last executing test programs:

787.57667ms ago: executing program 4 (id=75):
fchown(0xffffffffffffffff, 0x0, 0x0)

780.922055ms ago: executing program 4 (id=79):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot', 0x800, 0x0)

652.860815ms ago: executing program 4 (id=92):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/logging', 0x2, 0x0)

652.38703ms ago: executing program 4 (id=96):
inotify_init()

604.162105ms ago: executing program 0 (id=99):
syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$evdev(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$evdev(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$evdev(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$evdev(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$evdev(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$evdev(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$evdev(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$evdev(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$evdev(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$evdev(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$evdev(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$evdev(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$evdev(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$evdev(&(0x7f0000000500), 0x4, 0x800)

603.644892ms ago: executing program 4 (id=103):
creat(&(0x7f0000000000), 0x0)

603.351365ms ago: executing program 1 (id=104):
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000000))

554.909741ms ago: executing program 0 (id=106):
timerfd_gettime(0xffffffffffffffff, &(0x7f0000000000))

554.763388ms ago: executing program 1 (id=107):
sync()

468.098846ms ago: executing program 0 (id=112):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sr0', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sr0', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sr0', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sr0', 0x800, 0x0)

400.365732ms ago: executing program 0 (id=115):
listen(0xffffffffffffffff, 0x0)

399.666777ms ago: executing program 0 (id=118):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/access', 0x2, 0x0)

348.308367ms ago: executing program 0 (id=122):
io_cancel(0x0, &(0x7f0000000000), &(0x7f0000000000))

195.942786ms ago: executing program 3 (id=129):
restart_syscall()

195.564339ms ago: executing program 4 (id=105):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhci', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhci', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci', 0x800, 0x0)

195.250544ms ago: executing program 2 (id=131):
process_vm_readv(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0, 0x0)

181.028889ms ago: executing program 3 (id=132):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/img-rogue', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/img-rogue', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/img-rogue', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/img-rogue', 0x800, 0x0)

180.865322ms ago: executing program 2 (id=133):
syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$dri(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$dri(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$dri(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$dri(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$dri(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$dri(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$dri(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$dri(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$dri(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$dri(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$dri(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$dri(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$dri(&(0x7f0000000500), 0x4, 0x800)

171.871611ms ago: executing program 1 (id=134):
setns(0xffffffffffffffff, 0x0)

88.349566ms ago: executing program 1 (id=135):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ubi_ctrl', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ubi_ctrl', 0x800, 0x0)

87.969029ms ago: executing program 3 (id=136):
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000000), 0x0)

87.581843ms ago: executing program 3 (id=138):
syz_open_dev$amidi(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$amidi(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$amidi(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$amidi(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$amidi(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$amidi(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$amidi(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$amidi(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$amidi(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$amidi(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$amidi(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$amidi(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$amidi(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$amidi(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$amidi(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$amidi(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$amidi(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$amidi(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$amidi(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$amidi(&(0x7f0000000500), 0x4, 0x800)

87.433815ms ago: executing program 2 (id=139):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vndbinder', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vndbinder', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vndbinder', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vndbinder', 0x800, 0x0)

86.951035ms ago: executing program 1 (id=140):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/uverbs0', 0x2, 0x0)

68.851869ms ago: executing program 2 (id=141):
socket$nl_rdma(0x10, 0x3, 0x14)

48.66385ms ago: executing program 3 (id=142):
socket$phonet(0x23, 0x2, 0x1)

356.322µs ago: executing program 1 (id=143):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1', 0x800, 0x0)

247.115µs ago: executing program 2 (id=144):
shmat(0x0, 0x0, 0x0)

90.534µs ago: executing program 2 (id=145):
setresuid(0x0, 0x0, 0x0)

0s ago: executing program 3 (id=146):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0', 0x2, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.71' (ED25519) to the list of known hosts.
[   59.267467][ T5819] cgroup: Unknown subsys name 'net'
[   59.394318][ T5819] cgroup: Unknown subsys name 'cpuset'
[   59.402607][ T5819] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   60.713025][ T5819] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   63.852178][ T5966] ==================================================================
[   63.860328][ T5966] BUG: KASAN: slab-use-after-free in binder_add_device+0x5f/0xa0
[   63.868091][ T5966] Write of size 8 at addr ffff888075673808 by task syz-executor/5966
[   63.876173][ T5966] 
[   63.878529][ T5966] CPU: 1 UID: 0 PID: 5966 Comm: syz-executor Not tainted 6.13.0-syzkaller-09196-gcd45f362fc1f #0
[   63.878550][ T5966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   63.878564][ T5966] Call Trace:
[   63.878571][ T5966]  <TASK>
[   63.878578][ T5966]  dump_stack_lvl+0x241/0x360
[   63.878600][ T5966]  ? __pfx_dump_stack_lvl+0x10/0x10
[   63.878616][ T5966]  ? __pfx__printk+0x10/0x10
[   63.878640][ T5966]  ? _printk+0xd5/0x120
[   63.878662][ T5966]  ? __virt_addr_valid+0x183/0x530
[   63.878684][ T5966]  ? __virt_addr_valid+0x183/0x530
[   63.878706][ T5966]  print_report+0x169/0x550
[   63.878729][ T5966]  ? __virt_addr_valid+0x183/0x530
[   63.878750][ T5966]  ? __virt_addr_valid+0x183/0x530
[   63.878770][ T5966]  ? __virt_addr_valid+0x45f/0x530
[   63.878790][ T5966]  ? __phys_addr+0xba/0x170
[   63.878810][ T5966]  ? binder_add_device+0x5f/0xa0
[   63.878829][ T5966]  kasan_report+0x143/0x180
[   63.878853][ T5966]  ? binder_add_device+0x5f/0xa0
[   63.878874][ T5966]  binder_add_device+0x5f/0xa0
[   63.878893][ T5966]  binderfs_binder_device_create+0x7bf/0x9c0
[   63.878916][ T5966]  binderfs_fill_super+0x944/0xd90
[   63.878937][ T5966]  ? __pfx_binderfs_fill_super+0x10/0x10
[   63.878963][ T5966]  ? shrinker_register+0x160/0x230
[   63.878982][ T5966]  ? sget_fc+0x909/0x9c0
[   63.879001][ T5966]  ? __pfx_set_anon_super_fc+0x10/0x10
[   63.879020][ T5966]  ? __pfx_binderfs_fill_super+0x10/0x10
[   63.879038][ T5966]  get_tree_nodev+0xb7/0x140
[   63.879058][ T5966]  vfs_get_tree+0x90/0x2b0
[   63.879080][ T5966]  do_new_mount+0x2be/0xb40
[   63.879097][ T5966]  ? __pfx_do_new_mount+0x10/0x10
[   63.879116][ T5966]  __se_sys_mount+0x2d6/0x3c0
[   63.879134][ T5966]  ? __pfx___se_sys_mount+0x10/0x10
[   63.879151][ T5966]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[   63.879174][ T5966]  ? __ia32_sys_mount+0x20/0xc0
[   63.879190][ T5966]  __do_fast_syscall_32+0xb4/0x110
[   63.879209][ T5966]  ? exc_page_fault+0x590/0x8b0
[   63.879228][ T5966]  do_fast_syscall_32+0x34/0x80
[   63.879257][ T5966]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   63.879280][ T5966] RIP: 0023:0xf7f65579
[   63.879299][ T5966] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[   63.879312][ T5966] RSP: 002b:00000000fff09b50 EFLAGS: 00000206 ORIG_RAX: 0000000000000015
[   63.879329][ T5966] RAX: ffffffffffffffda RBX: 00000000f7284aa1 RCX: 00000000f72754b3
[   63.879340][ T5966] RDX: 00000000f7284aa1 RSI: 0000000000000000 RDI: 0000000000000000
[   63.879349][ T5966] RBP: 0000000057c8f414 R08: 0000000000000000 R09: 0000000000000000
[   63.879358][ T5966] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[   63.879367][ T5966] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   63.879379][ T5966]  </TASK>
[   63.879385][ T5966] 
[   64.155563][ T5966] Allocated by task 5948:
[   64.159911][ T5966]  kasan_save_track+0x3f/0x80
[   64.164722][ T5966]  __kasan_kmalloc+0x98/0xb0
[   64.169476][ T5966]  __kmalloc_cache_noprof+0x243/0x390
[   64.174878][ T5966]  binderfs_binder_device_create+0x16c/0x9c0
[   64.180884][ T5966]  binderfs_fill_super+0x944/0xd90
[   64.186031][ T5966]  get_tree_nodev+0xb7/0x140
[   64.190646][ T5966]  vfs_get_tree+0x90/0x2b0
[   64.195182][ T5966]  do_new_mount+0x2be/0xb40
[   64.199711][ T5966]  __se_sys_mount+0x2d6/0x3c0
[   64.204438][ T5966]  __do_fast_syscall_32+0xb4/0x110
[   64.209593][ T5966]  do_fast_syscall_32+0x34/0x80
[   64.214476][ T5966]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   64.220835][ T5966] 
[   64.223184][ T5966] Freed by task 5948:
[   64.227189][ T5966]  kasan_save_track+0x3f/0x80
[   64.232042][ T5966]  kasan_save_free_info+0x40/0x50
[   64.237096][ T5966]  __kasan_slab_free+0x59/0x70
[   64.241900][ T5966]  kfree+0x196/0x430
[   64.245947][ T5966]  evict+0x4e8/0x9a0
[   64.250046][ T5966]  __dentry_kill+0x20d/0x630
[   64.254666][ T5966]  shrink_kill+0xa9/0x2c0
[   64.259027][ T5966]  shrink_dentry_list+0x2c0/0x5b0
[   64.264080][ T5966]  shrink_dcache_parent+0xcb/0x3b0
[   64.269419][ T5966]  do_one_tree+0x23/0xe0
[   64.273698][ T5966]  shrink_dcache_for_umount+0xb4/0x180
[   64.279279][ T5966]  generic_shutdown_super+0x6a/0x2d0
[   64.285032][ T5966]  kill_litter_super+0x76/0xb0
[   64.289831][ T5966]  binderfs_kill_super+0x44/0x90
[   64.294797][ T5966]  deactivate_locked_super+0xc4/0x130
[   64.300201][ T5966]  cleanup_mnt+0x41f/0x4b0
[   64.304732][ T5966]  task_work_run+0x24f/0x310
[   64.309453][ T5966]  do_exit+0xa2a/0x28e0
[   64.314178][ T5966]  do_group_exit+0x207/0x2c0
[   64.318980][ T5966]  get_signal+0x16b2/0x1750
[   64.323708][ T5966]  arch_do_signal_or_restart+0x96/0x860
[   64.329543][ T5966]  syscall_exit_to_user_mode+0xce/0x340
[   64.335300][ T5966]  __do_fast_syscall_32+0xc4/0x110
[   64.340455][ T5966]  do_fast_syscall_32+0x34/0x80
[   64.345369][ T5966]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   64.351727][ T5966] 
[   64.354163][ T5966] The buggy address belongs to the object at ffff888075673800
[   64.354163][ T5966]  which belongs to the cache kmalloc-512 of size 512
[   64.368251][ T5966] The buggy address is located 8 bytes inside of
[   64.368251][ T5966]  freed 512-byte region [ffff888075673800, ffff888075673a00)
[   64.381977][ T5966] 
[   64.384314][ T5966] The buggy address belongs to the physical page:
[   64.390750][ T5966] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75670
[   64.399541][ T5966] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   64.408058][ T5966] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   64.416078][ T5966] page_type: f5(slab)
[   64.420078][ T5966] raw: 00fff00000000040 ffff88801ac41c80 0000000000000000 dead000000000001
[   64.428690][ T5966] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   64.437291][ T5966] head: 00fff00000000040 ffff88801ac41c80 0000000000000000 dead000000000001
[   64.446450][ T5966] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   64.455137][ T5966] head: 00fff00000000002 ffffea0001d59c01 ffffffffffffffff 0000000000000000
[   64.463851][ T5966] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   64.472538][ T5966] page dumped because: kasan: bad access detected
[   64.478973][ T5966] page_owner tracks the page as allocated
[   64.484792][ T5966] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5221, tgid 5221 (udevadm), ts 27521922677, free_ts 27101390868
[   64.506879][ T5966]  post_alloc_hook+0x1f4/0x240
[   64.511671][ T5966]  get_page_from_freelist+0x365c/0x37a0
[   64.517249][ T5966]  __alloc_frozen_pages_noprof+0x292/0x710
[   64.523174][ T5966]  alloc_pages_mpol+0x311/0x660
[   64.528045][ T5966]  allocate_slab+0x8f/0x3a0
[   64.532585][ T5966]  ___slab_alloc+0xc27/0x14a0
[   64.537295][ T5966]  __slab_alloc+0x58/0xa0
[   64.541658][ T5966]  __kmalloc_cache_noprof+0x27b/0x390
[   64.547145][ T5966]  kernfs_fop_open+0x3e0/0xd10
[   64.551973][ T5966]  do_dentry_open+0xdec/0x1960
[   64.556937][ T5966]  vfs_open+0x3b/0x370
[   64.561030][ T5966]  path_openat+0x2c74/0x3580
[   64.565734][ T5966]  do_filp_open+0x27f/0x4e0
[   64.570268][ T5966]  do_sys_openat2+0x13e/0x1d0
[   64.575059][ T5966]  __x64_sys_openat+0x247/0x2a0
[   64.579933][ T5966]  do_syscall_64+0xf3/0x230
[   64.584466][ T5966] page last free pid 5228 tgid 5228 stack trace:
[   64.590806][ T5966]  free_frozen_pages+0xe0d/0x10e0
[   64.595862][ T5966]  __slab_free+0x2c2/0x380
[   64.600309][ T5966]  qlist_free_all+0x9a/0x140
[   64.604927][ T5966]  kasan_quarantine_reduce+0x14f/0x170
[   64.610417][ T5966]  __kasan_slab_alloc+0x23/0x80
[   64.615518][ T5966]  kmem_cache_alloc_noprof+0x1d9/0x380
[   64.621174][ T5966]  getname_flags+0xb7/0x540
[   64.625700][ T5966]  do_sys_openat2+0xd2/0x1d0
[   64.630321][ T5966]  __x64_sys_openat+0x247/0x2a0
[   64.635196][ T5966]  do_syscall_64+0xf3/0x230
[   64.639733][ T5966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.645652][ T5966] 
[   64.647984][ T5966] Memory state around the buggy address:
[   64.653714][ T5966]  ffff888075673700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.661800][ T5966]  ffff888075673780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.669895][ T5966] >ffff888075673800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.678150][ T5966]                       ^
[   64.682576][ T5966]  ffff888075673880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.690644][ T5966]  ffff888075673900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.698698][ T5966] ==================================================================
[   64.707098][    C1] vkms_vblank_simulate: vblank timer overrun
[   64.723671][ T5966] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   64.730941][ T5966] CPU: 1 UID: 0 PID: 5966 Comm: syz-executor Not tainted 6.13.0-syzkaller-09196-gcd45f362fc1f #0
[   64.741558][ T5966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   64.751719][ T5966] Call Trace:
[   64.755205][ T5966]  <TASK>
[   64.758143][ T5966]  dump_stack_lvl+0x241/0x360
[   64.762822][ T5966]  ? __pfx_dump_stack_lvl+0x10/0x10
[   64.768009][ T5966]  ? __pfx__printk+0x10/0x10
[   64.772688][ T5966]  ? preempt_schedule+0xe1/0xf0
[   64.777548][ T5966]  ? vscnprintf+0x5d/0x90
[   64.781975][ T5966]  panic+0x349/0x880
[   64.785861][ T5966]  ? check_panic_on_warn+0x21/0xb0
[   64.791418][ T5966]  ? __pfx_panic+0x10/0x10
[   64.795849][ T5966]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   64.801837][ T5966]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   64.808436][ T5966]  ? print_report+0x502/0x550
[   64.813174][ T5966]  check_panic_on_warn+0x86/0xb0
[   64.818218][ T5966]  ? binder_add_device+0x5f/0xa0
[   64.823248][ T5966]  end_report+0x77/0x160
[   64.827716][ T5966]  kasan_report+0x154/0x180
[   64.832236][ T5966]  ? binder_add_device+0x5f/0xa0
[   64.837454][ T5966]  binder_add_device+0x5f/0xa0
[   64.842332][ T5966]  binderfs_binder_device_create+0x7bf/0x9c0
[   64.848435][ T5966]  binderfs_fill_super+0x944/0xd90
[   64.853658][ T5966]  ? __pfx_binderfs_fill_super+0x10/0x10
[   64.859505][ T5966]  ? shrinker_register+0x160/0x230
[   64.864914][ T5966]  ? sget_fc+0x909/0x9c0
[   64.869203][ T5966]  ? __pfx_set_anon_super_fc+0x10/0x10
[   64.874678][ T5966]  ? __pfx_binderfs_fill_super+0x10/0x10
[   64.880406][ T5966]  get_tree_nodev+0xb7/0x140
[   64.885002][ T5966]  vfs_get_tree+0x90/0x2b0
[   64.889423][ T5966]  do_new_mount+0x2be/0xb40
[   64.893914][ T5966]  ? __pfx_do_new_mount+0x10/0x10
[   64.898947][ T5966]  __se_sys_mount+0x2d6/0x3c0
[   64.903728][ T5966]  ? __pfx___se_sys_mount+0x10/0x10
[   64.908931][ T5966]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[   64.915521][ T5966]  ? __ia32_sys_mount+0x20/0xc0
[   64.920366][ T5966]  __do_fast_syscall_32+0xb4/0x110
[   64.925472][ T5966]  ? exc_page_fault+0x590/0x8b0
[   64.930316][ T5966]  do_fast_syscall_32+0x34/0x80
[   64.935201][ T5966]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   64.941526][ T5966] RIP: 0023:0xf7f65579
[   64.945586][ T5966] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[   64.965371][ T5966] RSP: 002b:00000000fff09b50 EFLAGS: 00000206 ORIG_RAX: 0000000000000015
[   64.973780][ T5966] RAX: ffffffffffffffda RBX: 00000000f7284aa1 RCX: 00000000f72754b3
[   64.981918][ T5966] RDX: 00000000f7284aa1 RSI: 0000000000000000 RDI: 0000000000000000
[   64.989893][ T5966] RBP: 0000000057c8f414 R08: 0000000000000000 R09: 0000000000000000
[   64.997946][ T5966] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[   65.005914][ T5966] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   65.013994][ T5966]  </TASK>
[   65.017316][ T5966] Kernel Offset: disabled
[   65.021645][ T5966] Rebooting in 86400 seconds..