last executing test programs:

685.967965ms ago: executing program 3 (id=17):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyprintk', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyprintk', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyprintk', 0x800, 0x0)

672.341886ms ago: executing program 2 (id=20):
socket$inet6_udp(0xa, 0x2, 0x0)

619.143865ms ago: executing program 0 (id=22):
clock_adjtime(0x0, &(0x7f0000000000))

618.818341ms ago: executing program 0 (id=24):
vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)

618.508977ms ago: executing program 3 (id=25):
io_destroy(0x0)

606.888031ms ago: executing program 2 (id=28):
syz_open_dev$hiddev(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$hiddev(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$hiddev(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$hiddev(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$hiddev(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$hiddev(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$hiddev(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$hiddev(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$hiddev(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$hiddev(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$hiddev(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$hiddev(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$hiddev(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$hiddev(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$hiddev(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$hiddev(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$hiddev(&(0x7f0000000500), 0x4, 0x800)

549.451265ms ago: executing program 0 (id=30):
wait4(0x0, 0x0, 0x0, 0x0)

549.265059ms ago: executing program 3 (id=31):
socket$igmp6(0xa, 0x3, 0x2)

548.591038ms ago: executing program 2 (id=34):
name_to_handle_at(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0)

491.265235ms ago: executing program 3 (id=36):
sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x0)

490.960816ms ago: executing program 0 (id=38):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey', 0x800, 0x0)

490.826077ms ago: executing program 2 (id=39):
getgroups(0x0, &(0x7f0000000000))

490.69165ms ago: executing program 3 (id=41):
syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x800)

477.448594ms ago: executing program 2 (id=44):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ubi_ctrl', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ubi_ctrl', 0x800, 0x0)

423.159233ms ago: executing program 0 (id=45):
set_tid_address(&(0x7f0000000000))

422.707159ms ago: executing program 2 (id=48):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dma_heap/system', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dma_heap/system', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dma_heap/system', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dma_heap/system', 0x800, 0x0)

422.417451ms ago: executing program 0 (id=50):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs', 0x800, 0x0)

420.534968ms ago: executing program 3 (id=51):
openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs', 0x1, 0x0)

401.098907ms ago: executing program 4 (id=52):
select(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000))

392.206458ms ago: executing program 1 (id=53):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ashmem', 0x800, 0x0)

309.789759ms ago: executing program 1 (id=57):
syz_open_dev$sndpcmc(&(0x7f0000000040), 0x1, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000080), 0x1, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x1, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000100), 0x1, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000140), 0xb, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000180), 0xb, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xb, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000200), 0xb, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000240), 0x15, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000280), 0x15, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x15, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000300), 0x15, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000340), 0x1f, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000380), 0x1f, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x1f, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000400), 0x1f, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000440), 0x29, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000480), 0x29, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x29, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000500), 0x29, 0x800)

309.701553ms ago: executing program 4 (id=58):
syz_open_dev$sndhw(&(0x7f0000000040), 0x1, 0x0)
syz_open_dev$sndhw(&(0x7f0000000080), 0x1, 0x1)
syz_open_dev$sndhw(&(0x7f00000000c0), 0x1, 0x2)
syz_open_dev$sndhw(&(0x7f0000000100), 0x1, 0x800)
syz_open_dev$sndhw(&(0x7f0000000140), 0xb, 0x0)
syz_open_dev$sndhw(&(0x7f0000000180), 0xb, 0x1)
syz_open_dev$sndhw(&(0x7f00000001c0), 0xb, 0x2)
syz_open_dev$sndhw(&(0x7f0000000200), 0xb, 0x800)
syz_open_dev$sndhw(&(0x7f0000000240), 0x15, 0x0)
syz_open_dev$sndhw(&(0x7f0000000280), 0x15, 0x1)
syz_open_dev$sndhw(&(0x7f00000002c0), 0x15, 0x2)
syz_open_dev$sndhw(&(0x7f0000000300), 0x15, 0x800)
syz_open_dev$sndhw(&(0x7f0000000340), 0x1f, 0x0)
syz_open_dev$sndhw(&(0x7f0000000380), 0x1f, 0x1)
syz_open_dev$sndhw(&(0x7f00000003c0), 0x1f, 0x2)
syz_open_dev$sndhw(&(0x7f0000000400), 0x1f, 0x800)
syz_open_dev$sndhw(&(0x7f0000000440), 0x29, 0x0)
syz_open_dev$sndhw(&(0x7f0000000480), 0x29, 0x1)
syz_open_dev$sndhw(&(0x7f00000004c0), 0x29, 0x2)
syz_open_dev$sndhw(&(0x7f0000000500), 0x29, 0x800)

309.633756ms ago: executing program 5 (id=59):
syz_open_dev$sndpcmp(&(0x7f0000000040), 0x1, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000080), 0x1, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x1, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000100), 0x1, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000140), 0xb, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000180), 0xb, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xb, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000200), 0xb, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000240), 0x15, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000280), 0x15, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x15, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x15, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1f, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000380), 0x1f, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x1f, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000400), 0x1f, 0x800)
syz_open_dev$sndpcmp(&(0x7f0000000440), 0x29, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000480), 0x29, 0x1)
syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x29, 0x2)
syz_open_dev$sndpcmp(&(0x7f0000000500), 0x29, 0x800)

258.08654ms ago: executing program 1 (id=60):
syz_open_dev$usbfs(&(0x7f0000000040), 0x1, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x1, 0x1)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x2)
syz_open_dev$usbfs(&(0x7f0000000100), 0x1, 0x800)
syz_open_dev$usbfs(&(0x7f0000000140), 0xb, 0x0)
syz_open_dev$usbfs(&(0x7f0000000180), 0xb, 0x1)
syz_open_dev$usbfs(&(0x7f00000001c0), 0xb, 0x2)
syz_open_dev$usbfs(&(0x7f0000000200), 0xb, 0x800)
syz_open_dev$usbfs(&(0x7f0000000240), 0x15, 0x0)
syz_open_dev$usbfs(&(0x7f0000000280), 0x15, 0x1)
syz_open_dev$usbfs(&(0x7f00000002c0), 0x15, 0x2)
syz_open_dev$usbfs(&(0x7f0000000300), 0x15, 0x800)
syz_open_dev$usbfs(&(0x7f0000000340), 0x1f, 0x0)
syz_open_dev$usbfs(&(0x7f0000000380), 0x1f, 0x1)
syz_open_dev$usbfs(&(0x7f00000003c0), 0x1f, 0x2)
syz_open_dev$usbfs(&(0x7f0000000400), 0x1f, 0x800)
syz_open_dev$usbfs(&(0x7f0000000440), 0x29, 0x0)
syz_open_dev$usbfs(&(0x7f0000000480), 0x29, 0x1)
syz_open_dev$usbfs(&(0x7f00000004c0), 0x29, 0x2)
syz_open_dev$usbfs(&(0x7f0000000500), 0x29, 0x800)

257.665732ms ago: executing program 5 (id=61):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x1, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000080), 0x1, 0x1)
syz_open_dev$sndmidi(&(0x7f00000000c0), 0x1, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x1, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000140), 0xb, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000180), 0xb, 0x1)
syz_open_dev$sndmidi(&(0x7f00000001c0), 0xb, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000200), 0xb, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000240), 0x15, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000280), 0x15, 0x1)
syz_open_dev$sndmidi(&(0x7f00000002c0), 0x15, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000300), 0x15, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000340), 0x1f, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000380), 0x1f, 0x1)
syz_open_dev$sndmidi(&(0x7f00000003c0), 0x1f, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000400), 0x1f, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000440), 0x29, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000480), 0x29, 0x1)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x29, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000500), 0x29, 0x800)

216.895037ms ago: executing program 4 (id=62):
syz_open_dev$sndpcmc(&(0x7f0000000040), 0x2, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000080), 0x2, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x2, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000100), 0x2, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000140), 0xc, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000180), 0xc, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xc, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000200), 0xc, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000240), 0x16, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000280), 0x16, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x16, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000300), 0x16, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000340), 0x20, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000380), 0x20, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x20, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000400), 0x20, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000440), 0x2a, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000480), 0x2a, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x2a, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000500), 0x2a, 0x800)

177.167813ms ago: executing program 5 (id=63):
syz_open_dev$sndhw(&(0x7f0000000040), 0x2, 0x0)
syz_open_dev$sndhw(&(0x7f0000000080), 0x2, 0x1)
syz_open_dev$sndhw(&(0x7f00000000c0), 0x2, 0x2)
syz_open_dev$sndhw(&(0x7f0000000100), 0x2, 0x800)
syz_open_dev$sndhw(&(0x7f0000000140), 0xc, 0x0)
syz_open_dev$sndhw(&(0x7f0000000180), 0xc, 0x1)
syz_open_dev$sndhw(&(0x7f00000001c0), 0xc, 0x2)
syz_open_dev$sndhw(&(0x7f0000000200), 0xc, 0x800)
syz_open_dev$sndhw(&(0x7f0000000240), 0x16, 0x0)
syz_open_dev$sndhw(&(0x7f0000000280), 0x16, 0x1)
syz_open_dev$sndhw(&(0x7f00000002c0), 0x16, 0x2)
syz_open_dev$sndhw(&(0x7f0000000300), 0x16, 0x800)
syz_open_dev$sndhw(&(0x7f0000000340), 0x20, 0x0)
syz_open_dev$sndhw(&(0x7f0000000380), 0x20, 0x1)
syz_open_dev$sndhw(&(0x7f00000003c0), 0x20, 0x2)
syz_open_dev$sndhw(&(0x7f0000000400), 0x20, 0x800)
syz_open_dev$sndhw(&(0x7f0000000440), 0x2a, 0x0)
syz_open_dev$sndhw(&(0x7f0000000480), 0x2a, 0x1)
syz_open_dev$sndhw(&(0x7f00000004c0), 0x2a, 0x2)
syz_open_dev$sndhw(&(0x7f0000000500), 0x2a, 0x800)

135.090222ms ago: executing program 1 (id=64):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000080), 0x2, 0x1)
syz_open_dev$sndmidi(&(0x7f00000000c0), 0x2, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000140), 0xc, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000180), 0xc, 0x1)
syz_open_dev$sndmidi(&(0x7f00000001c0), 0xc, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000200), 0xc, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000240), 0x16, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000280), 0x16, 0x1)
syz_open_dev$sndmidi(&(0x7f00000002c0), 0x16, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000300), 0x16, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000340), 0x20, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000380), 0x20, 0x1)
syz_open_dev$sndmidi(&(0x7f00000003c0), 0x20, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000400), 0x20, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000440), 0x2a, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000480), 0x2a, 0x1)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2a, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000500), 0x2a, 0x800)

134.135039ms ago: executing program 4 (id=65):
syz_open_dev$sndpcmc(&(0x7f0000000040), 0x3, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000080), 0x3, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x3, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000100), 0x3, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000140), 0xd, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000180), 0xd, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xd, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000200), 0xd, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000240), 0x17, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000280), 0x17, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x17, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000300), 0x17, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000340), 0x21, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000380), 0x21, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x21, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000400), 0x21, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000440), 0x2b, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000480), 0x2b, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x2b, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000500), 0x2b, 0x800)

132.799723ms ago: executing program 5 (id=66):
syz_open_dev$usbfs(&(0x7f0000000040), 0x2, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x2, 0x1)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x2, 0x2)
syz_open_dev$usbfs(&(0x7f0000000100), 0x2, 0x800)
syz_open_dev$usbfs(&(0x7f0000000140), 0xc, 0x0)
syz_open_dev$usbfs(&(0x7f0000000180), 0xc, 0x1)
syz_open_dev$usbfs(&(0x7f00000001c0), 0xc, 0x2)
syz_open_dev$usbfs(&(0x7f0000000200), 0xc, 0x800)
syz_open_dev$usbfs(&(0x7f0000000240), 0x16, 0x0)
syz_open_dev$usbfs(&(0x7f0000000280), 0x16, 0x1)
syz_open_dev$usbfs(&(0x7f00000002c0), 0x16, 0x2)
syz_open_dev$usbfs(&(0x7f0000000300), 0x16, 0x800)
syz_open_dev$usbfs(&(0x7f0000000340), 0x20, 0x0)
syz_open_dev$usbfs(&(0x7f0000000380), 0x20, 0x1)
syz_open_dev$usbfs(&(0x7f00000003c0), 0x20, 0x2)
syz_open_dev$usbfs(&(0x7f0000000400), 0x20, 0x800)
syz_open_dev$usbfs(&(0x7f0000000440), 0x2a, 0x0)
syz_open_dev$usbfs(&(0x7f0000000480), 0x2a, 0x1)
syz_open_dev$usbfs(&(0x7f00000004c0), 0x2a, 0x2)
syz_open_dev$usbfs(&(0x7f0000000500), 0x2a, 0x800)

126.38548ms ago: executing program 1 (id=67):
syz_open_dev$sndhw(&(0x7f0000000040), 0x3, 0x0)
syz_open_dev$sndhw(&(0x7f0000000080), 0x3, 0x1)
syz_open_dev$sndhw(&(0x7f00000000c0), 0x3, 0x2)
syz_open_dev$sndhw(&(0x7f0000000100), 0x3, 0x800)
syz_open_dev$sndhw(&(0x7f0000000140), 0xd, 0x0)
syz_open_dev$sndhw(&(0x7f0000000180), 0xd, 0x1)
syz_open_dev$sndhw(&(0x7f00000001c0), 0xd, 0x2)
syz_open_dev$sndhw(&(0x7f0000000200), 0xd, 0x800)
syz_open_dev$sndhw(&(0x7f0000000240), 0x17, 0x0)
syz_open_dev$sndhw(&(0x7f0000000280), 0x17, 0x1)
syz_open_dev$sndhw(&(0x7f00000002c0), 0x17, 0x2)
syz_open_dev$sndhw(&(0x7f0000000300), 0x17, 0x800)
syz_open_dev$sndhw(&(0x7f0000000340), 0x21, 0x0)
syz_open_dev$sndhw(&(0x7f0000000380), 0x21, 0x1)
syz_open_dev$sndhw(&(0x7f00000003c0), 0x21, 0x2)
syz_open_dev$sndhw(&(0x7f0000000400), 0x21, 0x800)
syz_open_dev$sndhw(&(0x7f0000000440), 0x2b, 0x0)
syz_open_dev$sndhw(&(0x7f0000000480), 0x2b, 0x1)
syz_open_dev$sndhw(&(0x7f00000004c0), 0x2b, 0x2)
syz_open_dev$sndhw(&(0x7f0000000500), 0x2b, 0x800)

87.669767ms ago: executing program 4 (id=68):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x3, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000080), 0x3, 0x1)
syz_open_dev$sndmidi(&(0x7f00000000c0), 0x3, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x3, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000140), 0xd, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000180), 0xd, 0x1)
syz_open_dev$sndmidi(&(0x7f00000001c0), 0xd, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000200), 0xd, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000240), 0x17, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000280), 0x17, 0x1)
syz_open_dev$sndmidi(&(0x7f00000002c0), 0x17, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000300), 0x17, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000340), 0x21, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000380), 0x21, 0x1)
syz_open_dev$sndmidi(&(0x7f00000003c0), 0x21, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000400), 0x21, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000440), 0x2b, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000480), 0x2b, 0x1)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2b, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000500), 0x2b, 0x800)

43.068834ms ago: executing program 5 (id=69):
syz_open_dev$sndpcmc(&(0x7f0000000040), 0x4, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000080), 0x4, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x4, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000100), 0x4, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000140), 0xe, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000180), 0xe, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xe, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000200), 0xe, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000240), 0x18, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000280), 0x18, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x18, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000300), 0x18, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000340), 0x22, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000380), 0x22, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x22, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000400), 0x22, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000440), 0x2c, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000480), 0x2c, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x2c, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000500), 0x2c, 0x800)

42.386252ms ago: executing program 1 (id=70):
syz_open_dev$usbfs(&(0x7f0000000040), 0x3, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x3, 0x1)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x3, 0x2)
syz_open_dev$usbfs(&(0x7f0000000100), 0x3, 0x800)
syz_open_dev$usbfs(&(0x7f0000000140), 0xd, 0x0)
syz_open_dev$usbfs(&(0x7f0000000180), 0xd, 0x1)
syz_open_dev$usbfs(&(0x7f00000001c0), 0xd, 0x2)
syz_open_dev$usbfs(&(0x7f0000000200), 0xd, 0x800)
syz_open_dev$usbfs(&(0x7f0000000240), 0x17, 0x0)
syz_open_dev$usbfs(&(0x7f0000000280), 0x17, 0x1)
syz_open_dev$usbfs(&(0x7f00000002c0), 0x17, 0x2)
syz_open_dev$usbfs(&(0x7f0000000300), 0x17, 0x800)
syz_open_dev$usbfs(&(0x7f0000000340), 0x21, 0x0)
syz_open_dev$usbfs(&(0x7f0000000380), 0x21, 0x1)
syz_open_dev$usbfs(&(0x7f00000003c0), 0x21, 0x2)
syz_open_dev$usbfs(&(0x7f0000000400), 0x21, 0x800)
syz_open_dev$usbfs(&(0x7f0000000440), 0x2b, 0x0)
syz_open_dev$usbfs(&(0x7f0000000480), 0x2b, 0x1)
syz_open_dev$usbfs(&(0x7f00000004c0), 0x2b, 0x2)
syz_open_dev$usbfs(&(0x7f0000000500), 0x2b, 0x800)

39.44091ms ago: executing program 5 (id=71):
syz_open_dev$sndhw(&(0x7f0000000040), 0x4, 0x0)
syz_open_dev$sndhw(&(0x7f0000000080), 0x4, 0x1)
syz_open_dev$sndhw(&(0x7f00000000c0), 0x4, 0x2)
syz_open_dev$sndhw(&(0x7f0000000100), 0x4, 0x800)
syz_open_dev$sndhw(&(0x7f0000000140), 0xe, 0x0)
syz_open_dev$sndhw(&(0x7f0000000180), 0xe, 0x1)
syz_open_dev$sndhw(&(0x7f00000001c0), 0xe, 0x2)
syz_open_dev$sndhw(&(0x7f0000000200), 0xe, 0x800)
syz_open_dev$sndhw(&(0x7f0000000240), 0x18, 0x0)
syz_open_dev$sndhw(&(0x7f0000000280), 0x18, 0x1)
syz_open_dev$sndhw(&(0x7f00000002c0), 0x18, 0x2)
syz_open_dev$sndhw(&(0x7f0000000300), 0x18, 0x800)
syz_open_dev$sndhw(&(0x7f0000000340), 0x22, 0x0)
syz_open_dev$sndhw(&(0x7f0000000380), 0x22, 0x1)
syz_open_dev$sndhw(&(0x7f00000003c0), 0x22, 0x2)
syz_open_dev$sndhw(&(0x7f0000000400), 0x22, 0x800)
syz_open_dev$sndhw(&(0x7f0000000440), 0x2c, 0x0)
syz_open_dev$sndhw(&(0x7f0000000480), 0x2c, 0x1)
syz_open_dev$sndhw(&(0x7f00000004c0), 0x2c, 0x2)
syz_open_dev$sndhw(&(0x7f0000000500), 0x2c, 0x800)

0s ago: executing program 4 (id=72):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x4, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000080), 0x4, 0x1)
syz_open_dev$sndmidi(&(0x7f00000000c0), 0x4, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x4, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000140), 0xe, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000180), 0xe, 0x1)
syz_open_dev$sndmidi(&(0x7f00000001c0), 0xe, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000200), 0xe, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000240), 0x18, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000280), 0x18, 0x1)
syz_open_dev$sndmidi(&(0x7f00000002c0), 0x18, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000300), 0x18, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000340), 0x22, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000380), 0x22, 0x1)
syz_open_dev$sndmidi(&(0x7f00000003c0), 0x22, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000400), 0x22, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000440), 0x2c, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000480), 0x2c, 0x1)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2c, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000500), 0x2c, 0x800)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.232' (ED25519) to the list of known hosts.
[   82.434177][ T5824] cgroup: Unknown subsys name 'net'
[   82.585685][ T5824] cgroup: Unknown subsys name 'cpuset'
[   82.595144][ T5824] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   84.079718][ T5824] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   87.173593][ T5900] ==================================================================
[   87.181705][ T5900] BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0
[   87.189473][ T5900] Write of size 8 at addr ffff888029047008 by task syz-executor/5900
[   87.197562][ T5900] 
[   87.199901][ T5900] CPU: 1 UID: 0 PID: 5900 Comm: syz-executor Not tainted 6.13.0-syzkaller-09147-ge2ee2e9b1590 #0
[   87.199943][ T5900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   87.199965][ T5900] Call Trace:
[   87.199976][ T5900]  <TASK>
[   87.199988][ T5900]  dump_stack_lvl+0x116/0x1f0
[   87.200037][ T5900]  print_report+0xc3/0x620
[   87.200095][ T5900]  ? srso_alias_return_thunk+0x5/0xfbef5
[   87.200159][ T5900]  ? srso_alias_return_thunk+0x5/0xfbef5
[   87.200218][ T5900]  ? __phys_addr+0xc6/0x150
[   87.200257][ T5900]  kasan_report+0xd9/0x110
[   87.200314][ T5900]  ? binder_add_device+0xa4/0xb0
[   87.200358][ T5900]  ? binder_add_device+0xa4/0xb0
[   87.200404][ T5900]  binder_add_device+0xa4/0xb0
[   87.200446][ T5900]  binderfs_binder_device_create.isra.0+0x95f/0xb70
[   87.200507][ T5900]  binderfs_fill_super+0x8d6/0x1360
[   87.200563][ T5900]  ? __pfx_binderfs_fill_super+0x10/0x10
[   87.200615][ T5900]  ? srso_alias_return_thunk+0x5/0xfbef5
[   87.200711][ T5900]  ? shrinker_register+0x1a8/0x260
[   87.200759][ T5900]  ? srso_alias_return_thunk+0x5/0xfbef5
[   87.200823][ T5900]  ? sget_fc+0x808/0xc20
[   87.200869][ T5900]  ? apparmor_capable+0x114/0x1d0
[   87.200929][ T5900]  ? __pfx_set_anon_super_fc+0x10/0x10
[   87.200975][ T5900]  ? __pfx_binderfs_fill_super+0x10/0x10
[   87.201027][ T5900]  get_tree_nodev+0xdd/0x190
[   87.201078][ T5900]  vfs_get_tree+0x8e/0x340
[   87.201118][ T5900]  path_mount+0x14e6/0x1f10
[   87.201177][ T5900]  ? srso_alias_return_thunk+0x5/0xfbef5
[   87.201236][ T5900]  ? kmem_cache_free+0x2e2/0x4d0
[   87.201290][ T5900]  ? __pfx_path_mount+0x10/0x10
[   87.201349][ T5900]  ? srso_alias_return_thunk+0x5/0xfbef5
[   87.201408][ T5900]  ? putname+0x13c/0x180
[   87.201445][ T5900]  __x64_sys_mount+0x28f/0x310
[   87.201502][ T5900]  ? __pfx___x64_sys_mount+0x10/0x10
[   87.201568][ T5900]  do_syscall_64+0xcd/0x250
[   87.201615][ T5900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.201667][ T5900] RIP: 0033:0x7fd3e218e54a
[   87.201693][ T5900] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.201728][ T5900] RSP: 002b:00007ffee04f4748 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   87.201761][ T5900] RAX: ffffffffffffffda RBX: 00007fd3e220e663 RCX: 00007fd3e218e54a
[   87.201809][ T5900] RDX: 00007fd3e221dda7 RSI: 00007fd3e220e663 RDI: 00007fd3e221dda7
[   87.201833][ T5900] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   87.201855][ T5900] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd3e2228480
[   87.201878][ T5900] R13: 00007ffee04f47c8 R14: 0000000000000009 R15: 0000000000000000
[   87.201911][ T5900]  </TASK>
[   87.201923][ T5900] 
[   87.464363][ T5900] Allocated by task 5835:
[   87.468707][ T5900]  kasan_save_stack+0x33/0x60
[   87.473440][ T5900]  kasan_save_track+0x14/0x30
[   87.478168][ T5900]  __kasan_kmalloc+0xaa/0xb0
[   87.482810][ T5900]  binderfs_binder_device_create.isra.0+0x17a/0xb70
[   87.489447][ T5900]  binderfs_fill_super+0x8d6/0x1360
[   87.494693][ T5900]  get_tree_nodev+0xdd/0x190
[   87.499338][ T5900]  vfs_get_tree+0x8e/0x340
[   87.503796][ T5900]  path_mount+0x14e6/0x1f10
[   87.508350][ T5900]  __x64_sys_mount+0x28f/0x310
[   87.513163][ T5900]  do_syscall_64+0xcd/0x250
[   87.517707][ T5900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.523664][ T5900] 
[   87.526000][ T5900] Freed by task 5835:
[   87.530000][ T5900]  kasan_save_stack+0x33/0x60
[   87.534726][ T5900]  kasan_save_track+0x14/0x30
[   87.539462][ T5900]  kasan_save_free_info+0x3b/0x60
[   87.544530][ T5900]  __kasan_slab_free+0x51/0x70
[   87.549343][ T5900]  kfree+0x2c4/0x4d0
[   87.553276][ T5900]  binderfs_evict_inode+0x1e0/0x250
[   87.558521][ T5900]  evict+0x40c/0x960
[   87.562450][ T5900]  iput+0x52a/0x890
[   87.566289][ T5900]  dentry_unlink_inode+0x29c/0x480
[   87.571426][ T5900]  __dentry_kill+0x1d0/0x600
[   87.576049][ T5900]  shrink_dentry_list+0x140/0x5d0
[   87.581112][ T5900]  shrink_dcache_parent+0xe2/0x530
[   87.586261][ T5900]  shrink_dcache_for_umount+0xa1/0x3e0
[   87.591848][ T5900]  generic_shutdown_super+0x6c/0x390
[   87.597168][ T5900]  kill_litter_super+0x70/0xa0
[   87.601975][ T5900]  binderfs_kill_super+0x3b/0xa0
[   87.606952][ T5900]  deactivate_locked_super+0xc1/0x1a0
[   87.612364][ T5900]  deactivate_super+0xde/0x100
[   87.617171][ T5900]  cleanup_mnt+0x222/0x450
[   87.621629][ T5900]  task_work_run+0x151/0x250
[   87.626264][ T5900]  do_exit+0xad8/0x2d70
[   87.630451][ T5900]  do_group_exit+0xd3/0x2a0
[   87.634986][ T5900]  get_signal+0x24ed/0x26c0
[   87.639543][ T5900]  arch_do_signal_or_restart+0x90/0x7e0
[   87.645128][ T5900]  syscall_exit_to_user_mode+0x150/0x2a0
[   87.650804][ T5900]  do_syscall_64+0xda/0x250
[   87.655347][ T5900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.661290][ T5900] 
[   87.663632][ T5900] The buggy address belongs to the object at ffff888029047000
[   87.663632][ T5900]  which belongs to the cache kmalloc-512 of size 512
[   87.677713][ T5900] The buggy address is located 8 bytes inside of
[   87.677713][ T5900]  freed 512-byte region [ffff888029047000, ffff888029047200)
[   87.691378][ T5900] 
[   87.693724][ T5900] The buggy address belongs to the physical page:
[   87.700190][ T5900] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29044
[   87.708981][ T5900] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   87.717507][ T5900] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   87.725082][ T5900] page_type: f5(slab)
[   87.729093][ T5900] raw: 00fff00000000040 ffff88801b041c80 ffffea0000ca3000 dead000000000002
[   87.737797][ T5900] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   87.746412][ T5900] head: 00fff00000000040 ffff88801b041c80 ffffea0000ca3000 dead000000000002
[   87.755115][ T5900] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   87.763821][ T5900] head: 00fff00000000002 ffffea0000a41101 ffffffffffffffff 0000000000000000
[   87.772525][ T5900] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   87.781221][ T5900] page dumped because: kasan: bad access detected
[   87.787667][ T5900] page_owner tracks the page as allocated
[   87.793402][ T5900] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5213, tgid 5213 (udevd), ts 39944540241, free_ts 39265356711
[   87.814298][ T5900]  post_alloc_hook+0x181/0x1b0
[   87.819119][ T5900]  get_page_from_freelist+0xfce/0x2f80
[   87.824649][ T5900]  __alloc_frozen_pages_noprof+0x221/0x2470
[   87.830603][ T5900]  alloc_pages_mpol+0x1fc/0x540
[   87.835521][ T5900]  new_slab+0x23d/0x330
[   87.839720][ T5900]  ___slab_alloc+0xc5d/0x1720
[   87.844449][ T5900]  __slab_alloc.constprop.0+0x56/0xb0
[   87.849874][ T5900]  __kmalloc_cache_noprof+0xfa/0x410
[   87.855204][ T5900]  kernfs_fop_open+0x28b/0xdb0
[   87.859999][ T5900]  do_dentry_open+0x738/0x1c40
[   87.864809][ T5900]  vfs_open+0x82/0x3f0
[   87.868911][ T5900]  path_openat+0x1e88/0x2d80
[   87.873549][ T5900]  do_filp_open+0x20c/0x470
[   87.878111][ T5900]  do_sys_openat2+0x17a/0x1e0
[   87.882822][ T5900]  __x64_sys_openat+0x175/0x210
[   87.887706][ T5900]  do_syscall_64+0xcd/0x250
[   87.892257][ T5900] page last free pid 5208 tgid 5208 stack trace:
[   87.898602][ T5900]  free_frozen_pages+0x6db/0xfb0
[   87.903601][ T5900]  __put_partials+0x14c/0x170
[   87.908335][ T5900]  qlist_free_all+0x4e/0x120
[   87.912971][ T5900]  kasan_quarantine_reduce+0x195/0x1e0
[   87.918480][ T5900]  __kasan_slab_alloc+0x69/0x90
[   87.923381][ T5900]  kmem_cache_alloc_noprof+0x226/0x3d0
[   87.928892][ T5900]  getname_flags.part.0+0x4c/0x550
[   87.934041][ T5900]  getname_flags+0x93/0xf0
[   87.938505][ T5900]  do_readlinkat+0xb5/0x390
[   87.943035][ T5900]  __x64_sys_readlink+0x78/0xc0
[   87.947933][ T5900]  do_syscall_64+0xcd/0x250
[   87.952478][ T5900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.958419][ T5900] 
[   87.960760][ T5900] Memory state around the buggy address:
[   87.966407][ T5900]  ffff888029046f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   87.974488][ T5900]  ffff888029046f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   87.982675][ T5900] >ffff888029047000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.990760][ T5900]                       ^
[   87.995106][ T5900]  ffff888029047080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   88.003192][ T5900]  ffff888029047100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   88.011273][ T5900] ==================================================================
[   88.042392][ T5900] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[   88.050244][ T5900] CPU: 1 UID: 0 PID: 5900 Comm: syz-executor Not tainted 6.13.0-syzkaller-09147-ge2ee2e9b1590 #0
[   88.060784][ T5900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   88.070868][ T5900] Call Trace:
[   88.074168][ T5900]  <TASK>
[   88.077122][ T5900]  dump_stack_lvl+0x3d/0x1f0
[   88.081767][ T5900]  panic+0x71d/0x800
[   88.085704][ T5900]  ? __pfx_panic+0x10/0x10
[   88.090168][ T5900]  ? lockdep_hardirqs_on+0x7c/0x110
[   88.095410][ T5900]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.101105][ T5900]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.106794][ T5900]  ? preempt_schedule_common+0x44/0xc0
[   88.112296][ T5900]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.117990][ T5900]  ? preempt_schedule_thunk+0x1a/0x30
[   88.123418][ T5900]  end_report+0x169/0x180
[   88.127811][ T5900]  kasan_report+0xe9/0x110
[   88.132287][ T5900]  ? binder_add_device+0xa4/0xb0
[   88.137264][ T5900]  ? binder_add_device+0xa4/0xb0
[   88.142249][ T5900]  binder_add_device+0xa4/0xb0
[   88.147141][ T5900]  binderfs_binder_device_create.isra.0+0x95f/0xb70
[   88.153902][ T5900]  binderfs_fill_super+0x8d6/0x1360
[   88.159138][ T5900]  ? __pfx_binderfs_fill_super+0x10/0x10
[   88.164804][ T5900]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.170610][ T5900]  ? shrinker_register+0x1a8/0x260
[   88.175781][ T5900]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.181537][ T5900]  ? sget_fc+0x808/0xc20
[   88.185810][ T5900]  ? apparmor_capable+0x114/0x1d0
[   88.190872][ T5900]  ? __pfx_set_anon_super_fc+0x10/0x10
[   88.196358][ T5900]  ? __pfx_binderfs_fill_super+0x10/0x10
[   88.202024][ T5900]  get_tree_nodev+0xdd/0x190
[   88.206661][ T5900]  vfs_get_tree+0x8e/0x340
[   88.211101][ T5900]  path_mount+0x14e6/0x1f10
[   88.215649][ T5900]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.221320][ T5900]  ? kmem_cache_free+0x2e2/0x4d0
[   88.226293][ T5900]  ? __pfx_path_mount+0x10/0x10
[   88.231189][ T5900]  ? srso_alias_return_thunk+0x5/0xfbef5
[   88.236865][ T5900]  ? putname+0x13c/0x180
[   88.241127][ T5900]  __x64_sys_mount+0x28f/0x310
[   88.245943][ T5900]  ? __pfx___x64_sys_mount+0x10/0x10
[   88.251276][ T5900]  do_syscall_64+0xcd/0x250
[   88.255817][ T5900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.261744][ T5900] RIP: 0033:0x7fd3e218e54a
[   88.266173][ T5900] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.285802][ T5900] RSP: 002b:00007ffee04f4748 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   88.294233][ T5900] RAX: ffffffffffffffda RBX: 00007fd3e220e663 RCX: 00007fd3e218e54a
[   88.302216][ T5900] RDX: 00007fd3e221dda7 RSI: 00007fd3e220e663 RDI: 00007fd3e221dda7
[   88.310199][ T5900] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   88.318179][ T5900] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd3e2228480
[   88.326163][ T5900] R13: 00007ffee04f47c8 R14: 0000000000000009 R15: 0000000000000000
[   88.334158][ T5900]  </TASK>
[   88.337414][ T5900] Kernel Offset: disabled
[   88.341737][ T5900] Rebooting in 86400 seconds..