e93ab82dab9c2697b3d7178db3036978fd8c069d1556af1322613861545a750000000000000000000000", 0x59}, {&(0x7f0000001d40)="79093039062152e785e40204d6a8851940d69670c498a2ef9e004e2dda7c7cd6d1b804294f22bef90507820921755479eaa214cb23aca12d6e64df9f7c12a1a47151c95a21f7027c900f6ae3efd80b37625809bb28252099c2560b87d1eafbccc84e3dd0c653d0eafcba46c01ba0f760c9b8e483796166c1270a3f1d880d16806ee82a6c167358b30fa4354af3968bbdcbcfd649050000000000000007ed94a50f3878532a351448ffcb7299e7d872031ebe167127b3837bcac9994959b80e53c2d92c353eccc6eec782a0a263d0928400000000000000", 0xa2}, {&(0x7f00000002c0)="40c7d56aab3aae25b8d7ddeeaf36fc080d0615eb42cd0d1d211269ce743983069c60760a852531e57ec3a745b1ba13c325a5f7d3a9b6c4dde1d966735b55d82d87f984c326c979c4462a9b456f2bf7fd38a2f2e91b775589f548b0ef1a61ac29714a594509fa788e21ad975a0a9d39c2730842047f07d575d924338148135eb0ea90f724d989297bdbc5add1a83d5683b7de84c928036899d69a5ae88a6b01d1aa49170c0e323df28db6872ef7a90c783b0a0b64d4d65e91174cf1f032711cdb7e1e714bd8609314156b4686685ffdba9f61404995e2a71b79f051beb01e3d868c8ee0c01b5f78859b71c830184ed863c6", 0xfffffffffffffcad}, {&(0x7f0000001f00)="7a0a5d1a203648bfef53d2fc2cf87cdfd747d49fc39b8c3050c3d2b5c37bb260d3e14c3b3201ccccbeb0c59cc9d574495b336845e9c111e893b1b962583479e81e15904b8b9789312a2f913d2ca66ee8939fd2a47574c64b231216868190719b1b4f400ec93ca6ff4a1dca7f9dacd797cb5e498b9f6ecb62a5c0de68bc7bedb861e03636c08125d4d9fd654fd96e15cac0c128f4ded736a26d03811304d6149dc3bbb671e0b7204ee37cc0ec9952c23de179a47fdc552c70822897e9fb9d696f65a83144680be0bc1a250dffed693f608f42222dadae7145c6652d868171b5969f2fd884", 0xe4}, {&(0x7f0000002000)="a0a33b709548a1945e8489fb866ce39c6dd307cc68712d0ac39a081484ef4c6ed0aa129dd698360e66a812ad4cb92085769a6bcfa9cee5fca62ffa06cda5ca1d9551c6189db8e387b6e43f5a36dd46cde3795fde3400a874f05cfdd7d997b31b32df962e4a663e59f6c1294df3a39553b2574bc95394372d40d38f6b9af2b3448d9ef3fc1341c7518c3b13b00ac6aebf1f60b0def189ddc95fa4e2dfb873c9dae1d6fe74ee0df2c5e04fec9e020596cb8a16aafb554042f01db8556737", 0xbd}, {&(0x7f00000020c0)="61d7824b80df776ffc7535bfd42ff729470267f88ab6339b1bf6efcc6759098b6a3d48165f6c9c3fcc3f", 0x2a}], 0x1000002a, &(0x7f0000002180), 0xd8}, 0x20040010) clone(0x200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r2, 0x17) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r4 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) wait4(r2, &(0x7f0000000180), 0x1, &(0x7f00000001c0)) r5 = fcntl$dupfd(r3, 0x406, r3) fanotify_mark(r4, 0x80, 0x0, r5, &(0x7f0000000080)='./file0\x00') ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 04:20:57 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4900, 0x2}, 0x0) 04:20:57 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x4c00000000000000}) 04:20:57 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setxattr$trusted_overlay_origin(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.origin\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x1) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000002000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:57 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060000687d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2594.549987] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2594.566480] vhci_hcd: invalid port number 0 [ 2594.572791] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2594.573663] binder_alloc: 17761: binder_alloc_buf size 4222124650659840 failed, no address space 04:20:57 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4a00, 0x2}, 0x0) [ 2594.593433] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:57 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x6000000000000000}) [ 2594.627662] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2594.679333] binder: 17761:17762 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2594.703513] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2594.710052] vhci_hcd: invalid port number 0 [ 2594.719518] binder_alloc: binder_alloc_mmap_handler: 17761 20001000-20004000 already mapped failed -16 04:20:57 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4b00, 0x2}, 0x0) 04:20:57 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x6800000000000000}) [ 2594.756198] binder: BINDER_SET_CONTEXT_MGR already set 04:20:57 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = gettid() tkill(r0, 0x17) ptrace$peek(0x2, r0, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x800, 0x0) ioctl$KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000140)={0xa, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}) setsockopt$inet_tcp_buf(r3, 0x6, 0xb, &(0x7f0000000200)="b28b428b0e7bf27005cf9161518e84a661f19e12a22197796f8609ec22246ec4e904a58ef8fab07d68e2615ffb041149ae9accd748270750ba44bd10fee6192f5f6b5db16af4cfb3f956dc0fb77fde092406c14270a27be65446122c0003d7e8589d061f7170cf203c7e9b6f6597516a1fbbab4ad3195a5e4ad372eb85df39d47f2490f04d16fd341d9063862a215c133b14d8a53d1dce5744fe34b068d78e96a07b8aa92d", 0xa5) ptrace$setopts(0x4206, r2, 0xac7, 0x20) 04:20:58 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060001000600006c7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:20:58 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYRES16=0x0], 0x2}, 0x1, 0x2}, 0x80c0) [ 2594.835084] binder: 17761:17762 ioctl 40046207 0 returned -16 [ 2594.835335] binder_alloc: 17761: binder_alloc_buf, no vma [ 2594.835407] binder: undelivered TRANSACTION_ERROR: 29201 [ 2594.905046] binder: 17761:17777 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2594.942140] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2594.955551] binder: undelivered TRANSACTION_ERROR: 29189 04:20:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000003000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:20:58 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4c00, 0x2}, 0x0) 04:20:58 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x6c00000000000000}) 04:20:58 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x180, 0x4) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2594.982684] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:58 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060000747d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2595.099980] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2595.126765] binder_alloc: 17804: binder_alloc_buf size 4222124650659840 failed, no address space 04:20:58 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4d00, 0x2}, 0x0) [ 2595.171192] netlink: 'syz-executor4': attribute type 1 has an invalid length. [ 2595.171306] vhci_hcd: invalid port number 0 [ 2595.193525] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2595.203188] binder: 17804:17807 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:20:58 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0xffffffffffffffd8, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0xffffffffffffff17}, 0x1, 0x2}, 0x0) [ 2595.228593] binder_alloc: binder_alloc_mmap_handler: 17804 20001000-20004000 already mapped failed -16 [ 2595.243047] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2595.259418] binder: BINDER_SET_CONTEXT_MGR already set [ 2595.264902] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:20:58 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x7400000000000000}) 04:20:58 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4e00, 0x2}, 0x0) [ 2595.308244] binder: 17804:17807 ioctl 40046207 0 returned -16 [ 2595.318588] binder: undelivered TRANSACTION_ERROR: 29201 [ 2595.423449] vhci_hcd: invalid port number 0 04:21:01 executing program 3: clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) lstat(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000080)='./file0\x00', 0x171de74c, 0x3, &(0x7f0000000340)=[{&(0x7f0000000140)="8f3dbb864ad6ecdfcd9cb34fc67e70eb846e99267f7c71227174e61f98d28f6d2c45a2833084c67512c34b965883b8c9", 0x30, 0xf82}, {&(0x7f0000000180)="c9a8361cb5936cf437cbf169cfcb9de57265d5d1b62798de58eb20a16c0ae8c68dc8a58b38ddc77b790f715f3292630cbdd5225fb50b15bfe1f322150d9d07aa7f30cb960a6ae1a7236fb3174ae27a93f8374dd0f137f741eadfdace50d94e7fd4b9d9e1fc995af7ade36093a8118446472db253cb8d5f97086d459dd91c95ab79ee735f3fb972ed3e378e1f86d039e3f9a54f9681", 0x95}, {&(0x7f0000000240)="a3b865587c47dde070fce0812566f967f9e034e15435b1eba07a146fe6f8382c274f3fac2a02de1e1aa1549246be2d061a1750ae7fabe13dc04cd4a5e8c7eb13941908a712a72c75d8bd3cbf5d1c49e9642f9e062b772459ad5578a9c33f907457a134ff056ad8db7f352971b11440c7441daf3a170aeba61dff26ced18569ee2ad9036edbca89188f279a99cbc8357a995a3f99cbcff84595f7a367b61e9ebdd7661603aa97a5c4acc9f7bca2772a63b2aec4626cafdd92f1ae8f214cd6fbf5a3595d6d03fd07", 0xc7, 0x6}], 0x20, &(0x7f0000000480)={[{@discard='discard'}, {@resize='resize'}, {@errors_remount='errors=remount-ro'}, {@iocharset={'iocharset', 0x3d, 'cp860'}}, {@umask={'umask', 0x3d, 0x9}}, {@resize='resize'}, {@umask={'umask', 0x3d, 0x9}}, {@integrity='integrity'}], [{@fowner_gt={'fowner>', r0}}, {@seclabel='seclabel'}]}) r1 = gettid() ptrace$peek(0xffffffffffffffff, r1, &(0x7f0000000540)) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000640)='/dev/dlm_plock\x00', 0x6200, 0x0) open_by_handle_at(r2, &(0x7f0000000680)={0x8f, 0x9, "b2c23d45eae6a26432e9296299021b5e8df58c0de841965b82fc448e0aa3cc92255ea3c7ec3e3fcac1403ed0d2d8cfbe06c9201e6708ed3c82c9b888af9ecf79c0959b37d92df6199886adc90ae510c51fc986736403cc15af7cccc3cdc8ca3d9b50e5c2fbd0b5edce4c84be40e3c3ec649d7a1e02bf32f13658932f9b18b189896668ac9bca11"}, 0x400040) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x17) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$setregset(0x4205, r1, 0x203, &(0x7f0000000600)={&(0x7f0000000580)="ffb76a7d0300866a51030291b34c5b051265da05b4e376fa689a0b74d65009a0808d66c5e2bef6672e4ee29c3c45c4eb6e31b823dbc3b9d136d6ff57a660254194ca56fd98d4929150a1202fa417a84a79a7fa41fbe2255569472f4db36354c8c3a0a029b9831e9e8825bfebbcd6d7ac", 0x70}) ptrace$cont(0x7, r1, 0x0, 0x0) 04:21:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000004000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:21:01 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd05001200000000060001000600007a7d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:21:01 executing program 4: socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snapshot\x00', 0x620a40, 0x0) getsockname$unix(r1, &(0x7f0000000080)=@abs, &(0x7f0000000100)=0x6e) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000580)=ANY=[@ANYBLOB="2c0079dec393a7235c0cd100000382090501ff00a073726f71dac93c04000c00010006000000b4c60a80eaf3759414111b84d16c8201d16bf02feebacd7e3a84123a4feedbf6c37cc64f774e5dcc29c799f2ef1e12254f4a20c079f2a255176f9980d5bf3a50019f4a3a2d6157401c743ba84b0c6372300635c3c5501673dffa34c5c516ec48c56b337574ee91fe68e5fa6498295c680ee016dd26c334d63892404657b318aaf7e6367aa8986ecef49c2a36db585da7ba9d4b113c4ede68384660f0d43587030300857a497bae5365486b0fc209d9b0975ee82e89a8d41e6664457344cd89e74713c2ed2484140e074b45a1e888f6e0ce0cb078fb5ff963ebe961fcacf97aa1a6ca3ab221d32260aa43537a53ff67527061105eb265a7072d421f86e3d5351c624d88b81d23e408305637299b38f647a871b67267b63576ab09afe4d52c29e0e9ff0a08f73f04a37434de2ca6115b6ee93830f5d6d1508e511df4828c37000000000000000000b9c098d28d9bf1590c262522ede1b474a5081cc81d969759f8da9561c948f93f6729f44c695530dbc4608b4f5ae71394d459368ae91998864e7bc65a655e7bf5b5fa8f9f96b34a5f6701d1a47c73d085befa88f854f5680df07b3c6409570b4e35b7134de8289730b77adcd3de10160720e49ff830e4c26e408e842b3e9febbd06831e72ecf4ebf74936d08ae94af2383c74ac6ef04e45caef747cc145370a1b45b9c677fcac3592414582a9f19f382f12"], 0x2c}, 0x1, 0x2}, 0x0) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000000)={0x7, 0x9, 0x7, 0x1, 0x401, 0x7}) 04:21:01 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x7a00000000000000}) 04:21:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x4f00, 0x2}, 0x0) [ 2597.968253] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2597.981064] vhci_hcd: invalid port number 0 [ 2597.986898] binder_alloc: 17839: binder_alloc_buf size 4222124650659840 failed, no address space [ 2598.005323] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. 04:21:01 executing program 4: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x2080, 0x0) ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r1, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000100)={0x9, &(0x7f0000000080)=[{0xffffffff, 0xfffffffffffff001, 0x5, 0x101}, {0x6, 0x4, 0x4, 0x6}, {0x6, 0x4, 0x100, 0xed94}, {0x7, 0x35d, 0x8, 0x88}, {0x6, 0xb9, 0x7, 0xfffffffffffffffb}, {0x3ff, 0x6, 0x7, 0xffffffffffff6240}, {0x1, 0xfffffffffffffff9, 0x800, 0x5}, {0x4, 0x3, 0x2, 0x10001}, {0x0, 0x8, 0x9}]}) 04:21:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x5000, 0x2}, 0x0) [ 2598.033648] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 04:21:01 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0xffffffff00000000}) [ 2598.097029] binder: 17839:17843 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2598.154296] binder_alloc: binder_alloc_mmap_handler: 17839 20001000-20004000 already mapped failed -16 [ 2598.187986] netlink: 'syz-executor4': attribute type 1 has an invalid length. 04:21:01 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x5100, 0x2}, 0x0) [ 2598.207143] binder: BINDER_SET_CONTEXT_MGR already set [ 2598.215834] vhci_hcd: invalid port number 0 [ 2598.220937] binder: 17839:17843 ioctl 40046207 0 returned -16 [ 2598.233216] binder_alloc: 17839: binder_alloc_buf, no vma 04:21:01 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x0, 0x2}) [ 2598.257550] binder: 17839:17858 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2598.304621] binder: undelivered TRANSACTION_ERROR: 29201 [ 2598.311758] binder: undelivered TRANSACTION_ERROR: 29189 04:21:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000005000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) [ 2598.449023] netlink: 'syz-executor0': attribute type 1 has an invalid length. [ 2598.473257] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2598.474999] vhci_hcd: invalid port number 0 [ 2598.506566] binder_alloc: 17869: binder_alloc_buf size 4222124650659840 failed, no address space [ 2598.535271] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2598.544186] binder: 17869:17870 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2598.589543] binder_alloc: binder_alloc_mmap_handler: 17869 20001000-20004000 already mapped failed -16 [ 2598.638599] binder: BINDER_SET_CONTEXT_MGR already set [ 2598.663326] binder: 17869:17870 ioctl 40046207 0 returned -16 [ 2598.663401] binder_alloc: 17869: binder_alloc_buf, no vma [ 2598.688105] binder: 17869:17874 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2598.700593] binder: undelivered TRANSACTION_ERROR: 29201 [ 2598.707626] binder: undelivered TRANSACTION_ERROR: 29189 04:21:02 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x0, 0x3}) 04:21:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x5200, 0x2}, 0x0) 04:21:02 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x3, 0x2) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_NET_GET(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, r2, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0xc, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x80}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:21:02 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060001927d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:21:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000006000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:21:02 executing program 3: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000140)={0x0, {0x2, 0x4e23, @multicast2}, {0x2, 0x4e22, @multicast2}, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xd}}, 0x12, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000040)='team0\x00', 0x7f, 0x6, 0x8000}) clone(0x33102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r1, 0x17) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x9, 0x3}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x4018, r1, 0x0, 0x4) [ 2598.939809] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2598.947192] vhci_hcd: invalid port number 0 [ 2598.956110] binder_alloc: 17879: binder_alloc_buf size 4222124650659840 failed, no address space [ 2598.965060] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) 04:21:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x5300, 0x2}, 0x0) 04:21:02 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x0, 0x4}) [ 2598.997985] binder: 17879:17884 transaction failed 29201/-28, size 0-4222124650659840 line 3035 [ 2599.019827] binder_alloc: binder_alloc_mmap_handler: 17879 20001000-20004000 already mapped failed -16 [ 2599.065365] binder: BINDER_SET_CONTEXT_MGR already set [ 2599.070735] binder: 17879:17884 ioctl 40046207 0 returned -16 [ 2599.070939] binder_alloc: 17879: binder_alloc_buf, no vma 04:21:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x5400, 0x2}, 0x0) [ 2599.111122] binder: 17879:17894 transaction failed 29189/-3, size 0-4222124650659840 line 3035 [ 2599.146986] binder: undelivered TRANSACTION_ERROR: 29201 [ 2599.153360] binder: undelivered TRANSACTION_ERROR: 29189 04:21:02 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd0500120000000006000100060000f07d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) [ 2599.155809] vhci_hcd: invalid port number 0 04:21:02 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000040)=0x0) syz_open_procfs(r1, &(0x7f0000000080)='fd/3\x00') sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000000000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x1, 0x2}, 0x0) 04:21:02 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x0, 0x5}) 04:21:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x33, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00634040000000000007000000000000000000000000000000000000000000000007000000000000000000000000000000000f"], 0x0, 0x0, 0x0}) 04:21:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x5500, 0x2}, 0x0) [ 2599.417611] IPVS: ftp: loaded support on port[0] = 21 [ 2599.422061] binder_alloc: 17906: binder_alloc_buf size 4222124650659840 failed, no address space [ 2599.442006] vhci_hcd: invalid port number 0 [ 2599.464229] netlink: 16 bytes leftover after parsing attributes in process `syz-executor0'. [ 2599.481101] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 2599.490972] binder: 17906:17909 transaction failed 29201/-28, size 0-4222124650659840 line 3035 04:21:02 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x40000fffffb, 0x802) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x100323, 0x0, 0x0, 0x0, 0x6}) 04:21:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000003060501ff0080fffd050012000200000c000100060000007d0a06010c000200070022ff02f16b52"], 0x2c}, 0x5600, 0x2}, 0x0) [ 2599.528651] binder_alloc: binder_alloc_mmap_handler: 17906 20001000-20004000 already mapped failed -16 [ 2599.548039] binder: BINDER_SET_CONTEXT_MGR already set [ 2599.593197] binder: 17906:17909 ioctl 40046207 0 returned -16 [ 2599.599530] binder_alloc: 17906: binder_alloc_buf, no vma [ 2599.617765] binder: 17906:17916 transaction failed 29189/-3, size 0-4222124650659840 line 3035 04:21:02 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x400, 0x80) getsockopt$inet_dccp_buf(r1, 0x21, 0xe, &(0x7f0000000240)=""/4096, &(0x7f0000000100)=0x1000) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000180)=ANY=[@ANYBLOB="2c00000003060501ff00800000000c000100060000007d0a06010c0002000c0022ff02f16b5286c0a44ca7f8530899acd91faa4a8adae8a8f31dd5800543014cf9a1105c804e985ecdefe80ebefa4ce1aee75caef543da531273b09ae249f2cf23cd63a17a02230ef16eca9a008f5db00e5b7921d58b7adbb3cd69827a1ee22ea511a7fffbf0dcef00de451929d5d99e6bfba186825d0281bce1beb5c0db56de030000000000000000000000000000000000"], 0x2c}, 0x1, 0x2}, 0x0) r2 = syz_open_dev$usb(&(0x7f0000000140)='/dev/bus/usb/00#/00#\x00', 0x1, 0x20000) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000080)={{0x1d, @local, 0x4e21, 0x1, 'nq\x00', 0xc, 0x3, 0x61}, {@remote, 0x4e21, 0x3, 0x7, 0x4, 0x7}}, 0x44) times(&(0x7f0000000040)) [ 2599.645942] binder: undelivered TRANSACTION_ERROR: 29201 [ 2599.700224] vhci_hcd: invalid port number 0 [ 2599.738562] vhci_hcd: invalid port number 0 [ 2599.769685] netlink: 24 bytes leftover after parsing attributes in process `syz-executor4'. [ 2599.807234] netlink: 24 bytes leftover after parsing attributes in process `syz-executor4'. [ 2599.961022] chnl_net:caif_netlink_parms(): no params data found [ 2600.030936] bridge0: port 1(bridge_slave_0) entered blocking state [ 2600.038072] bridge0: port 1(bridge_slave_0) entered disabled state [ 2600.045800] device bridge_slave_0 entered promiscuous mode [ 2600.053328] bridge0: port 2(bridge_slave_1) entered blocking state [ 2600.060172] bridge0: port 2(bridge_slave_1) entered disabled state [ 2600.067645] device bridge_slave_1 entered promiscuous mode [ 2600.094390] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2600.111828] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2600.152770] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2600.160492] team0: Port device team_slave_0 added [ 2600.166503] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2600.173962] team0: Port device team_slave_1 added [ 2600.179698] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 2600.187333] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 2600.268674] device hsr_slave_0 entered promiscuous mode [ 2600.315638] device hsr_slave_1 entered promiscuous mode [ 2600.355949] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 2600.363010] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 2600.393085] bridge0: port 2(bridge_slave_1) entered blocking state [ 2600.399517] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2600.406225] bridge0: port 1(bridge_slave_0) entered blocking state [ 2600.412587] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2600.498663] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 2600.504774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2600.523557] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2600.543157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2600.554825] bridge0: port 1(bridge_slave_0) entered disabled state [ 2600.569760] bridge0: port 2(bridge_slave_1) entered disabled state [ 2600.581875] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 2600.602262] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 2600.612828] 8021q: adding VLAN 0 to HW filter on device team0 [ 2600.631678] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2600.643008] bridge0: port 1(bridge_slave_0) entered blocking state [ 2600.649420] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2600.684607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2600.695006] bridge0: port 2(bridge_slave_1) entered blocking state [ 2600.701461] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2600.731243] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2600.741811] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2600.769082] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2600.778968] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2600.790193] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 2600.797667] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2600.804918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2600.824437] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2600.847568] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 2600.864195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2600.888651] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2601.675902] device bridge_slave_1 left promiscuous mode [ 2601.681399] bridge0: port 2(bridge_slave_1) entered disabled state [ 2601.736054] device bridge_slave_0 left promiscuous mode [ 2601.741507] bridge0: port 1(bridge_slave_0) entered disabled state [ 2601.871003] device hsr_slave_1 left promiscuous mode [ 2601.929430] device hsr_slave_0 left promiscuous mode [ 2601.969137] team0 (unregistering): Port device team_slave_1 removed [ 2601.984254] team0 (unregistering): Port device team_slave_0 removed [ 2601.995601] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 2602.029167] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 2602.123879] bond0 (unregistering): Released all slaves [ 2602.300070] WARNING: CPU: 1 PID: 17854 at net/batman-adv/multicast.c:371 batadv_mcast_mla_update+0x20ed/0x2980 [ 2602.311000] Kernel panic - not syncing: panic_on_warn set ... [ 2602.316887] CPU: 1 PID: 17854 Comm: kworker/u4:11 Not tainted 4.20.0+ #13 [ 2602.323796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2602.333164] Workqueue: bat_events batadv_mcast_mla_update [ 2602.338702] Call Trace: [ 2602.341280] dump_stack+0x1db/0x2d0 [ 2602.344897] ? dump_stack_print_info.cold+0x20/0x20 [ 2602.349908] ? batadv_mcast_mla_update+0x2040/0x2980 [ 2602.355020] panic+0x2cb/0x65c [ 2602.358254] ? add_taint.cold+0x16/0x16 [ 2602.362220] ? batadv_mcast_mla_update+0x20ed/0x2980 [ 2602.367326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2602.372881] ? __probe_kernel_read+0x1f4/0x250 [ 2602.377456] ? __warn.cold+0x5/0x48 [ 2602.381081] ? __warn+0xe8/0x1d0 [ 2602.384455] ? batadv_mcast_mla_update+0x20ed/0x2980 [ 2602.389563] __warn.cold+0x20/0x48 [ 2602.393098] ? batadv_mcast_mla_update+0x20ed/0x2980 [ 2602.398191] report_bug+0x263/0x2b0 [ 2602.401805] do_error_trap+0x11b/0x200 [ 2602.405689] do_invalid_op+0x37/0x50 [ 2602.409439] ? batadv_mcast_mla_update+0x20ed/0x2980 [ 2602.414545] invalid_op+0x14/0x20 [ 2602.417987] RIP: 0010:batadv_mcast_mla_update+0x20ed/0x2980 [ 2602.423685] Code: 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df be f8 f8 ff ff 66 41 89 34 06 48 c1 ea 03 c6 04 02 f8 e9 87 ea ff ff e8 83 ce af f9 <0f> 0b e9 cf e6 ff ff e8 77 ce af f9 48 8b 95 00 fe ff ff 49 c1 ee [ 2602.442585] RSP: 0018:ffff888098c9f788 EFLAGS: 00010293 [ 2602.447931] RAX: ffff88809e4b6700 RBX: 0000000000000001 RCX: ffffffff87d20f7a [ 2602.455198] RDX: 0000000000000000 RSI: ffffffff87d228ad RDI: 0000000000000007 [ 2602.462453] RBP: ffff888098c9f9e0 R08: ffff88809e4b6700 R09: ffff88809e4b6fc8 [ 2602.469732] R10: ffff88809e4b6700 R11: 0000000000000000 R12: ffff888098c9f868 [ 2602.476988] R13: 0000000000000000 R14: 1ffff11013193f0d R15: ffff888098c9f9b8 [ 2602.484251] ? batadv_mcast_mla_update+0x7ba/0x2980 [ 2602.489278] ? batadv_mcast_mla_update+0x20ed/0x2980 [ 2602.494380] ? batadv_mcast_mla_update+0x20ed/0x2980 [ 2602.499477] ? batadv_mcast_querier_log.isra.0+0x140/0x140 [ 2602.505094] ? trace_hardirqs_off+0xb8/0x310 [ 2602.509505] ? kasan_check_read+0x11/0x20 [ 2602.513641] ? do_raw_spin_unlock+0xa0/0x330 [ 2602.518043] ? process_one_work+0xbf1/0x1ce0 [ 2602.522441] ? find_held_lock+0x35/0x120 [ 2602.526491] ? add_lock_to_list.isra.0+0x450/0x450 [ 2602.531408] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2602.536932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2602.542472] ? check_preemption_disabled+0x48/0x290 [ 2602.547522] ? __lock_is_held+0xb6/0x140 [ 2602.551578] process_one_work+0xd0c/0x1ce0 [ 2602.555799] ? preempt_notifier_register+0x200/0x200 [ 2602.560893] ? __switch_to_asm+0x34/0x70 [ 2602.564948] ? pwq_dec_nr_in_flight+0x4a0/0x4a0 [ 2602.569606] ? __schedule+0x89f/0x1e60 [ 2602.573486] ? pci_mmcfg_check_reserved+0x170/0x170 [ 2602.578489] ? pci_mmcfg_check_reserved+0x170/0x170 [ 2602.583512] ? worker_thread+0x3b7/0x14a0 [ 2602.587666] ? find_held_lock+0x35/0x120 [ 2602.591715] ? lock_acquire+0x1db/0x570 [ 2602.595677] ? worker_thread+0x3cd/0x14a0 [ 2602.599816] ? kasan_check_read+0x11/0x20 [ 2602.603962] ? do_raw_spin_lock+0x156/0x360 [ 2602.608276] ? lock_release+0xc40/0xc40 [ 2602.612238] ? rwlock_bug.part.0+0x90/0x90 [ 2602.616459] ? trace_hardirqs_on_caller+0x310/0x310 [ 2602.621483] worker_thread+0x143/0x14a0 [ 2602.625466] ? process_one_work+0x1ce0/0x1ce0 [ 2602.629948] ? __kthread_parkme+0xc3/0x1b0 [ 2602.634178] ? lock_acquire+0x1db/0x570 [ 2602.638146] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 2602.643237] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2602.647823] ? trace_hardirqs_on+0xbd/0x310 [ 2602.652133] ? __kthread_parkme+0xc3/0x1b0 [ 2602.656393] ? trace_hardirqs_off_caller+0x300/0x300 [ 2602.661484] ? do_raw_spin_trylock+0x270/0x270 [ 2602.666053] ? schedule+0x108/0x350 [ 2602.669667] ? do_raw_spin_trylock+0x270/0x270 [ 2602.674260] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2602.679352] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2602.684889] ? __kthread_parkme+0xfb/0x1b0 [ 2602.689115] kthread+0x357/0x430 [ 2602.692492] ? process_one_work+0x1ce0/0x1ce0 [ 2602.696986] ? kthread_stop+0x920/0x920 [ 2602.700961] ret_from_fork+0x3a/0x50 [ 2602.705898] Kernel Offset: disabled [ 2602.709739] Rebooting in 86400 seconds..