last executing test programs:
429.671204ms ago: executing program 1 (id=476):
setgroups(0x0, &(0x7f0000000000))
428.855882ms ago: executing program 1 (id=480):
epoll_wait(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
380.204095ms ago: executing program 1 (id=485):
socket$inet6_udplite(0xa, 0x2, 0x88)
327.906223ms ago: executing program 1 (id=492):
socket$hf(0x13, 0x2, 0x0)
326.588922ms ago: executing program 4 (id=496):
socket$nl_audit(0x10, 0x3, 0x9)
268.557594ms ago: executing program 4 (id=501):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hpet', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hpet', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hpet', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hpet', 0x800, 0x0)
268.283555ms ago: executing program 2 (id=503):
socket$nl_sock_diag(0x10, 0x3, 0x4)
268.203969ms ago: executing program 4 (id=504):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp1', 0x800, 0x0)
220.132976ms ago: executing program 1 (id=507):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio1', 0x800, 0x0)
220.033176ms ago: executing program 2 (id=509):
dup2(0xffffffffffffffff, 0xffffffffffffffff)
216.608015ms ago: executing program 2 (id=511):
sigaltstack(&(0x7f0000000000), 0x0)
194.435814ms ago: executing program 0 (id=513):
name_to_handle_at(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0)
148.413929ms ago: executing program 2 (id=514):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/user', 0x2, 0x0)
148.250517ms ago: executing program 3 (id=515):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyprintk', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyprintk', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyprintk', 0x800, 0x0)
148.17674ms ago: executing program 0 (id=516):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/timer', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/timer', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/timer', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/timer', 0x800, 0x0)
148.092524ms ago: executing program 2 (id=517):
fdatasync(0xffffffffffffffff)
147.979929ms ago: executing program 0 (id=518):
io_getevents(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0)
147.677897ms ago: executing program 3 (id=519):
rename(&(0x7f0000000000), &(0x7f0000000000))
138.730778ms ago: executing program 2 (id=520):
pause()
134.288315ms ago: executing program 3 (id=521):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/create', 0x2, 0x0)
80.457673ms ago: executing program 0 (id=522):
listxattr(&(0x7f0000000000), &(0x7f0000000000), 0x0)
80.351493ms ago: executing program 0 (id=523):
getpgrp(0x0)
80.291202ms ago: executing program 3 (id=524):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/socket/zygote', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/socket/zygote', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/socket/zygote', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/socket/zygote', 0x800, 0x0)
61.564413ms ago: executing program 0 (id=525):
syz_init_net_socket$bt_cmtp(0x1f, 0x3, 0x5)
61.401723ms ago: executing program 3 (id=526):
clone(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000))
exit(0x0)
51.939842ms ago: executing program 4 (id=527):
socket$isdn_base(0x22, 0x3, 0x0)
385.879µs ago: executing program 4 (id=528):
syz_open_dev$ircomm(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$ircomm(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$ircomm(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$ircomm(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$ircomm(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$ircomm(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$ircomm(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$ircomm(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$ircomm(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$ircomm(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$ircomm(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$ircomm(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$ircomm(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$ircomm(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$ircomm(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$ircomm(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$ircomm(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$ircomm(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$ircomm(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$ircomm(&(0x7f0000000500), 0x4, 0x800)
216.788µs ago: executing program 3 (id=529):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse', 0x2, 0x0)
109.183µs ago: executing program 1 (id=530):
fsync(0xffffffffffffffff)
0s ago: executing program 4 (id=531):
poll(&(0x7f0000000000), 0x0, 0x0)
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.1.86' (ED25519) to the list of known hosts.
[ 51.682793][ T29] audit: type=1400 audit(1738139884.607:88): avc: denied { mounton } for pid=5804 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 51.686955][ T5804] cgroup: Unknown subsys name 'net'
[ 51.706002][ T29] audit: type=1400 audit(1738139884.607:89): avc: denied { mount } for pid=5804 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 51.733881][ T29] audit: type=1400 audit(1738139884.637:90): avc: denied { unmount } for pid=5804 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 51.945245][ T5804] cgroup: Unknown subsys name 'cpuset'
[ 51.952982][ T5804] cgroup: Unknown subsys name 'rlimit'
[ 52.060747][ T29] audit: type=1400 audit(1738139884.977:91): avc: denied { setattr } for pid=5804 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 52.091892][ T29] audit: type=1400 audit(1738139884.977:92): avc: denied { create } for pid=5804 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 52.114190][ T29] audit: type=1400 audit(1738139884.977:93): avc: denied { write } for pid=5804 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 52.135037][ T29] audit: type=1400 audit(1738139884.977:94): avc: denied { read } for pid=5804 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 52.155985][ T29] audit: type=1400 audit(1738139884.977:95): avc: denied { mounton } for pid=5804 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 52.181224][ T29] audit: type=1400 audit(1738139884.977:96): avc: denied { mount } for pid=5804 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 52.183558][ T5806] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 52.204940][ T29] audit: type=1400 audit(1738139885.017:97): avc: denied { read } for pid=5486 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 53.181899][ T5804] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 56.751369][ T29] kauditd_printk_skb: 82 callbacks suppressed
[ 56.751384][ T29] audit: type=1400 audit(1738139889.667:180): avc: denied { read } for pid=6156 comm="syz.3.329" name="mouse0" dev="devtmpfs" ino=996 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[ 56.845424][ T29] audit: type=1400 audit(1738139889.667:181): avc: denied { open } for pid=6156 comm="syz.3.329" path="/dev/input/mouse0" dev="devtmpfs" ino=996 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[ 56.869492][ C0] vkms_vblank_simulate: vblank timer overrun
[ 56.940168][ T29] audit: type=1400 audit(1738139889.667:182): avc: denied { write } for pid=6156 comm="syz.3.329" name="mouse0" dev="devtmpfs" ino=996 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[ 57.031887][ T29] audit: type=1400 audit(1738139889.757:183): avc: denied { create } for pid=6161 comm="syz.0.333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 57.051133][ C0] vkms_vblank_simulate: vblank timer overrun
[ 57.122392][ T29] audit: type=1400 audit(1738139889.757:184): avc: denied { create } for pid=6165 comm="syz.4.338" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 57.185031][ T29] audit: type=1400 audit(1738139889.767:185): avc: denied { read } for pid=6167 comm="syz.3.339" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[ 57.257099][ T29] audit: type=1400 audit(1738139889.767:186): avc: denied { open } for pid=6167 comm="syz.3.339" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[ 57.328570][ T29] audit: type=1400 audit(1738139889.767:187): avc: denied { write } for pid=6167 comm="syz.3.339" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[ 57.352609][ C0] vkms_vblank_simulate: vblank timer overrun
[ 57.451908][ T29] audit: type=1400 audit(1738139889.797:188): avc: denied { read } for pid=6169 comm="syz.2.341" name="btrfs-control" dev="devtmpfs" ino=1309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[ 57.553815][ T29] audit: type=1400 audit(1738139889.797:189): avc: denied { open } for pid=6169 comm="syz.2.341" path="/dev/btrfs-control" dev="devtmpfs" ino=1309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[ 57.835283][ T6312] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 58.586245][ T6365] ==================================================================
[ 58.594515][ T6365] BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0
[ 58.602238][ T6365] Write of size 8 at addr ffff88801298a408 by task syz-executor/6365
[ 58.602255][ T6365]
[ 58.602272][ T6365] CPU: 0 UID: 0 PID: 6365 Comm: syz-executor Not tainted 6.13.0-syzkaller-09338-g05dbaf8dd8bf #0
[ 58.602289][ T6365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 58.602298][ T6365] Call Trace:
[ 58.602304][ T6365]
[ 58.602310][ T6365] dump_stack_lvl+0x116/0x1f0
[ 58.602336][ T6365] print_report+0xc3/0x620
[ 58.602353][ T6365] ? __virt_addr_valid+0x5e/0x590
[ 58.602369][ T6365] ? __phys_addr+0xc6/0x150
[ 58.602387][ T6365] kasan_report+0xd9/0x110
[ 58.602404][ T6365] ? binder_add_device+0xa4/0xb0
[ 58.602420][ T6365] ? binder_add_device+0xa4/0xb0
[ 58.602439][ T6365] binder_add_device+0xa4/0xb0
[ 58.602457][ T6365] binderfs_binder_device_create.isra.0+0x95f/0xb70
[ 58.602483][ T6365] binderfs_fill_super+0x8d6/0x1360
[ 58.602506][ T6365] ? __pfx_binderfs_fill_super+0x10/0x10
[ 58.602534][ T6365] ? shrinker_register+0x1a8/0x260
[ 58.602558][ T6365] ? sget_fc+0x808/0xc20
[ 58.602581][ T6365] ? __pfx_set_anon_super_fc+0x10/0x10
[ 58.602609][ T6365] ? __pfx_binderfs_fill_super+0x10/0x10
[ 58.602628][ T6365] get_tree_nodev+0xda/0x190
[ 58.602653][ T6365] vfs_get_tree+0x8b/0x340
[ 58.602673][ T6365] path_mount+0x14e6/0x1f10
[ 58.602692][ T6365] ? kmem_cache_free+0x2e2/0x4d0
[ 58.602708][ T6365] ? __pfx_path_mount+0x10/0x10
[ 58.602726][ T6365] ? putname+0x13c/0x180
[ 58.602746][ T6365] __x64_sys_mount+0x28f/0x310
[ 58.602764][ T6365] ? __pfx___x64_sys_mount+0x10/0x10
[ 58.602785][ T6365] do_syscall_64+0xcd/0x250
[ 58.602804][ T6365] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 58.602828][ T6365] RIP: 0033:0x7f561638e54a
[ 58.602847][ T6365] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 58.602865][ T6365] RSP: 002b:00007ffe31d47cb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 58.602882][ T6365] RAX: ffffffffffffffda RBX: 00007f561640e663 RCX: 00007f561638e54a
[ 58.602894][ T6365] RDX: 00007f561641dda7 RSI: 00007f561640e663 RDI: 00007f561641dda7
[ 58.602905][ T6365] RBP: 00007f561640e8ac R08: 0000000000000000 R09: 00000000000001ff
[ 58.602916][ T6365] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f56163eb1a8
[ 58.602927][ T6365] R13: 00007f56163eb180 R14: 0000000000000009 R15: 0000000000000000
[ 58.602942][ T6365]
[ 58.602948][ T6365]
[ 58.679872][ T6364] syz-executor: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null)
[ 58.683722][ T6365] Allocated by task 5818:
[ 58.683733][ T6365] kasan_save_stack+0x33/0x60
[ 58.683751][ T6365] kasan_save_track+0x14/0x30
[ 58.683764][ T6365] __kasan_kmalloc+0xaa/0xb0
[ 58.683776][ T6365] binderfs_binder_device_create.isra.0+0x17a/0xb70
[ 58.683796][ T6365] binderfs_fill_super+0x8d6/0x1360
[ 58.683812][ T6365] get_tree_nodev+0xda/0x190
[ 58.683832][ T6365] vfs_get_tree+0x8b/0x340
[ 58.706602][ T6364] ,cpuset=
[ 58.709362][ T6365] path_mount+0x14e6/0x1f10
[ 58.742319][ T6364] /
[ 58.742434][ T6365] __x64_sys_mount+0x28f/0x310
[ 58.747240][ T6364] ,mems_allowed=0-1
[ 58.752486][ T6365] do_syscall_64+0xcd/0x250
[ 58.752506][ T6365] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 58.752526][ T6365]
[ 58.752530][ T6365] Freed by task 5818:
[ 58.752538][ T6365] kasan_save_stack+0x33/0x60
[ 58.752551][ T6365] kasan_save_track+0x14/0x30
[ 58.752563][ T6365] kasan_save_free_info+0x3b/0x60
[ 58.752582][ T6365] __kasan_slab_free+0x51/0x70
[ 58.802120][ T6364]
[ 58.803288][ T6365] kfree+0x2c4/0x4d0
[ 58.811244][ T6364] CPU: 1 UID: 0 PID: 6364 Comm: syz-executor Not tainted 6.13.0-syzkaller-09338-g05dbaf8dd8bf #0
[ 58.811265][ T6364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 58.811275][ T6364] Call Trace:
[ 58.811281][ T6364]
[ 58.811288][ T6364] dump_stack_lvl+0x16c/0x1f0
[ 58.811311][ T6364] warn_alloc+0x24d/0x3a0
[ 58.811331][ T6364] ? __pfx_warn_alloc+0x10/0x10
[ 58.811356][ T6364] ? __get_vm_area_node+0x1b0/0x2f0
[ 58.811379][ T6364] ? __get_vm_area_node+0x1dc/0x2f0
[ 58.811407][ T6364] __vmalloc_node_range_noprof+0x1102/0x1530
[ 58.811431][ T6364] ? __pfx_do_vfs_ioctl+0x10/0x10
[ 58.811460][ T6364] ? kcov_ioctl+0x4c/0x730
[ 58.811489][ T6364] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 58.811520][ T6364] ? kcov_ioctl+0x4c/0x730
[ 58.811544][ T6364] vmalloc_user_noprof+0x6b/0x90
[ 58.811568][ T6364] ? kcov_ioctl+0x4c/0x730
[ 58.811590][ T6364] kcov_ioctl+0x4c/0x730
[ 58.811613][ T6364] ? __pfx_kcov_ioctl+0x10/0x10
[ 58.811638][ T6364] __x64_sys_ioctl+0x190/0x200
[ 58.811661][ T6364] do_syscall_64+0xcd/0x250
[ 58.811682][ T6364] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 58.811704][ T6364] RIP: 0033:0x7f1f4138c9ab
[ 58.811719][ T6364] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 58.811734][ T6364] RSP: 002b:00007ffdab039fe0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 58.811750][ T6364] RAX: ffffffffffffffda RBX: 0000000000100000 RCX: 00007f1f4138c9ab
[ 58.811761][ T6364] RDX: 0000000000100000 RSI: ffffffff80086301 RDI: 00000000000000d7
[ 58.811772][ T6364] RBP: 00007f1f415a5f40 R08: 00000000000000dd R09: 0000000000000000
[ 58.811787][ T6364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 58.811798][ T6364] R13: 0000000000000006 R14: 0000000000000009 R15: 0000000000000000
[ 58.811818][ T6364]
[ 58.811824][ T6364] Mem-Info:
[ 58.819206][ T6365] binderfs_evict_inode+0x1e0/0x250
[ 58.819225][ T6365] evict+0x409/0x960
[ 58.819239][ T6365] iput+0x52a/0x890
[ 58.819253][ T6365] dentry_unlink_inode+0x29c/0x480
[ 58.819269][ T6365] __dentry_kill+0x1d0/0x600
[ 58.819284][ T6365] shrink_dentry_list+0x140/0x5d0
[ 58.819301][ T6365] shrink_dcache_parent+0xe2/0x530
[ 58.819320][ T6365] shrink_dcache_for_umount+0xa1/0x3e0
[ 58.882188][ T6364] active_anon:3492 inactive_anon:0 isolated_anon:0
[ 58.882188][ T6364] active_file:505 inactive_file:38541 isolated_file:0
[ 58.882188][ T6364] unevictable:768 dirty:15 writeback:0
[ 58.882188][ T6364] slab_reclaimable:10032 slab_unreclaimable:84763
[ 58.882188][ T6364] mapped:8335 shmem:1416 pagetables:532
[ 58.882188][ T6364] sec_pagetables:0 bounce:0
[ 58.882188][ T6364] kernel_misc_reclaimable:0
[ 58.882188][ T6364] free:1412190 free_pcp:2632 free_cma:0
[ 58.886111][ T6365] generic_shutdown_super+0x6c/0x390
[ 58.890691][ T6364] Node 0 active_anon:13968kB inactive_anon:0kB active_file:2020kB inactive_file:154096kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:33340kB dirty:60kB writeback:0kB shmem:4128kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:9208kB pagetables:2128kB sec_pagetables:0kB all_unreclaimable? no
[ 58.895070][ T6365] kill_litter_super+0x70/0xa0
[ 58.895090][ T6365] binderfs_kill_super+0x3b/0xa0
[ 58.895106][ T6365] deactivate_locked_super+0xbe/0x1a0
[ 58.895125][ T6365] deactivate_super+0xde/0x100
[ 58.895144][ T6365] cleanup_mnt+0x222/0x450
[ 59.287856][ T6365] task_work_run+0x14e/0x250
[ 59.292437][ T6365] do_exit+0xad8/0x2d70
[ 59.296573][ T6365] do_group_exit+0xd3/0x2a0
[ 59.301054][ T6365] get_signal+0x24ed/0x26c0
[ 59.305553][ T6365] arch_do_signal_or_restart+0x90/0x7e0
[ 59.311080][ T6365] syscall_exit_to_user_mode+0x150/0x2a0
[ 59.316696][ T6365] do_syscall_64+0xda/0x250
[ 59.321183][ T6365] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.327070][ T6365]
[ 59.329373][ T6365] The buggy address belongs to the object at ffff88801298a400
[ 59.329373][ T6365] which belongs to the cache kmalloc-512 of size 512
[ 59.343403][ T6365] The buggy address is located 8 bytes inside of
[ 59.343403][ T6365] freed 512-byte region [ffff88801298a400, ffff88801298a600)
[ 59.357017][ T6365]
[ 59.359328][ T6365] The buggy address belongs to the physical page:
[ 59.365748][ T6365] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12988
[ 59.374505][ T6365] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 59.382992][ T6365] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 59.390887][ T6365] page_type: f5(slab)
[ 59.394864][ T6365] raw: 00fff00000000040 ffff88801b041c80 ffffea0000de7000 0000000000000003
[ 59.403439][ T6365] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 59.412007][ T6365] head: 00fff00000000040 ffff88801b041c80 ffffea0000de7000 0000000000000003
[ 59.420661][ T6365] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 59.429314][ T6365] head: 00fff00000000002 ffffea00004a6201 ffffffffffffffff 0000000000000000
[ 59.437970][ T6365] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 59.446615][ T6365] page dumped because: kasan: bad access detected
[ 59.453021][ T6365] page_owner tracks the page as allocated
[ 59.458728][ T6365] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5818, tgid 5818 (syz-executor), ts 54841917419, free_ts 54781672551
[ 59.480171][ T6365] post_alloc_hook+0x181/0x1b0
[ 59.484931][ T6365] get_page_from_freelist+0xfce/0x2f80
[ 59.490371][ T6365] __alloc_frozen_pages_noprof+0x221/0x2470
[ 59.496248][ T6365] alloc_pages_mpol+0x1fc/0x540
[ 59.501079][ T6365] new_slab+0x23d/0x330
[ 59.505221][ T6365] ___slab_alloc+0xc5d/0x1720
[ 59.509881][ T6365] __slab_alloc.constprop.0+0x56/0xb0
[ 59.515237][ T6365] __kmalloc_cache_noprof+0xfa/0x410
[ 59.520523][ T6365] rxrpc_alloc_peer+0x93/0x440
[ 59.525278][ T6365] rxrpc_service_prealloc_one+0xb4f/0xef0
[ 59.530985][ T6365] rxrpc_kernel_charge_accept+0xd7/0x120
[ 59.536621][ T6365] afs_charge_preallocation+0xce/0x330
[ 59.542065][ T6365] afs_open_socket+0x2b3/0x380
[ 59.546834][ T6365] afs_net_init+0x95d/0xc60
[ 59.551322][ T6365] ops_init+0x1df/0x5f0
[ 59.555461][ T6365] setup_net+0x21f/0x860
[ 59.559687][ T6365] page last free pid 5192 tgid 5192 stack trace:
[ 59.566021][ T6365] free_frozen_pages+0x6db/0xfb0
[ 59.570950][ T6365] __put_partials+0x14c/0x170
[ 59.575611][ T6365] qlist_free_all+0x4e/0x120
[ 59.580188][ T6365] kasan_quarantine_reduce+0x195/0x1e0
[ 59.585632][ T6365] __kasan_slab_alloc+0x69/0x90
[ 59.590459][ T6365] kmem_cache_alloc_noprof+0x226/0x3d0
[ 59.595897][ T6365] getname_flags.part.0+0x4c/0x550
[ 59.600989][ T6365] getname+0x8d/0xe0
[ 59.604874][ T6365] vfs_fstatat+0xdf/0xf0
[ 59.609098][ T6365] __do_sys_newfstatat+0x98/0x120
[ 59.614102][ T6365] do_syscall_64+0xcd/0x250
[ 59.618584][ T6365] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.624467][ T6365]
[ 59.626766][ T6365] Memory state around the buggy address:
[ 59.632388][ T6365] ffff88801298a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 59.640424][ T6365] ffff88801298a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 59.648473][ T6365] >ffff88801298a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.656509][ T6365] ^
[ 59.660813][ T6365] ffff88801298a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.668850][ T6365] ffff88801298a500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 59.676884][ T6365] ==================================================================
[ 59.685014][ C0] vkms_vblank_simulate: vblank timer overrun
[ 59.693367][ T6364] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[ 59.723446][ C0] vkms_vblank_simulate: vblank timer overrun
[ 59.746828][ T6365] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 59.754051][ T6365] CPU: 0 UID: 0 PID: 6365 Comm: syz-executor Not tainted 6.13.0-syzkaller-09338-g05dbaf8dd8bf #0
[ 59.764556][ T6365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 59.774615][ T6365] Call Trace:
[ 59.777896][ T6365]
[ 59.780828][ T6365] dump_stack_lvl+0x3d/0x1f0
[ 59.785439][ T6365] panic+0x71d/0x800
[ 59.789345][ T6365] ? __pfx_panic+0x10/0x10
[ 59.794033][ T6365] ? irqentry_exit+0x3b/0x90
[ 59.798630][ T6365] ? lockdep_hardirqs_on+0x7c/0x110
[ 59.803844][ T6365] ? preempt_schedule_thunk+0x1a/0x30
[ 59.809235][ T6365] ? preempt_schedule_common+0x44/0xc0
[ 59.814718][ T6365] ? check_panic_on_warn+0x1f/0xb0
[ 59.819857][ T6365] check_panic_on_warn+0xab/0xb0
[ 59.824812][ T6365] end_report+0x117/0x180
[ 59.829158][ T6365] kasan_report+0xe9/0x110
[ 59.833587][ T6365] ? binder_add_device+0xa4/0xb0
[ 59.838537][ T6365] ? binder_add_device+0xa4/0xb0
[ 59.843486][ T6365] binder_add_device+0xa4/0xb0
[ 59.848261][ T6365] binderfs_binder_device_create.isra.0+0x95f/0xb70
[ 59.854871][ T6365] binderfs_fill_super+0x8d6/0x1360
[ 59.860159][ T6365] ? __pfx_binderfs_fill_super+0x10/0x10
[ 59.865805][ T6365] ? shrinker_register+0x1a8/0x260
[ 59.870928][ T6365] ? sget_fc+0x808/0xc20
[ 59.875182][ T6365] ? __pfx_set_anon_super_fc+0x10/0x10
[ 59.880651][ T6365] ? __pfx_binderfs_fill_super+0x10/0x10
[ 59.886292][ T6365] get_tree_nodev+0xda/0x190
[ 59.890929][ T6365] vfs_get_tree+0x8b/0x340
[ 59.895348][ T6365] path_mount+0x14e6/0x1f10
[ 59.899848][ T6365] ? kmem_cache_free+0x2e2/0x4d0
[ 59.904784][ T6365] ? __pfx_path_mount+0x10/0x10
[ 59.909633][ T6365] ? putname+0x13c/0x180
[ 59.913885][ T6365] __x64_sys_mount+0x28f/0x310
[ 59.918647][ T6365] ? __pfx___x64_sys_mount+0x10/0x10
[ 59.923940][ T6365] do_syscall_64+0xcd/0x250
[ 59.928451][ T6365] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.934358][ T6365] RIP: 0033:0x7f561638e54a
[ 59.938772][ T6365] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 59.958381][ T6365] RSP: 002b:00007ffe31d47cb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 59.966778][ T6365] RAX: ffffffffffffffda RBX: 00007f561640e663 RCX: 00007f561638e54a
[ 59.974731][ T6365] RDX: 00007f561641dda7 RSI: 00007f561640e663 RDI: 00007f561641dda7
[ 59.982688][ T6365] RBP: 00007f561640e8ac R08: 0000000000000000 R09: 00000000000001ff
[ 59.990662][ T6365] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f56163eb1a8
[ 59.998630][ T6365] R13: 00007f56163eb180 R14: 0000000000000009 R15: 0000000000000000
[ 60.006597][ T6365]
[ 60.009818][ T6365] Kernel Offset: disabled
[ 60.014121][ T6365] Rebooting in 86400 seconds..