last executing test programs:

452.280512ms ago: executing program 3 (id=361):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sgx_provision', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sgx_provision', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sgx_provision', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sgx_provision', 0x800, 0x0)

447.976592ms ago: executing program 3 (id=364):
socket$caif_stream(0x25, 0x1, 0x0)

389.695703ms ago: executing program 3 (id=367):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control', 0x800, 0x0)

388.162449ms ago: executing program 3 (id=371):
fstatfs(0xffffffffffffffff, &(0x7f0000000000))

339.768044ms ago: executing program 3 (id=376):
uname(&(0x7f0000000000))

325.046839ms ago: executing program 3 (id=383):
rt_sigreturn()

188.081029ms ago: executing program 2 (id=393):
socket$inet6_dccp(0xa, 0x6, 0x0)

187.734027ms ago: executing program 4 (id=395):
timer_settime(0x0, 0x0, &(0x7f0000000000), 0x0)

187.533581ms ago: executing program 1 (id=396):
unlink(&(0x7f0000000000))

178.944646ms ago: executing program 2 (id=397):
name_to_handle_at(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0)

165.825794ms ago: executing program 4 (id=398):
socket$inet_icmp_raw(0x2, 0x3, 0x1)

120.483136ms ago: executing program 0 (id=399):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse', 0x2, 0x0)

120.132663ms ago: executing program 1 (id=400):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max', 0x2, 0x0)

119.791687ms ago: executing program 2 (id=401):
set_thread_area(&(0x7f0000000000))

119.691511ms ago: executing program 0 (id=402):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats', 0x0, 0x0)

119.599609ms ago: executing program 2 (id=403):
pwritev(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0)

117.218813ms ago: executing program 1 (id=404):
inotify_init1(0x0)

117.040606ms ago: executing program 4 (id=405):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls', 0x0, 0x0)

109.483201ms ago: executing program 0 (id=406):
request_key(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0)

106.673947ms ago: executing program 4 (id=407):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg', 0x800, 0x0)

49.054528ms ago: executing program 0 (id=408):
fchown(0xffffffffffffffff, 0x0, 0x0)

48.794873ms ago: executing program 1 (id=409):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qrtr-tun', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qrtr-tun', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qrtr-tun', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qrtr-tun', 0x800, 0x0)

48.704831ms ago: executing program 2 (id=410):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/mk_contexts', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/mk_contexts', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/mk_contexts', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/mk_contexts', 0x800, 0x0)

48.62151ms ago: executing program 4 (id=411):
epoll_create1(0x0)

48.512343ms ago: executing program 0 (id=412):
membarrier(0x0, 0x0)

48.436009ms ago: executing program 2 (id=413):
getrandom(&(0x7f0000000000), 0x0, 0x0)

48.375954ms ago: executing program 1 (id=414):
fsync(0xffffffffffffffff)

377.771µs ago: executing program 4 (id=415):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

115.929µs ago: executing program 0 (id=416):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsu', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsu', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsu', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcsu', 0x800, 0x0)

0s ago: executing program 1 (id=417):
socket$unix(0x1, 0x1, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.117' (ED25519) to the list of known hosts.
[   57.653380][ T5818] cgroup: Unknown subsys name 'net'
[   57.841281][ T5818] cgroup: Unknown subsys name 'cpuset'
[   57.849566][ T5818] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   59.197790][ T5818] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   61.547223][ T5905] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   63.053531][ T6138] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   64.460045][ T6263] ==================================================================
[   64.460084][ T6263] BUG: KASAN: slab-use-after-free in binder_add_device+0x5f/0xa0
[   64.460144][ T6263] Write of size 8 at addr ffff888034873008 by task syz-executor/6263
[   64.460168][ T6263] 
[   64.460204][ T6263] CPU: 0 UID: 0 PID: 6263 Comm: syz-executor Not tainted 6.13.0-rc7-next-20250120-syzkaller #0
[   64.460222][ T6263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   64.460232][ T6263] Call Trace:
[   64.460239][ T6263]  <TASK>
[   64.460246][ T6263]  dump_stack_lvl+0x241/0x360
[   64.460266][ T6263]  ? __pfx_dump_stack_lvl+0x10/0x10
[   64.460282][ T6263]  ? __pfx__printk+0x10/0x10
[   64.460305][ T6263]  ? _printk+0xd5/0x120
[   64.460319][ T6263]  ? __virt_addr_valid+0x183/0x530
[   64.460340][ T6263]  ? __virt_addr_valid+0x183/0x530
[   64.460361][ T6263]  print_report+0x169/0x550
[   64.460384][ T6263]  ? __virt_addr_valid+0x183/0x530
[   64.460405][ T6263]  ? __virt_addr_valid+0x183/0x530
[   64.460425][ T6263]  ? __virt_addr_valid+0x45f/0x530
[   64.460443][ T6263]  ? __phys_addr+0xba/0x170
[   64.460464][ T6263]  ? binder_add_device+0x5f/0xa0
[   64.460483][ T6263]  kasan_report+0x143/0x180
[   64.460505][ T6263]  ? binder_add_device+0x5f/0xa0
[   64.460528][ T6263]  binder_add_device+0x5f/0xa0
[   64.460547][ T6263]  binderfs_binder_device_create+0x7bf/0x9c0
[   64.460579][ 
** replaying previous printk message **
[   64.460579][ T6263]  binderfs_fill_super+0x944/0xd90
[   64.460601][ T6263]  ? __pfx_binderfs_fill_super+0x10/0x10
[   64.460629][ T6263]  ? shrinker_register+0x160/0x230
[   64.460649][ T6263]  ? sget_fc+0x909/0x9c0
[   64.460669][ T6263]  ? __pfx_set_anon_super_fc+0x10/0x10
[   64.460699][ T6263]  ? __pfx_binderfs_fill_super+0x10/0x10
[   64.460717][ T6263]  get_tree_nodev+0xb7/0x140
[   64.460738][ T6263]  vfs_get_tree+0x90/0x2b0
[   64.460759][ T6263]  do_new_mount+0x2be/0xb40
[   64.460777][ T6263]  ? __pfx_do_new_mount+0x10/0x10
[   64.460796][ T6263]  __se_sys_mount+0x2d6/0x3c0
[   64.460812][ T6263]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   64.460834][ T6263]  ? __pfx___se_sys_mount+0x10/0x10
[   64.460850][ T6263]  ? exc_page_fault+0x590/0x8b0
[   64.460871][ T6263]  ? __x64_sys_mount+0x20/0xc0
[   64.460888][ T6263]  do_syscall_64+0xf3/0x230
[   64.460910][ T6263]  ? clear_bhb_loop+0x35/0x90
[   64.460932][ T6263]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.460958][ T6263] RIP: 0033:0x7fa47ab874ca
[   64.460977][ T6263] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   64.460990][ T6263] RSP: 002b:00007ffd3514d6b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   64.461009][ T6263] RAX: ffffffffffffffda RBX: 00007fa47ac01ecb RCX: 00007fa47ab874ca
[   64.461021][ T6263] RDX: 00007fa47ac0ec27 RSI: 00007fa47ac01ecb RDI: 00007fa47ac0ec27
[   64.461032][ T6263] RBP: 00007ffd3514d730 R08: 0000000000000000 R09: 0000000000000000
[   64.461043][ T6263] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd3514d730
[   64.461054][ T6263] R13: 00007ffd3514d738 R14: 0000000000000009 R15: 0000000000000000
[   64.461070][ T6263]  </TASK>
[   64.461076][ T6263] 
[   64.461397][ T6263] Allocated by task 5830:
[   64.461416][ T6263]  kasan_save_track+0x3f/0x80
[   64.461445][ T6263]  __kasan_kmalloc+0x98/0xb0
[   64.461474][ T6263]  __kmalloc_cache_noprof+0x243/0x390
[   64.461500][ T6263]  binderfs_binder_device_create+0x16c/0x9c0
[   64.461528][ T6263]  binderfs_fill_super+0x944/0xd90
[   64.461555][ T6263]  get_tree_nodev+0xb7/0x140
[   64.461582][ T6263]  vfs_get_tree+0x90/0x2b0
[   64.461610][ T6263]  do_new_mount+0x2be/0xb40
[   64.461634][ T6263]  __se_sys_mount+0x2d6/0x3c0
[   64.461658][ T6263]  do_syscall_64+0xf3/0x230
[   64.461696][ T6263]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.461725][ T6263] 
[   64.461739][ T6263] Freed by task 5830:
[   64.461756][ T6263]  kasan_save_track+0x3f/0x80
[   64.461784][ T6263]  kasan_save_free_info+0x40/0x50
[   64.461811][ T6263]  __kasan_slab_free+0x59/0x70
[   64.461839][ T6263]  kfree+0x196/0x430
[   64.461862][ T6263]  evict+0x4e8/0x9a0
[   64.461889][ T6263]  __dentry_kill+0x20d/0x630
[   64.461914][ T6263]  shrink_kill+0xa9/0x2c0
[   64.461939][ T6263]  shrink_dentry_list+0x2c0/0x5b0
[   64.461965][ T6263]  shrink_dcache_parent+0xcb/0x3b0
[   64.461991][ T6263]  do_one_tree+0x23/0xe0
[   64.462017][ T6263]  shrink_dcache_for_umount+0xb4/0x180
[   64.462043][ T6263]  generic_shutdown_super+0x6a/0x2d0
[   64.462070][ T6263]  kill_litter_super+0x76/0xb0
[   64.462097][ T6263]  binderfs_kill_super+0x44/0x90
[   64.462124][ T6263]  deactivate_locked_super+0xc4/0x130
[   64.462150][ T6263]  cleanup_mnt+0x41f/0x4b0
[   64.462176][ T6263]  task_work_run+0x24f/0x310
[   64.462207][ T6263]  do_exit+0xa2a/0x28e0
[   64.462234][ T6263]  do_group_exit+0x207/0x2c0
[   64.462262][ T6263]  get_signal+0x16b2/0x1750
[   64.462285][ T6263]  arch_do_signal_or_restart+0x96/0x860
[   64.462313][ T6263]  syscall_exit_to_user_mode+0xce/0x340
[   64.462342][ T6263]  do_syscall_64+0x100/0x230
[   64.462372][ T6263]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.462401][ T6263] 
[   64.462415][ T6263] The buggy address belongs to the object at ffff888034873000
[   64.462415][ T6263]  which belongs to the cache kmalloc-512 of size 512
[   64.462438][ T6263] The buggy address is located 8 bytes inside of
[   64.462438][ T6263]  freed 512-byte region [ffff888034873000, ffff888034873200)
[   64.462463][ T6263] 
[   64.462477][ T6263] The buggy address belongs to the physical page:
[   64.462495][ T6263] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34870
[   64.462528][ T6263] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   64.462552][ T6263] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   64.462582][ T6263] page_type: f5(slab)
[   64.462606][ T6263] raw: 00fff00000000040 ffff88801ac41c80 0000000000000000 dead000000000001
[   64.462629][ T6263] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   64.462653][ T6263] head: 00fff00000000040 ffff88801ac41c80 0000000000000000 dead000000000001
[   64.462677][ T6263] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   64.462709][ T6263] head: 00fff00000000002 ffffea0000d21c01 ffffffffffffffff 0000000000000000
[   64.462732][ T6263] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   64.462750][ T6263] page dumped because: kasan: bad access detected
[   64.462773][ T6263] page_owner tracks the page as allocated
[   64.462789][ T6263] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5206, tgid 5206 (udevd), ts 22798178323, free_ts 22750142691
[   64.462828][ T6263]  post_alloc_hook+0x1f4/0x240
[   64.462855][ T6263]  get_page_from_freelist+0x365c/0x37a0
[   64.462883][ T6263]  __alloc_frozen_pages_noprof+0x292/0x710
[   64.462912][ T6263]  alloc_pages_mpol+0x311/0x660
[   64.462936][ T6263]  allocate_slab+0x8f/0x3a0
[   64.462964][ T6263]  ___slab_alloc+0xc27/0x14a0
[   64.462990][ T6263]  __slab_alloc+0x58/0xa0
[   64.463016][ T6263]  __kmalloc_cache_noprof+0x27b/0x390
[   64.463041][ T6263]  kernfs_fop_open+0x3e0/0xd10
[   64.463068][ T6263]  do_dentry_open+0xdec/0x1960
[   64.463092][ T6263]  vfs_open+0x3b/0x370
[   64.463115][ T6263]  path_openat+0x2c81/0x3590
[   64.463143][ T6263]  do_filp_open+0x27f/0x4e0
[   64.463170][ T6263]  do_sys_openat2+0x13e/0x1d0
[   64.463194][ T6263]  __x64_sys_openat+0x247/0x2a0
[   64.463219][ T6263]  do_syscall_64+0xf3/0x230
[   64.463249][ T6263] page last free pid 5220 tgid 5220 stack trace:
[   64.463268][ T6263]  free_frozen_pages+0xe0d/0x10e0
[   64.463295][ T6263]  __put_partials+0x160/0x1c0
[   64.463322][ T6263]  put_cpu_partial+0x17c/0x250
[   64.463350][ T6263]  __slab_free+0x290/0x380
[   64.463378][ T6263]  qlist_free_all+0x9a/0x140
[   64.463406][ T6263]  kasan_quarantine_reduce+0x14f/0x170
[   64.463435][ T6263]  __kasan_slab_alloc+0x23/0x80
[   64.463463][ T6263]  kmem_cache_alloc_noprof+0x1d9/0x380
[   64.463488][ T6263]  getname_flags+0xb7/0x540
[   64.463512][ T6263]  do_sys_openat2+0xd2/0x1d0
[   64.463537][ T6263]  __x64_sys_openat+0x247/0x2a0
[   64.463561][ T6263]  do_syscall_64+0xf3/0x230
[   64.463591][ T6263]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.463619][ T6263] 
[   64.463633][ T6263] Memory state around the buggy address:
[   64.463652][ T6263]  ffff888034872f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.463672][ T6263]  ffff888034872f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.463699][ T6263] >ffff888034873000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.463717][ T6263]                       ^
[   64.463735][ T6263]  ffff888034873080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.463754][ T6263]  ffff888034873100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.463771][ T6263] ==================================================================
[   64.591478][ T6264] syz-executor: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[   64.591759][ T6264] CPU: 1 UID: 0 PID: 6264 Comm: syz-executor Not tainted 6.13.0-rc7-next-20250120-syzkaller #0
[   64.591777][ T6264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   64.591787][ T6264] Call Trace:
[   64.591794][ T6264]  <TASK>
[   64.591801][ T6264]  dump_stack_lvl+0x241/0x360
[   64.591825][ T6264]  ? __pfx_dump_stack_lvl+0x10/0x10
[   64.591842][ T6264]  ? __pfx__printk+0x10/0x10
[   64.591869][ T6264]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[   64.591887][ T6264]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[   64.591907][ T6264]  warn_alloc+0x278/0x410
[   64.591932][ T6264]  ? __pfx_warn_alloc+0x10/0x10
[   64.591957][ T6264]  ? kcov_ioctl+0x56/0x640
[   64.591975][ T6264]  ? __get_vm_area_node+0x1c8/0x2d0
[   64.591994][ T6264]  ? __get_vm_area_node+0x25c/0x2d0
[   64.592017][ T6264]  __vmalloc_node_range_noprof+0x62f/0x1380
[   64.592059][ T6264]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[   64.592088][ T6264]  vmalloc_user_noprof+0x74/0x80
[   64.592108][ T6264]  ? kcov_ioctl+0x56/0x640
[   64.592126][ T6264]  kcov_ioctl+0x56/0x640
[   64.592146][ T6264]  ? __pfx_kcov_ioctl+0x10/0x10
[   64.592166][ T6264]  __se_sys_ioctl+0xf5/0x170
[   64.592189][ T6264]  do_syscall_64+0xf3/0x230
[   64.592212][ T6264]  ? clear_bhb_loop+0x35/0x90
[   64.592235][ T6264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.592254][ T6264] RIP: 0033:0x7fe12bb8592b
[   64.592271][ T6264] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   64.592284][ T6264] RSP: 002b:00007ffd194eae10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   64.592301][ T6264] RAX: ffffffffffffffda RBX: 0000000000100000 RCX: 00007fe12bb8592b
[   64.592313][ T6264] RDX: 0000000000100000 RSI: ffffffff80086301 RDI: 00000000000000d7
[   64.592324][ T6264] RBP: 00007fe12bd75f40 R08: 00000000000000dd R09: 0000000000000000
[   64.592334][ T6264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   64.592344][ T6264] R13: 0000000000000006 R14: 0000000000000009 R15: 0000000000000000
[   64.592366][ T6264]  </TASK>
[   64.592380][ T6264] Mem-Info:
[   64.592698][ T6264] active_anon:7661 inactive_anon:0 isolated_anon:0
[   64.592698][ T6264]  active_file:3662 inactive_file:38252 isolated_file:0
[   64.592698][ T6264]  unevictable:768 dirty:1018 writeback:0
[   64.592698][ T6264]  slab_reclaimable:8963 slab_unreclaimable:82856
[   64.592698][ T6264]  mapped:11282 shmem:5493 pagetables:516
[   64.592698][ T6264]  sec_pagetables:0 bounce:0
[   64.592698][ T6264]  kernel_misc_reclaimable:0
[   64.592698][ T6264]  free:1415430 free_pcp:1194 free_cma:0
[   64.592758][ T6264] Node 0 active_anon:30644kB inactive_anon:0kB active_file:14648kB inactive_file:152936kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:45128kB dirty:4064kB writeback:0kB shmem:20436kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9304kB pagetables:2064kB sec_pagetables:0kB all_unreclaimable? no
[   64.592817][ T6264] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[   64.592875][ T6264] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   64.592939][ T6264] lowmem_reserve[]: 0 2491 2491 0 0
[   64.593015][ T6264] Node 0 DMA32 free:1734592kB boost:0kB min:34184kB low:42728kB high:51272kB reserved_highatomic:0KB active_anon:30608kB inactive_anon:0kB active_file:14648kB inactive_file:152352kB unevictable:1536kB writepending:4060kB present:3129332kB managed:2550944kB mlocked:0kB bounce:0kB free_pcp:4776kB local_pcp:3180kB free_cma:0kB
[   64.593080][ T6264] lowmem_reserve[]: 0 0 0 0 0
[   64.593154][ T6264] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:584kB unevictable:0kB writepending:4kB present:1048580kB managed:620kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   64.593217][ T6264] lowmem_reserve[]: 0 0 0 0 0
[   64.593291][ T6264] Node 1 Normal free:3911768kB boost:0kB min:55708kB low:69632kB high:83556kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:8kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[   64.593355][ T6264] lowmem_reserve[]: 0 0 0 0 0
[   64.593435][ T6264] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[   64.593604][ T6264] Node 0 DMA32: 1*4kB (M) 1*8kB (M) 2*16kB (E) 5*32kB (UE) 3*64kB (UE) 5*128kB (UE) 1*256kB (U) 1*512kB (M) 2*1024kB (ME) 1*2048kB (E) 422*4096kB (M) = 1734412kB
[   64.593878][ T6264] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[   64.594051][ T6264] Node 1 Normal: 188*4kB (UE) 49*8kB (UME) 40*16kB (UME) 207*32kB (UME) 94*64kB (UME) 34*128kB (UME) 15*256kB (UM) 6*512kB (UM) 1*1024kB (M) 1*2048kB (U) 948*4096kB (ME) = 3911768kB
[   64.594331][ T6264] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   64.594359][ T6264] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   64.594387][ T6264] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[   64.594414][ T6264] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[   64.594451][ T6264] 47433 total pagecache pages
[   64.594476][ T6264] 0 pages in swap cache
[   64.594496][ T6264] Free swap  = 124996kB
[   64.594520][ T6264] Total swap = 124996kB
[   64.594541][ T6264] 2097051 pages RAM
[   64.594560][ T6264] 0 pages HighMem/MovableOnly
[   64.594581][ T6264] 427529 pages reserved
[   64.594600][ T6264] 0 pages cma reserved
[   64.602583][ T6263] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   65.922360][ T6263] CPU: 1 UID: 0 PID: 6263 Comm: syz-executor Not tainted 6.13.0-rc7-next-20250120-syzkaller #0
[   65.932859][ T6263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   65.943427][ T6263] Call Trace:
[   65.946705][ T6263]  <TASK>
[   65.949632][ T6263]  dump_stack_lvl+0x241/0x360
[   65.954331][ T6263]  ? __pfx_dump_stack_lvl+0x10/0x10
[   65.959562][ T6263]  ? __pfx__printk+0x10/0x10
[   65.964332][ T6263]  ? preempt_schedule+0xe1/0xf0
[   65.969309][ T6263]  ? vscnprintf+0x5d/0x90
[   65.973638][ T6263]  panic+0x349/0x880
[   65.977535][ T6263]  ? check_panic_on_warn+0x21/0xb0
[   65.982900][ T6263]  ? __pfx_panic+0x10/0x10
[   65.987327][ T6263]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   65.993372][ T6263]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   65.999739][ T6263]  ? print_report+0x502/0x550
[   66.004531][ T6263]  check_panic_on_warn+0x86/0xb0
[   66.009474][ T6263]  ? binder_add_device+0x5f/0xa0
[   66.014412][ T6263]  end_report+0x77/0x160
[   66.018658][ T6263]  kasan_report+0x154/0x180
[   66.023177][ T6263]  ? binder_add_device+0x5f/0xa0
[   66.028145][ T6263]  binder_add_device+0x5f/0xa0
[   66.032935][ T6263]  binderfs_binder_device_create+0x7bf/0x9c0
[   66.038920][ T6263]  binderfs_fill_super+0x944/0xd90
[   66.044033][ T6263]  ? __pfx_binderfs_fill_super+0x10/0x10
[   66.049755][ T6263]  ? shrinker_register+0x160/0x230
[   66.054861][ T6263]  ? sget_fc+0x909/0x9c0
[   66.059106][ T6263]  ? __pfx_set_anon_super_fc+0x10/0x10
[   66.064557][ T6263]  ? __pfx_binderfs_fill_super+0x10/0x10
[   66.070179][ T6263]  get_tree_nodev+0xb7/0x140
[   66.074765][ T6263]  vfs_get_tree+0x90/0x2b0
[   66.079287][ T6263]  do_new_mount+0x2be/0xb40
[   66.083985][ T6263]  ? __pfx_do_new_mount+0x10/0x10
[   66.089010][ T6263]  __se_sys_mount+0x2d6/0x3c0
[   66.094030][ T6263]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   66.100108][ T6263]  ? __pfx___se_sys_mount+0x10/0x10
[   66.105334][ T6263]  ? exc_page_fault+0x590/0x8b0
[   66.110214][ T6263]  ? __x64_sys_mount+0x20/0xc0
[   66.115150][ T6263]  do_syscall_64+0xf3/0x230
[   66.119656][ T6263]  ? clear_bhb_loop+0x35/0x90
[   66.124363][ T6263]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   66.130372][ T6263] RIP: 0033:0x7fa47ab874ca
[   66.134817][ T6263] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   66.154508][ T6263] RSP: 002b:00007ffd3514d6b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   66.162918][ T6263] RAX: ffffffffffffffda RBX: 00007fa47ac01ecb RCX: 00007fa47ab874ca
[   66.170890][ T6263] RDX: 00007fa47ac0ec27 RSI: 00007fa47ac01ecb RDI: 00007fa47ac0ec27
[   66.178855][ T6263] RBP: 00007ffd3514d730 R08: 0000000000000000 R09: 0000000000000000
[   66.186815][ T6263] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd3514d730
[   66.194785][ T6263] R13: 00007ffd3514d738 R14: 0000000000000009 R15: 0000000000000000
[   66.202774][ T6263]  </TASK>
[   67.332896][ T6263] Shutting down cpus with NMI
[   67.338068][ T6263] Kernel Offset: disabled
[   67.342405][ T6263] Rebooting in 86400 seconds..