last executing test programs:

1.32017592s ago: executing program 4 (id=57):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput', 0x800, 0x0)

1.260484071s ago: executing program 4 (id=62):
setreuid(0x0, 0x0)

1.212595115s ago: executing program 4 (id=68):
get_robust_list(0x0, &(0x7f0000000000), &(0x7f0000000000))

1.210690909s ago: executing program 4 (id=74):
open(&(0x7f0000000000), 0x0, 0x0)

1.15212083s ago: executing program 4 (id=81):
syz_open_dev$vivid(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$vivid(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$vivid(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$vivid(&(0x7f0000000100), 0x0, 0x800)

564.229948ms ago: executing program 4 (id=87):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/raw-gadget', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/raw-gadget', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/raw-gadget', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/raw-gadget', 0x800, 0x0)

291.958991ms ago: executing program 3 (id=155):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/mice', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/mice', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/input/mice', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/mice', 0x800, 0x0)

283.375932ms ago: executing program 0 (id=157):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$sndmidi(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000140), 0xa, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000180), 0xa, 0x1)
syz_open_dev$sndmidi(&(0x7f00000001c0), 0xa, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000200), 0xa, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000240), 0x14, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000280), 0x14, 0x1)
syz_open_dev$sndmidi(&(0x7f00000002c0), 0x14, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000300), 0x14, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000340), 0x1e, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000380), 0x1e, 0x1)
syz_open_dev$sndmidi(&(0x7f00000003c0), 0x1e, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000400), 0x1e, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000440), 0x28, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000480), 0x28, 0x1)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x28, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000500), 0x28, 0x800)

212.428424ms ago: executing program 0 (id=161):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/relabel-self', 0x2, 0x0)

212.247874ms ago: executing program 3 (id=163):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/keychord', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/keychord', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/keychord', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/keychord', 0x800, 0x0)

201.814152ms ago: executing program 0 (id=166):
setpriority(0x0, 0x0, 0x0)

201.591891ms ago: executing program 3 (id=167):
syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$video(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$video(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$video(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$video(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$video(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$video(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$video(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$video(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$video(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$video(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$video(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$video(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$video(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$video(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$video(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$video(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$video(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$video(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$video(&(0x7f0000000500), 0x4, 0x800)

181.859436ms ago: executing program 1 (id=168):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self', 0x800, 0x0)

124.538983ms ago: executing program 0 (id=169):
socket$packet(0x11, 0x2, 0x300)

124.261661ms ago: executing program 2 (id=170):
mbind(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0)

124.084935ms ago: executing program 2 (id=171):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/create', 0x2, 0x0)

123.287256ms ago: executing program 1 (id=172):
execveat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0)

119.677042ms ago: executing program 2 (id=173):
epoll_create1(0x0)

103.761076ms ago: executing program 2 (id=174):
socket$igmp(0x2, 0x3, 0x2)

46.316344ms ago: executing program 3 (id=175):
acct(0x0)

46.130828ms ago: executing program 1 (id=176):
syz_open_dev$vcsu(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$vcsu(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$vcsu(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$vcsu(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$vcsu(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$vcsu(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$vcsu(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$vcsu(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$vcsu(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$vcsu(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$vcsu(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$vcsu(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$vcsu(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$vcsu(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$vcsu(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$vcsu(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$vcsu(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$vcsu(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$vcsu(&(0x7f0000000500), 0x4, 0x800)

46.005048ms ago: executing program 0 (id=177):
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

45.926895ms ago: executing program 3 (id=178):
socket$pppoe(0x18, 0x1, 0x0)

45.682643ms ago: executing program 2 (id=179):
socket$phonet_pipe(0x23, 0x5, 0x2)

45.56521ms ago: executing program 0 (id=180):
syz_open_dev$admmidi(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$admmidi(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$admmidi(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$admmidi(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$admmidi(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$admmidi(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$admmidi(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$admmidi(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$admmidi(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$admmidi(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$admmidi(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$admmidi(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$admmidi(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$admmidi(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$admmidi(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$admmidi(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$admmidi(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$admmidi(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$admmidi(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$admmidi(&(0x7f0000000500), 0x4, 0x800)

45.320216ms ago: executing program 1 (id=181):
io_uring_setup(0x0, &(0x7f0000000000))

322.836µs ago: executing program 1 (id=182):
utime(&(0x7f0000000000), &(0x7f0000000000))

173.14µs ago: executing program 3 (id=183):
mlock(0x0, 0x0)

114.406µs ago: executing program 2 (id=184):
uselib(0x0)

0s ago: executing program 1 (id=185):
socket$rds(0x15, 0x5, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.7' (ED25519) to the list of known hosts.
[   58.184883][ T5819] cgroup: Unknown subsys name 'net'
[   58.335848][ T5819] cgroup: Unknown subsys name 'cpuset'
[   58.343816][ T5819] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   59.678463][ T5819] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   61.979839][ T5885] mmap: syz.1.45 (5885) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   63.376985][ T5995] ==================================================================
[   63.385107][ T5995] BUG: KASAN: slab-use-after-free in binder_add_device+0x5f/0xa0
[   63.392880][ T5995] Write of size 8 at addr ffff888145fa9008 by task syz-executor/5995
[   63.401016][ T5995] 
[   63.403410][ T5995] CPU: 0 UID: 0 PID: 5995 Comm: syz-executor Not tainted 6.13.0-syzkaller-09338-g05dbaf8dd8bf #0
[   63.403430][ T5995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   63.403444][ T5995] Call Trace:
[   63.403451][ T5995]  <TASK>
[   63.403468][ T5995]  dump_stack_lvl+0x241/0x360
[   63.403491][ T5995]  ? __pfx_dump_stack_lvl+0x10/0x10
[   63.403508][ T5995]  ? __pfx__printk+0x10/0x10
[   63.403531][ T5995]  ? _printk+0xd5/0x120
[   63.403550][ T5995]  ? __virt_addr_valid+0x183/0x530
[   63.403572][ T5995]  ? __virt_addr_valid+0x183/0x530
[   63.403594][ T5995]  print_report+0x169/0x550
[   63.403616][ T5995]  ? __virt_addr_valid+0x183/0x530
[   63.403635][ T5995]  ? __virt_addr_valid+0x183/0x530
[   63.403654][ T5995]  ? __virt_addr_valid+0x45f/0x530
[   63.403673][ T5995]  ? __phys_addr+0xba/0x170
[   63.403693][ T5995]  ? binder_add_device+0x5f/0xa0
[   63.403711][ T5995]  kasan_report+0x143/0x180
[   63.403733][ T5995]  ? binder_add_device+0x5f/0xa0
[   63.403754][ T5995]  binder_add_device+0x5f/0xa0
[   63.403772][ T5995]  binderfs_binder_device_create+0x7bf/0x9c0
[   63.403795][ T5995]  binderfs_fill_super+0x944/0xd90
[   63.403815][ T5995]  ? __pfx_binderfs_fill_super+0x10/0x10
[   63.403842][ T5995]  ? shrinker_register+0x160/0x230
[   63.403862][ T5995]  ? sget_fc+0x909/0x9c0
[   63.403881][ T5995]  ? __pfx_set_anon_super_fc+0x10/0x10
[   63.403898][ T5995]  ? __pfx_binderfs_fill_super+0x10/0x10
[   63.403914][ T5995]  get_tree_nodev+0xb7/0x140
[   63.403934][ T5995]  vfs_get_tree+0x90/0x2b0
[   63.403954][ T5995]  do_new_mount+0x2be/0xb40
[   63.403972][ T5995]  ? __pfx_do_new_mount+0x10/0x10
[   63.403991][ T5995]  __se_sys_mount+0x2d6/0x3c0
[   63.404007][ T5995]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   63.404028][ T5995]  ? __pfx___se_sys_mount+0x10/0x10
[   63.404043][ T5995]  ? do_syscall_64+0x100/0x230
[   63.404064][ T5995]  ? __x64_sys_mount+0x20/0xc0
[   63.404080][ T5995]  do_syscall_64+0xf3/0x230
[   63.404098][ T5995]  ? clear_bhb_loop+0x35/0x90
[   63.404119][ T5995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.404157][ T5995] RIP: 0033:0x7fdc80b8e54a
[   63.404188][ T5995] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   63.404201][ T5995] RSP: 002b:00007fdc80ecff68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   63.404227][ T5995] RAX: ffffffffffffffda RBX: 00007fdc80c0e663 RCX: 00007fdc80b8e54a
[   63.404239][ T5995] RDX: 00007fdc80c1dda7 RSI: 00007fdc80c0e663 RDI: 00007fdc80c1dda7
[   63.404250][ T5995] RBP: 00007fdc80c0e8ac R08: 0000000000000000 R09: 0000000000000100
[   63.404260][ T5995] R10: 0000000000000000 R11: 0000000000000246 R12: 000055557e52c4a8
[   63.404270][ T5995] R13: 00007ffe284234f8 R14: 0000000000000009 R15: 0000000000000000
[   63.404287][ T5995]  </TASK>
[   63.404293][ T5995] 
[   63.677756][ T5995] Allocated by task 5937:
[   63.682099][ T5995]  kasan_save_track+0x3f/0x80
[   63.686984][ T5995]  __kasan_kmalloc+0x98/0xb0
[   63.691688][ T5995]  __kmalloc_cache_noprof+0x243/0x390
[   63.697167][ T5995]  binderfs_binder_device_create+0x16c/0x9c0
[   63.703175][ T5995]  binderfs_fill_super+0x944/0xd90
[   63.708351][ T5995]  get_tree_nodev+0xb7/0x140
[   63.712984][ T5995]  vfs_get_tree+0x90/0x2b0
[   63.717426][ T5995]  do_new_mount+0x2be/0xb40
[   63.721950][ T5995]  __se_sys_mount+0x2d6/0x3c0
[   63.726645][ T5995]  do_syscall_64+0xf3/0x230
[   63.731174][ T5995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.737090][ T5995] 
[   63.739434][ T5995] Freed by task 5937:
[   63.743421][ T5995]  kasan_save_track+0x3f/0x80
[   63.748124][ T5995]  kasan_save_free_info+0x40/0x50
[   63.753173][ T5995]  __kasan_slab_free+0x59/0x70
[   63.757966][ T5995]  kfree+0x196/0x430
[   63.761879][ T5995]  evict+0x4e8/0x9a0
[   63.765796][ T5995]  __dentry_kill+0x20d/0x630
[   63.770414][ T5995]  shrink_kill+0xa9/0x2c0
[   63.774767][ T5995]  shrink_dentry_list+0x2c0/0x5b0
[   63.779812][ T5995]  shrink_dcache_parent+0xcb/0x3b0
[   63.784941][ T5995]  do_one_tree+0x23/0xe0
[   63.789213][ T5995]  shrink_dcache_for_umount+0xb4/0x180
[   63.795043][ T5995]  generic_shutdown_super+0x6a/0x2d0
[   63.800355][ T5995]  kill_litter_super+0x76/0xb0
[   63.805187][ T5995]  binderfs_kill_super+0x44/0x90
[   63.810150][ T5995]  deactivate_locked_super+0xc4/0x130
[   63.815574][ T5995]  cleanup_mnt+0x41f/0x4b0
[   63.820062][ T5995]  task_work_run+0x24f/0x310
[   63.824689][ T5995]  do_exit+0xa2a/0x28e0
[   63.828962][ T5995]  do_group_exit+0x207/0x2c0
[   63.833573][ T5995]  get_signal+0x16b2/0x1750
[   63.838148][ T5995]  arch_do_signal_or_restart+0x96/0x860
[   63.843723][ T5995]  syscall_exit_to_user_mode+0xce/0x340
[   63.849377][ T5995]  do_syscall_64+0x100/0x230
[   63.853989][ T5995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   63.859997][ T5995] 
[   63.862368][ T5995] The buggy address belongs to the object at ffff888145fa9000
[   63.862368][ T5995]  which belongs to the cache kmalloc-512 of size 512
[   63.876457][ T5995] The buggy address is located 8 bytes inside of
[   63.876457][ T5995]  freed 512-byte region [ffff888145fa9000, ffff888145fa9200)
[   63.890194][ T5995] 
[   63.892532][ T5995] The buggy address belongs to the physical page:
[   63.898963][ T5995] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x145fa8
[   63.907840][ T5995] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   63.916365][ T5995] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[   63.924023][ T5995] page_type: f5(slab)
[   63.928026][ T5995] raw: 057ff00000000040 ffff88801ac41c80 dead000000000100 dead000000000122
[   63.936631][ T5995] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   63.945321][ T5995] head: 057ff00000000040 ffff88801ac41c80 dead000000000100 dead000000000122
[   63.954011][ T5995] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   63.962706][ T5995] head: 057ff00000000002 ffffea000517ea01 ffffffffffffffff 0000000000000000
[   63.971484][ T5995] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   63.980254][ T5995] page dumped because: kasan: bad access detected
[   63.986779][ T5995] page_owner tracks the page as allocated
[   63.992511][ T5995] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9106211936, free_ts 0
[   64.012267][ T5995]  post_alloc_hook+0x1f4/0x240
[   64.017264][ T5995]  get_page_from_freelist+0x365c/0x37a0
[   64.022838][ T5995]  __alloc_frozen_pages_noprof+0x292/0x710
[   64.028669][ T5995]  alloc_pages_mpol+0x311/0x660
[   64.033576][ T5995]  allocate_slab+0x8f/0x3a0
[   64.038104][ T5995]  ___slab_alloc+0xc27/0x14a0
[   64.042810][ T5995]  __slab_alloc+0x58/0xa0
[   64.047158][ T5995]  __kmalloc_cache_noprof+0x27b/0x390
[   64.052554][ T5995]  device_add+0xc1/0xbf0
[   64.056814][ T5995]  platform_device_add+0x45d/0x7c0
[   64.061944][ T5995]  dummy_hcd_init+0x843/0x1080
[   64.066727][ T5995]  do_one_initcall+0x248/0x870
[   64.071518][ T5995]  do_initcall_level+0x157/0x210
[   64.076483][ T5995]  do_initcalls+0x3f/0x80
[   64.080852][ T5995]  kernel_init_freeable+0x435/0x5d0
[   64.086170][ T5995]  kernel_init+0x1d/0x2b0
[   64.090523][ T5995] page_owner free stack trace missing
[   64.096074][ T5995] 
[   64.098417][ T5995] Memory state around the buggy address:
[   64.104059][ T5995]  ffff888145fa8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.112176][ T5995]  ffff888145fa8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.120254][ T5995] >ffff888145fa9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   64.128328][ T5995]                       ^
[   64.132672][ T5995]  ffff888145fa9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.140837][ T5995]  ffff888145fa9100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.149001][ T5995] ==================================================================
[   64.196335][ T5995] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   64.203579][ T5995] CPU: 0 UID: 0 PID: 5995 Comm: syz-executor Not tainted 6.13.0-syzkaller-09338-g05dbaf8dd8bf #0
[   64.214104][ T5995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   64.224178][ T5995] Call Trace:
[   64.227470][ T5995]  <TASK>
[   64.230426][ T5995]  dump_stack_lvl+0x241/0x360
[   64.235207][ T5995]  ? __pfx_dump_stack_lvl+0x10/0x10
[   64.240423][ T5995]  ? __pfx__printk+0x10/0x10
[   64.245041][ T5995]  ? preempt_schedule+0xe1/0xf0
[   64.249922][ T5995]  ? vscnprintf+0x5d/0x90
[   64.254281][ T5995]  panic+0x349/0x880
[   64.258207][ T5995]  ? check_panic_on_warn+0x21/0xb0
[   64.263351][ T5995]  ? __pfx_panic+0x10/0x10
[   64.267835][ T5995]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   64.273840][ T5995]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   64.280195][ T5995]  ? print_report+0x502/0x550
[   64.284994][ T5995]  check_panic_on_warn+0x86/0xb0
[   64.290049][ T5995]  ? binder_add_device+0x5f/0xa0
[   64.295010][ T5995]  end_report+0x77/0x160
[   64.299394][ T5995]  kasan_report+0x154/0x180
[   64.303924][ T5995]  ? binder_add_device+0x5f/0xa0
[   64.308893][ T5995]  binder_add_device+0x5f/0xa0
[   64.313740][ T5995]  binderfs_binder_device_create+0x7bf/0x9c0
[   64.319753][ T5995]  binderfs_fill_super+0x944/0xd90
[   64.324901][ T5995]  ? __pfx_binderfs_fill_super+0x10/0x10
[   64.330642][ T5995]  ? shrinker_register+0x160/0x230
[   64.335790][ T5995]  ? sget_fc+0x909/0x9c0
[   64.340056][ T5995]  ? __pfx_set_anon_super_fc+0x10/0x10
[   64.345718][ T5995]  ? __pfx_binderfs_fill_super+0x10/0x10
[   64.351379][ T5995]  get_tree_nodev+0xb7/0x140
[   64.356094][ T5995]  vfs_get_tree+0x90/0x2b0
[   64.360575][ T5995]  do_new_mount+0x2be/0xb40
[   64.365102][ T5995]  ? __pfx_do_new_mount+0x10/0x10
[   64.370149][ T5995]  __se_sys_mount+0x2d6/0x3c0
[   64.375024][ T5995]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   64.381035][ T5995]  ? __pfx___se_sys_mount+0x10/0x10
[   64.386263][ T5995]  ? do_syscall_64+0x100/0x230
[   64.391066][ T5995]  ? __x64_sys_mount+0x20/0xc0
[   64.395857][ T5995]  do_syscall_64+0xf3/0x230
[   64.400394][ T5995]  ? clear_bhb_loop+0x35/0x90
[   64.405091][ T5995]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.411009][ T5995] RIP: 0033:0x7fdc80b8e54a
[   64.415448][ T5995] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   64.435155][ T5995] RSP: 002b:00007fdc80ecff68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   64.443568][ T5995] RAX: ffffffffffffffda RBX: 00007fdc80c0e663 RCX: 00007fdc80b8e54a
[   64.451526][ T5995] RDX: 00007fdc80c1dda7 RSI: 00007fdc80c0e663 RDI: 00007fdc80c1dda7
[   64.459496][ T5995] RBP: 00007fdc80c0e8ac R08: 0000000000000000 R09: 0000000000000100
[   64.467461][ T5995] R10: 0000000000000000 R11: 0000000000000246 R12: 000055557e52c4a8
[   64.475418][ T5995] R13: 00007ffe284234f8 R14: 0000000000000009 R15: 0000000000000000
[   64.483385][ T5995]  </TASK>
[   64.486766][ T5995] Kernel Offset: disabled
[   64.491142][ T5995] Rebooting in 86400 seconds..