diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 3604f0df68965098dd4e11b9868e587808124511..c085eab1b2ec7f4239a838963af41159af533ef6 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -555,6 +555,7 @@ struct binder_thread {
 	struct binder_stats stats;
 	atomic_t tmp_ref;
 	bool is_dead;
+	struct access_token tokens;
 };
 
 /**
@@ -4554,6 +4555,10 @@ static int binder_thread_read(struct binder_proc *proc,
 		if (t_from)
 			binder_thread_dec_tmpref(t_from);
 		t->buffer->allow_user_free = 1;
+		binder_inner_proc_lock(thread->proc);
+		thread->tokens.sender_tokenid = t->sender_tokenid;
+		thread->tokens.first_tokenid = t->first_tokenid;
+		binder_inner_proc_unlock(thread->proc);
 		if (cmd != BR_REPLY && !(t->flags & TF_ONE_WAY)) {
 			binder_inner_proc_lock(thread->proc);
 			t->to_parent = thread->transaction_stack;
@@ -5165,14 +5170,8 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 			goto err;
 		}
 		binder_inner_proc_lock(proc);
-		if (thread->transaction_stack == NULL) {
-			ret = -EFAULT;
-			binder_inner_proc_unlock(proc);
-			goto err;
-		}
-		token = thread->transaction_stack->sender_tokenid;
-		ftoken = thread->transaction_stack->first_tokenid;
-
+		token = thread->tokens.sender_tokenid;
+		ftoken = thread->tokens.first_tokenid;
 		binder_inner_proc_unlock(proc);
 		if (put_user(token, &tokens->sender_tokenid)) {
 			ret = -EINVAL;