last executing test programs:
1.791567175s ago: executing program 1 (id=127):
readlink(&(0x7f0000000000), &(0x7f0000000000), 0x0)
1.742794215s ago: executing program 1 (id=132):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/lightnvm/control', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/lightnvm/control', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/lightnvm/control', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/lightnvm/control', 0x800, 0x0)
1.656245247s ago: executing program 1 (id=139):
set_tid_address(&(0x7f0000000000))
1.591409802s ago: executing program 1 (id=145):
syz_open_dev$vcsu(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$vcsu(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$vcsu(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$vcsu(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$vcsu(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$vcsu(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$vcsu(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$vcsu(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$vcsu(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$vcsu(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$vcsu(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$vcsu(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$vcsu(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$vcsu(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$vcsu(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$vcsu(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$vcsu(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$vcsu(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$vcsu(&(0x7f0000000500), 0x4, 0x800)
1.590869121s ago: executing program 2 (id=150):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vfio/vfio', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vfio/vfio', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vfio/vfio', 0x800, 0x0)
1.549048873s ago: executing program 1 (id=153):
getegid()
1.50445375s ago: executing program 2 (id=156):
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)
1.503843355s ago: executing program 1 (id=160):
rt_sigreturn()
1.503599024s ago: executing program 2 (id=161):
ioperm(0x0, 0x0, 0x0)
1.432057343s ago: executing program 2 (id=165):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/onlycap', 0x2, 0x0)
1.42021697s ago: executing program 2 (id=169):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/attrs', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/attrs', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/attrs', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/attrs', 0x800, 0x0)
1.355796304s ago: executing program 2 (id=173):
pause()
184.401421ms ago: executing program 5 (id=286):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs', 0x800, 0x0)
184.149906ms ago: executing program 3 (id=287):
socket$inet_dccp(0x2, 0x6, 0x0)
183.800369ms ago: executing program 0 (id=288):
socket$rds(0x15, 0x5, 0x0)
183.698845ms ago: executing program 5 (id=289):
inotify_rm_watch(0xffffffffffffffff, 0x0)
183.580647ms ago: executing program 4 (id=290):
chmod(&(0x7f0000000000), 0x0)
164.708772ms ago: executing program 3 (id=291):
set_mempolicy_home_node(0x0, 0x0, 0x0, 0x0)
157.856853ms ago: executing program 4 (id=292):
rmdir(&(0x7f0000000000))
157.636115ms ago: executing program 5 (id=293):
rt_sigaction(0x0, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000))
84.486155ms ago: executing program 0 (id=294):
delete_module(&(0x7f0000000000), 0x0)
84.362376ms ago: executing program 3 (id=295):
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
84.257796ms ago: executing program 4 (id=296):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cdrom', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cdrom', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cdrom', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cdrom', 0x800, 0x0)
84.059214ms ago: executing program 5 (id=297):
syz_open_dev$vivid(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$vivid(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$vivid(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$vivid(&(0x7f0000000100), 0x0, 0x800)
83.951714ms ago: executing program 0 (id=298):
io_getevents(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0)
83.87902ms ago: executing program 4 (id=299):
process_mrelease(0xffffffffffffffff, 0x0)
83.82281ms ago: executing program 3 (id=300):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls', 0x0, 0x0)
80.521324ms ago: executing program 5 (id=301):
writev(0xffffffffffffffff, &(0x7f0000000000), 0x0)
70.13582ms ago: executing program 0 (id=302):
fremovexattr(0xffffffffffffffff, &(0x7f0000000000))
9.495532ms ago: executing program 4 (id=303):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs', 0x800, 0x0)
9.339359ms ago: executing program 3 (id=304):
mq_timedsend(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0)
9.270939ms ago: executing program 5 (id=305):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vndbinder', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vndbinder', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vndbinder', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vndbinder', 0x800, 0x0)
9.125113ms ago: executing program 0 (id=306):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/relabel', 0x2, 0x0)
9.059ms ago: executing program 4 (id=307):
inotify_init1(0x0)
5.256984ms ago: executing program 3 (id=308):
syz_open_dev$ircomm(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$ircomm(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$ircomm(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$ircomm(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$ircomm(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$ircomm(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$ircomm(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$ircomm(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$ircomm(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$ircomm(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$ircomm(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$ircomm(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$ircomm(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$ircomm(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$ircomm(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$ircomm(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$ircomm(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$ircomm(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$ircomm(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$ircomm(&(0x7f0000000500), 0x4, 0x800)
0s ago: executing program 0 (id=309):
fgetxattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0)
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.10.40' (ED25519) to the list of known hosts.
[ 81.238111][ T5817] cgroup: Unknown subsys name 'net'
[ 81.356043][ T5817] cgroup: Unknown subsys name 'cpuset'
[ 81.365001][ T5817] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 82.924252][ T5817] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 87.339007][ T6086] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 88.261660][ T6162] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 88.270264][ T6162] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 88.280558][ T6162] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 88.293262][ T6162] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 88.301175][ T6162] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 88.308723][ T6162] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 88.506923][ T6159] ==================================================================
[ 88.515042][ T6159] BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0
[ 88.522812][ T6159] Write of size 8 at addr ffff88803123a408 by task syz-executor/6159
[ 88.530905][ T6159]
[ 88.533243][ T6159] CPU: 1 UID: 0 PID: 6159 Comm: syz-executor Not tainted 6.13.0-syzkaller-08890-g13845bdc869f #0
[ 88.533286][ T6159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 88.533308][ T6159] Call Trace:
[ 88.533319][ T6159]
[ 88.533332][ T6159] dump_stack_lvl+0x116/0x1f0
[ 88.533379][ T6159] print_report+0xc3/0x620
[ 88.533438][ T6159] ? srso_alias_return_thunk+0x5/0xfbef5
[ 88.533499][ T6159] ? srso_alias_return_thunk+0x5/0xfbef5
[ 88.533559][ T6159] ? __phys_addr+0xc6/0x150
[ 88.533599][ T6159] kasan_report+0xd9/0x110
[ 88.533657][ T6159] ? binder_add_device+0xa4/0xb0
[ 88.533699][ T6159] ? binder_add_device+0xa4/0xb0
[ 88.533742][ T6159] binder_add_device+0xa4/0xb0
[ 88.533780][ T6159] binderfs_binder_device_create.isra.0+0x95f/0xb70
[ 88.533839][ T6159] binderfs_fill_super+0x8d6/0x1360
[ 88.533892][ T6159] ? __pfx_binderfs_fill_super+0x10/0x10
[ 88.533941][ T6159] ? srso_alias_return_thunk+0x5/0xfbef5
[ 88.534016][ T6159] ? shrinker_register+0x1a8/0x260
[ 88.534064][ T6159] ? srso_alias_return_thunk+0x5/0xfbef5
[ 88.534129][ T6159] ? sget_fc+0x808/0xc20
[ 88.534177][ T6159] ? apparmor_capable+0x114/0x1d0
[ 88.534235][ T6159] ? __pfx_set_anon_super_fc+0x10/0x10
[ 88.534281][ T6159] ? __pfx_binderfs_fill_super+0x10/0x10
[ 88.534330][ T6159] get_tree_nodev+0xdd/0x190
[ 88.534381][ T6159] vfs_get_tree+0x8e/0x340
[ 88.534422][ T6159] path_mount+0x14e6/0x1f10
[ 88.534481][ T6159] ? srso_alias_return_thunk+0x5/0xfbef5
[ 88.534541][ T6159] ? kmem_cache_free+0x2e2/0x4d0
[ 88.534595][ T6159] ? __pfx_path_mount+0x10/0x10
[ 88.534654][ T6159] ? srso_alias_return_thunk+0x5/0xfbef5
[ 88.534714][ T6159] ? putname+0x13c/0x180
[ 88.534751][ T6159] __x64_sys_mount+0x28f/0x310
[ 88.534809][ T6159] ? __pfx___x64_sys_mount+0x10/0x10
[ 88.534874][ T6159] do_syscall_64+0xcd/0x250
[ 88.534920][ T6159] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.534974][ T6159] RIP: 0033:0x7f257bb8e4ca
[ 88.535001][ T6159] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 88.535036][ T6159] RSP: 002b:00007f257becff68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 88.535070][ T6159] RAX: ffffffffffffffda RBX: 00007f257bc0e663 RCX: 00007f257bb8e4ca
[ 88.535100][ T6159] RDX: 00007f257bc1dd57 RSI: 00007f257bc0e663 RDI: 00007f257bc1dd57
[ 88.535124][ T6159] RBP: 00007f257bc0e85b R08: 0000000000000000 R09: 0000000000000100
[ 88.535148][ T6159] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f257bbeb1c8
[ 88.535171][ T6159] R13: 00007f257bbeb1a8 R14: 0000000000000009 R15: 0000000000000000
[ 88.535205][ T6159]
[ 88.535217][ T6159]
[ 88.796501][ T6159] Allocated by task 5829:
[ 88.800944][ T6159] kasan_save_stack+0x33/0x60
[ 88.805743][ T6159] kasan_save_track+0x14/0x30
[ 88.810451][ T6159] __kasan_kmalloc+0xaa/0xb0
[ 88.815070][ T6159] binderfs_binder_device_create.isra.0+0x17a/0xb70
[ 88.821691][ T6159] binderfs_fill_super+0x8d6/0x1360
[ 88.826917][ T6159] get_tree_nodev+0xdd/0x190
[ 88.831533][ T6159] vfs_get_tree+0x8e/0x340
[ 88.835966][ T6159] path_mount+0x14e6/0x1f10
[ 88.840499][ T6159] __x64_sys_mount+0x28f/0x310
[ 88.845295][ T6159] do_syscall_64+0xcd/0x250
[ 88.849824][ T6159] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.855745][ T6159]
[ 88.858069][ T6159] Freed by task 5829:
[ 88.862055][ T6159] kasan_save_stack+0x33/0x60
[ 88.866766][ T6159] kasan_save_track+0x14/0x30
[ 88.871472][ T6159] kasan_save_free_info+0x3b/0x60
[ 88.876518][ T6159] __kasan_slab_free+0x51/0x70
[ 88.881319][ T6159] kfree+0x2c4/0x4d0
[ 88.885239][ T6159] binderfs_evict_inode+0x1e0/0x250
[ 88.890458][ T6159] evict+0x40c/0x960
[ 88.894367][ T6159] iput+0x52a/0x890
[ 88.898276][ T6159] dentry_unlink_inode+0x29c/0x480
[ 88.903402][ T6159] __dentry_kill+0x1d0/0x600
[ 88.908354][ T6159] shrink_dentry_list+0x140/0x5d0
[ 88.913400][ T6159] shrink_dcache_parent+0xe2/0x530
[ 88.918532][ T6159] shrink_dcache_for_umount+0xa1/0x3e0
[ 88.924015][ T6159] generic_shutdown_super+0x6c/0x390
[ 88.929324][ T6159] kill_litter_super+0x70/0xa0
[ 88.934111][ T6159] binderfs_kill_super+0x3b/0xa0
[ 88.939071][ T6159] deactivate_locked_super+0xc1/0x1a0
[ 88.944468][ T6159] deactivate_super+0xde/0x100
[ 88.949339][ T6159] cleanup_mnt+0x222/0x450
[ 88.953778][ T6159] task_work_run+0x151/0x250
[ 88.958393][ T6159] do_exit+0xad8/0x2d70
[ 88.962568][ T6159] do_group_exit+0xd3/0x2a0
[ 88.967091][ T6159] get_signal+0x24ed/0x26c0
[ 88.971633][ T6159] arch_do_signal_or_restart+0x90/0x7e0
[ 88.977197][ T6159] syscall_exit_to_user_mode+0x150/0x2a0
[ 88.982850][ T6159] do_syscall_64+0xda/0x250
[ 88.987376][ T6159] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.993299][ T6159]
[ 88.995624][ T6159] The buggy address belongs to the object at ffff88803123a400
[ 88.995624][ T6159] which belongs to the cache kmalloc-512 of size 512
[ 89.009859][ T6159] The buggy address is located 8 bytes inside of
[ 89.009859][ T6159] freed 512-byte region [ffff88803123a400, ffff88803123a600)
[ 89.023580][ T6159]
[ 89.025906][ T6159] The buggy address belongs to the physical page:
[ 89.032313][ T6159] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31238
[ 89.041088][ T6159] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 89.049597][ T6159] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 89.057152][ T6159] page_type: f5(slab)
[ 89.061148][ T6159] raw: 00fff00000000040 ffff88801b041c80 dead000000000122 0000000000000000
[ 89.069746][ T6159] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 89.078343][ T6159] head: 00fff00000000040 ffff88801b041c80 dead000000000122 0000000000000000
[ 89.087025][ T6159] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 89.095895][ T6159] head: 00fff00000000002 ffffea0000c48e01 ffffffffffffffff 0000000000000000
[ 89.104579][ T6159] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 89.113252][ T6159] page dumped because: kasan: bad access detected
[ 89.119878][ T6159] page_owner tracks the page as allocated
[ 89.125600][ T6159] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5829, tgid 5829 (syz-executor), ts 85172942640, free_ts 85071287907
[ 89.146993][ T6159] post_alloc_hook+0x181/0x1b0
[ 89.151964][ T6159] get_page_from_freelist+0xfce/0x2f80
[ 89.157469][ T6159] __alloc_frozen_pages_noprof+0x221/0x2470
[ 89.163398][ T6159] alloc_pages_mpol+0x1fc/0x540
[ 89.168303][ T6159] new_slab+0x23d/0x330
[ 89.172496][ T6159] ___slab_alloc+0xc5d/0x1720
[ 89.177200][ T6159] __slab_alloc.constprop.0+0x56/0xb0
[ 89.182599][ T6159] __kmalloc_cache_noprof+0xfa/0x410
[ 89.187921][ T6159] rxrpc_alloc_peer+0x93/0x440
[ 89.192715][ T6159] rxrpc_service_prealloc_one+0xb4f/0xef0
[ 89.198466][ T6159] rxrpc_kernel_charge_accept+0xd7/0x120
[ 89.204129][ T6159] afs_charge_preallocation+0xce/0x330
[ 89.209618][ T6159] afs_open_socket+0x2b3/0x380
[ 89.214412][ T6159] afs_net_init+0x95d/0xc60
[ 89.218937][ T6159] ops_init+0x1e2/0x5f0
[ 89.223206][ T6159] setup_net+0x21f/0x860
[ 89.227480][ T6159] page last free pid 5833 tgid 5833 stack trace:
[ 89.233818][ T6159] free_frozen_pages+0x6db/0xfb0
[ 89.238881][ T6159] __put_partials+0x14c/0x170
[ 89.243583][ T6159] qlist_free_all+0x4e/0x120
[ 89.248200][ T6159] kasan_quarantine_reduce+0x195/0x1e0
[ 89.253864][ T6159] __kasan_slab_alloc+0x69/0x90
[ 89.258835][ T6159] __kmalloc_node_track_caller_noprof+0x1d3/0x510
[ 89.265284][ T6159] memdup_user+0x2a/0xd0
[ 89.269547][ T6159] strndup_user+0x78/0xe0
[ 89.273984][ T6159] __x64_sys_mount+0x181/0x310
[ 89.278877][ T6159] do_syscall_64+0xcd/0x250
[ 89.283403][ T6159] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.289326][ T6159]
[ 89.291681][ T6159] Memory state around the buggy address:
[ 89.297324][ T6159] ffff88803123a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 89.305392][ T6159] ffff88803123a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 89.313464][ T6159] >ffff88803123a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.321529][ T6159] ^
[ 89.325862][ T6159] ffff88803123a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.333932][ T6159] ffff88803123a500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.342004][ T6159] ==================================================================
[ 89.350200][ C1] vkms_vblank_simulate: vblank timer overrun
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 89.823232][ T6159] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[ 89.830996][ T6159] CPU: 0 UID: 0 PID: 6159 Comm: syz-executor Not tainted 6.13.0-syzkaller-08890-g13845bdc869f #0
[ 89.841526][ T6159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 89.851615][ T6159] Call Trace:
[ 89.854910][ T6159]
[ 89.857857][ T6159] dump_stack_lvl+0x3d/0x1f0
[ 89.862487][ T6159] panic+0x71d/0x800
[ 89.866423][ T6159] ? __pfx_panic+0x10/0x10
[ 89.870966][ T6159] ? lockdep_hardirqs_on+0x7c/0x110
[ 89.876199][ T6159] ? srso_alias_return_thunk+0x5/0xfbef5
[ 89.881890][ T6159] ? srso_alias_return_thunk+0x5/0xfbef5
[ 89.887576][ T6159] ? preempt_schedule_common+0x44/0xc0
[ 89.893071][ T6159] ? srso_alias_return_thunk+0x5/0xfbef5
[ 89.898765][ T6159] ? preempt_schedule_thunk+0x1a/0x30
[ 89.904190][ T6159] end_report+0x169/0x180
[ 89.908582][ T6159] kasan_report+0xe9/0x110
[ 89.913055][ T6159] ? binder_add_device+0xa4/0xb0
[ 89.918038][ T6159] ? binder_add_device+0xa4/0xb0
[ 89.923022][ T6159] binder_add_device+0xa4/0xb0
[ 89.927910][ T6159] binderfs_binder_device_create.isra.0+0x95f/0xb70
[ 89.934550][ T6159] binderfs_fill_super+0x8d6/0x1360
[ 89.939802][ T6159] ? __pfx_binderfs_fill_super+0x10/0x10
[ 89.945479][ T6159] ? srso_alias_return_thunk+0x5/0xfbef5
[ 89.951189][ T6159] ? shrinker_register+0x1a8/0x260
[ 89.956352][ T6159] ? srso_alias_return_thunk+0x5/0xfbef5
[ 89.962044][ T6159] ? sget_fc+0x808/0xc20
[ 89.966341][ T6159] ? apparmor_capable+0x114/0x1d0
[ 89.971420][ T6159] ? __pfx_set_anon_super_fc+0x10/0x10
[ 89.976923][ T6159] ? __pfx_binderfs_fill_super+0x10/0x10
[ 89.982600][ T6159] get_tree_nodev+0xdd/0x190
[ 89.987243][ T6159] vfs_get_tree+0x8e/0x340
[ 89.991699][ T6159] path_mount+0x14e6/0x1f10
[ 89.996257][ T6159] ? srso_alias_return_thunk+0x5/0xfbef5
[ 90.001946][ T6159] ? kmem_cache_free+0x2e2/0x4d0
[ 90.006937][ T6159] ? __pfx_path_mount+0x10/0x10
[ 90.011854][ T6159] ? srso_alias_return_thunk+0x5/0xfbef5
[ 90.017584][ T6159] ? putname+0x13c/0x180
[ 90.021862][ T6159] __x64_sys_mount+0x28f/0x310
[ 90.026945][ T6159] ? __pfx___x64_sys_mount+0x10/0x10
[ 90.032299][ T6159] do_syscall_64+0xcd/0x250
[ 90.036875][ T6159] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 90.042854][ T6159] RIP: 0033:0x7f257bb8e4ca
[ 90.047286][ T6159] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 90.067012][ T6159] RSP: 002b:00007f257becff68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 90.075462][ T6159] RAX: ffffffffffffffda RBX: 00007f257bc0e663 RCX: 00007f257bb8e4ca
[ 90.083459][ T6159] RDX: 00007f257bc1dd57 RSI: 00007f257bc0e663 RDI: 00007f257bc1dd57
[ 90.091464][ T6159] RBP: 00007f257bc0e85b R08: 0000000000000000 R09: 0000000000000100
[ 90.099897][ T6159] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f257bbeb1c8
[ 90.107901][ T6159] R13: 00007f257bbeb1a8 R14: 0000000000000009 R15: 0000000000000000
[ 90.116033][ T6159]
[ 90.119412][ T6159] Kernel Offset: disabled
[ 90.123754][ T6159] Rebooting in 86400 seconds..