last executing test programs:

375.162448ms ago: executing program 0 (id=112):
socket$inet(0x2, 0x1, 0x0)

323.585687ms ago: executing program 0 (id=115):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx', 0x800, 0x0)

323.421847ms ago: executing program 2 (id=117):
newfstatat(0xffffffffffffff9c, &(0x7f0000000000), &(0x7f0000000000), 0x0)

323.011602ms ago: executing program 2 (id=119):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null', 0x800, 0x0)

289.889958ms ago: executing program 2 (id=124):
socket$l2tp(0x2, 0x2, 0x73)

289.827369ms ago: executing program 0 (id=125):
open_tree(0xffffffffffffffff, &(0x7f0000000000), 0x0)

240.52377ms ago: executing program 2 (id=127):
socket$nl_xfrm(0x10, 0x3, 0x6)

240.162405ms ago: executing program 0 (id=130):
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)

239.905937ms ago: executing program 2 (id=134):
umount2(&(0x7f0000000000), 0x0)

238.985263ms ago: executing program 0 (id=135):
fsmount(0xffffffffffffffff, 0x0, 0x0)

222.480515ms ago: executing program 2 (id=137):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio1', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio1', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio1', 0x800, 0x0)

176.083686ms ago: executing program 4 (id=140):
socket$hf(0x13, 0x2, 0x0)

175.870603ms ago: executing program 0 (id=141):
pause()

92.4764ms ago: executing program 3 (id=147):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/timer', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/timer', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/timer', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/timer', 0x800, 0x0)

92.277175ms ago: executing program 4 (id=148):
epoll_create1(0x0)

92.062682ms ago: executing program 1 (id=149):
lsm_set_self_attr(0x0, &(0x7f0000000000), 0x0, 0x0)

91.962313ms ago: executing program 4 (id=150):
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)

91.892473ms ago: executing program 3 (id=151):
lseek(0xffffffffffffffff, 0x0, 0x0)

91.785917ms ago: executing program 1 (id=152):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl', 0x800, 0x0)

91.630905ms ago: executing program 4 (id=153):
shutdown(0xffffffffffffffff, 0x0)

87.019861ms ago: executing program 3 (id=154):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vmci', 0x2, 0x0)

79.096791ms ago: executing program 4 (id=155):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video37', 0x2, 0x0)

32.477065ms ago: executing program 1 (id=156):
sigaltstack(&(0x7f0000000000), 0x0)

32.310498ms ago: executing program 3 (id=157):
syz_open_dev$vcsn(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$vcsn(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$vcsn(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$vcsn(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$vcsn(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$vcsn(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$vcsn(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$vcsn(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$vcsn(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$vcsn(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$vcsn(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$vcsn(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$vcsn(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$vcsn(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$vcsn(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$vcsn(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$vcsn(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$vcsn(&(0x7f0000000500), 0x4, 0x800)

32.240875ms ago: executing program 1 (id=158):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs', 0x800, 0x0)

32.168829ms ago: executing program 4 (id=159):
membarrier(0x0, 0x0)

32.058248ms ago: executing program 3 (id=160):
restart_syscall()

16.581952ms ago: executing program 1 (id=162):
writev(0xffffffffffffffff, &(0x7f0000000000), 0x0)

16.287918ms ago: executing program 3 (id=163):
process_madvise(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0)

0s ago: executing program 1 (id=164):
pidfd_send_signal(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.107' (ED25519) to the list of known hosts.
[   52.685925][   T29] audit: type=1400 audit(1738120786.707:88): avc:  denied  { mounton } for  pid=5809 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   52.691782][ T5809] cgroup: Unknown subsys name 'net'
[   52.708816][   T29] audit: type=1400 audit(1738120786.707:89): avc:  denied  { mount } for  pid=5809 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   52.736201][   T29] audit: type=1400 audit(1738120786.737:90): avc:  denied  { unmount } for  pid=5809 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   52.856648][ T5809] cgroup: Unknown subsys name 'cpuset'
[   52.864415][ T5809] cgroup: Unknown subsys name 'rlimit'
[   52.989783][   T29] audit: type=1400 audit(1738120787.007:91): avc:  denied  { setattr } for  pid=5809 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   53.014071][   T29] audit: type=1400 audit(1738120787.007:92): avc:  denied  { create } for  pid=5809 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   53.041369][   T29] audit: type=1400 audit(1738120787.007:93): avc:  denied  { write } for  pid=5809 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   53.062049][   T29] audit: type=1400 audit(1738120787.007:94): avc:  denied  { read } for  pid=5809 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   53.082541][   T29] audit: type=1400 audit(1738120787.037:95): avc:  denied  { mounton } for  pid=5809 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   53.088000][ T5812] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   53.116021][   T29] audit: type=1400 audit(1738120787.037:96): avc:  denied  { mount } for  pid=5809 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   53.139440][   T29] audit: type=1400 audit(1738120787.037:97): avc:  denied  { read } for  pid=5491 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[   54.045907][ T5809] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   57.106203][ T5996] ==================================================================
[   57.114294][ T5996] BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0
[   57.122018][ T5996] Write of size 8 at addr ffff888053413808 by task syz-executor/5996
[   57.130091][ T5996] 
[   57.132422][ T5996] CPU: 1 UID: 0 PID: 5996 Comm: syz-executor Not tainted 6.13.0-syzkaller-09338-g05dbaf8dd8bf #0
[   57.132441][ T5996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   57.132451][ T5996] Call Trace:
[   57.132457][ T5996]  <TASK>
[   57.132464][ T5996]  dump_stack_lvl+0x116/0x1f0
[   57.132492][ T5996]  print_report+0xc3/0x620
[   57.132512][ T5996]  ? __virt_addr_valid+0x5e/0x590
[   57.132530][ T5996]  ? __phys_addr+0xc6/0x150
[   57.132548][ T5996]  kasan_report+0xd9/0x110
[   57.132566][ T5996]  ? binder_add_device+0xa4/0xb0
[   57.132586][ T5996]  ? binder_add_device+0xa4/0xb0
[   57.132605][ T5996]  binder_add_device+0xa4/0xb0
[   57.132624][ T5996]  binderfs_binder_device_create.isra.0+0x95f/0xb70
[   57.132657][ T5996]  binderfs_fill_super+0x8d6/0x1360
[   57.132681][ T5996]  ? __pfx_binderfs_fill_super+0x10/0x10
[   57.132710][ T5996]  ? shrinker_register+0x1a8/0x260
[   57.132734][ T5996]  ? sget_fc+0x808/0xc20
[   57.132759][ T5996]  ? __pfx_set_anon_super_fc+0x10/0x10
[   57.132783][ T5996]  ? __pfx_binderfs_fill_super+0x10/0x10
[   57.132804][ T5996]  get_tree_nodev+0xda/0x190
[   57.132829][ T5996]  vfs_get_tree+0x8b/0x340
[   57.132850][ T5996]  path_mount+0x14e6/0x1f10
[   57.132870][ T5996]  ? kmem_cache_free+0x2e2/0x4d0
[   57.132887][ T5996]  ? __pfx_path_mount+0x10/0x10
[   57.132906][ T5996]  ? putname+0x13c/0x180
[   57.132926][ T5996]  __x64_sys_mount+0x28f/0x310
[   57.132945][ T5996]  ? __pfx___x64_sys_mount+0x10/0x10
[   57.132967][ T5996]  do_syscall_64+0xcd/0x250
[   57.132987][ T5996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.133011][ T5996] RIP: 0033:0x7effdfd8e54a
[   57.133027][ T5996] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.133043][ T5996] RSP: 002b:00007ffcfecd3da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   57.133060][ T5996] RAX: ffffffffffffffda RBX: 00007effdfe0e663 RCX: 00007effdfd8e54a
[   57.133072][ T5996] RDX: 00007effdfe1dda7 RSI: 00007effdfe0e663 RDI: 00007effdfe1dda7
[   57.133083][ T5996] RBP: 00007effdfe0e8ac R08: 0000000000000000 R09: 00000000000001ff
[   57.133094][ T5996] R10: 0000000000000000 R11: 0000000000000246 R12: 00007effdfdeb1a8
[   57.133105][ T5996] R13: 00007effdfdeb180 R14: 0000000000000009 R15: 0000000000000000
[   57.133121][ T5996]  </TASK>
[   57.133127][ T5996] 
[   57.360611][ T5996] Allocated by task 5823:
[   57.364935][ T5996]  kasan_save_stack+0x33/0x60
[   57.369610][ T5996]  kasan_save_track+0x14/0x30
[   57.374364][ T5996]  __kasan_kmalloc+0xaa/0xb0
[   57.379234][ T5996]  binderfs_binder_device_create.isra.0+0x17a/0xb70
[   57.385821][ T5996]  binderfs_fill_super+0x8d6/0x1360
[   57.391007][ T5996]  get_tree_nodev+0xda/0x190
[   57.395587][ T5996]  vfs_get_tree+0x8b/0x340
[   57.400011][ T5996]  path_mount+0x14e6/0x1f10
[   57.404504][ T5996]  __x64_sys_mount+0x28f/0x310
[   57.409253][ T5996]  do_syscall_64+0xcd/0x250
[   57.413738][ T5996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.419616][ T5996] 
[   57.421925][ T5996] Freed by task 5823:
[   57.425880][ T5996]  kasan_save_stack+0x33/0x60
[   57.430540][ T5996]  kasan_save_track+0x14/0x30
[   57.435205][ T5996]  kasan_save_free_info+0x3b/0x60
[   57.440309][ T5996]  __kasan_slab_free+0x51/0x70
[   57.445058][ T5996]  kfree+0x2c4/0x4d0
[   57.448939][ T5996]  binderfs_evict_inode+0x1e0/0x250
[   57.454123][ T5996]  evict+0x409/0x960
[   57.458001][ T5996]  iput+0x52a/0x890
[   57.461790][ T5996]  dentry_unlink_inode+0x29c/0x480
[   57.466881][ T5996]  __dentry_kill+0x1d0/0x600
[   57.471475][ T5996]  shrink_dentry_list+0x140/0x5d0
[   57.476484][ T5996]  shrink_dcache_parent+0xe2/0x530
[   57.481594][ T5996]  shrink_dcache_for_umount+0xa1/0x3e0
[   57.487044][ T5996]  generic_shutdown_super+0x6c/0x390
[   57.492316][ T5996]  kill_litter_super+0x70/0xa0
[   57.497066][ T5996]  binderfs_kill_super+0x3b/0xa0
[   57.501986][ T5996]  deactivate_locked_super+0xbe/0x1a0
[   57.507431][ T5996]  deactivate_super+0xde/0x100
[   57.512201][ T5996]  cleanup_mnt+0x222/0x450
[   57.516602][ T5996]  task_work_run+0x14e/0x250
[   57.521205][ T5996]  do_exit+0xad8/0x2d70
[   57.525355][ T5996]  do_group_exit+0xd3/0x2a0
[   57.529850][ T5996]  get_signal+0x24ed/0x26c0
[   57.534344][ T5996]  arch_do_signal_or_restart+0x90/0x7e0
[   57.539881][ T5996]  syscall_exit_to_user_mode+0x150/0x2a0
[   57.545499][ T5996]  do_syscall_64+0xda/0x250
[   57.550007][ T5996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.555885][ T5996] 
[   57.558190][ T5996] The buggy address belongs to the object at ffff888053413800
[   57.558190][ T5996]  which belongs to the cache kmalloc-512 of size 512
[   57.572310][ T5996] The buggy address is located 8 bytes inside of
[   57.572310][ T5996]  freed 512-byte region [ffff888053413800, ffff888053413a00)
[   57.585910][ T5996] 
[   57.588213][ T5996] The buggy address belongs to the physical page:
[   57.594608][ T5996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x53410
[   57.603349][ T5996] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   57.611828][ T5996] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   57.619460][ T5996] page_type: f5(slab)
[   57.623425][ T5996] raw: 00fff00000000040 ffff88801b041c80 dead000000000122 0000000000000000
[   57.632009][ T5996] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   57.640571][ T5996] head: 00fff00000000040 ffff88801b041c80 dead000000000122 0000000000000000
[   57.649221][ T5996] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   57.657873][ T5996] head: 00fff00000000002 ffffea00014d0401 ffffffffffffffff 0000000000000000
[   57.666522][ T5996] head: 0000000700000004 0000000000000000 00000000ffffffff 0000000000000000
[   57.675169][ T5996] page dumped because: kasan: bad access detected
[   57.681578][ T5996] page_owner tracks the page as allocated
[   57.687270][ T5996] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5823, tgid 5823 (syz-executor), ts 55756229479, free_ts 55479112497
[   57.708628][ T5996]  post_alloc_hook+0x181/0x1b0
[   57.713383][ T5996]  get_page_from_freelist+0xfce/0x2f80
[   57.718825][ T5996]  __alloc_frozen_pages_noprof+0x221/0x2470
[   57.724703][ T5996]  alloc_pages_mpol+0x1fc/0x540
[   57.729535][ T5996]  new_slab+0x23d/0x330
[   57.733674][ T5996]  ___slab_alloc+0xc5d/0x1720
[   57.738334][ T5996]  __slab_alloc.constprop.0+0x56/0xb0
[   57.743689][ T5996]  __kmalloc_cache_noprof+0xfa/0x410
[   57.748958][ T5996]  rxrpc_alloc_peer+0x93/0x440
[   57.753705][ T5996]  rxrpc_service_prealloc_one+0xb4f/0xef0
[   57.759413][ T5996]  rxrpc_kernel_charge_accept+0xd7/0x120
[   57.765029][ T5996]  afs_charge_preallocation+0xce/0x330
[   57.770468][ T5996]  afs_open_socket+0x2b3/0x380
[   57.775211][ T5996]  afs_net_init+0x95d/0xc60
[   57.779699][ T5996]  ops_init+0x1df/0x5f0
[   57.783844][ T5996]  setup_net+0x21f/0x860
[   57.788070][ T5996] page last free pid 5809 tgid 5809 stack trace:
[   57.794369][ T5996]  free_unref_folios+0xa7b/0x1500
[   57.799376][ T5996]  folios_put_refs+0x587/0x7b0
[   57.804131][ T5996]  free_pages_and_swap_cache+0x351/0x500
[   57.809749][ T5996]  __tlb_batch_free_encoded_pages+0xf9/0x290
[   57.815710][ T5996]  tlb_finish_mmu+0x168/0x7b0
[   57.820366][ T5996]  vms_clear_ptes+0x560/0x770
[   57.825025][ T5996]  vms_complete_munmap_vmas+0x1ca/0x970
[   57.830557][ T5996]  do_vmi_align_munmap+0x619/0x890
[   57.835648][ T5996]  do_vmi_munmap+0x208/0x3e0
[   57.840224][ T5996]  __vm_munmap+0x19b/0x390
[   57.844620][ T5996]  __x64_sys_munmap+0x59/0x80
[   57.849283][ T5996]  do_syscall_64+0xcd/0x250
[   57.853768][ T5996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.859647][ T5996] 
[   57.861960][ T5996] Memory state around the buggy address:
[   57.867567][ T5996]  ffff888053413700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.875608][ T5996]  ffff888053413780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.883652][ T5996] >ffff888053413800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.891688][ T5996]                       ^
[   57.895991][ T5996]  ffff888053413880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.904047][ T5996]  ffff888053413900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.912097][ T5996] ==================================================================
[   58.009937][ T5996] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   58.017162][ T5996] CPU: 0 UID: 0 PID: 5996 Comm: syz-executor Not tainted 6.13.0-syzkaller-09338-g05dbaf8dd8bf #0
[   58.027662][ T5996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   58.037718][ T5996] Call Trace:
[   58.040999][ T5996]  <TASK>
[   58.043933][ T5996]  dump_stack_lvl+0x3d/0x1f0
[   58.048539][ T5996]  panic+0x71d/0x800
[   58.052441][ T5996]  ? __pfx_panic+0x10/0x10
[   58.056864][ T5996]  ? irqentry_exit+0x3b/0x90
[   58.061460][ T5996]  ? lockdep_hardirqs_on+0x7c/0x110
[   58.066667][ T5996]  ? preempt_schedule_thunk+0x1a/0x30
[   58.072052][ T5996]  ? preempt_schedule_common+0x44/0xc0
[   58.077522][ T5996]  ? check_panic_on_warn+0x1f/0xb0
[   58.082648][ T5996]  check_panic_on_warn+0xab/0xb0
[   58.087602][ T5996]  end_report+0x117/0x180
[   58.091946][ T5996]  kasan_report+0xe9/0x110
[   58.096371][ T5996]  ? binder_add_device+0xa4/0xb0
[   58.101317][ T5996]  ? binder_add_device+0xa4/0xb0
[   58.106267][ T5996]  binder_add_device+0xa4/0xb0
[   58.111033][ T5996]  binderfs_binder_device_create.isra.0+0x95f/0xb70
[   58.117643][ T5996]  binderfs_fill_super+0x8d6/0x1360
[   58.122857][ T5996]  ? __pfx_binderfs_fill_super+0x10/0x10
[   58.128513][ T5996]  ? shrinker_register+0x1a8/0x260
[   58.133639][ T5996]  ? sget_fc+0x808/0xc20
[   58.137896][ T5996]  ? __pfx_set_anon_super_fc+0x10/0x10
[   58.143379][ T5996]  ? __pfx_binderfs_fill_super+0x10/0x10
[   58.149033][ T5996]  get_tree_nodev+0xda/0x190
[   58.153637][ T5996]  vfs_get_tree+0x8b/0x340
[   58.158064][ T5996]  path_mount+0x14e6/0x1f10
[   58.162575][ T5996]  ? kmem_cache_free+0x2e2/0x4d0
[   58.167525][ T5996]  ? __pfx_path_mount+0x10/0x10
[   58.172384][ T5996]  ? putname+0x13c/0x180
[   58.176636][ T5996]  __x64_sys_mount+0x28f/0x310
[   58.181410][ T5996]  ? __pfx___x64_sys_mount+0x10/0x10
[   58.186710][ T5996]  do_syscall_64+0xcd/0x250
[   58.191222][ T5996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.197127][ T5996] RIP: 0033:0x7effdfd8e54a
[   58.201538][ T5996] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.221153][ T5996] RSP: 002b:00007ffcfecd3da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   58.229577][ T5996] RAX: ffffffffffffffda RBX: 00007effdfe0e663 RCX: 00007effdfd8e54a
[   58.237557][ T5996] RDX: 00007effdfe1dda7 RSI: 00007effdfe0e663 RDI: 00007effdfe1dda7
[   58.245542][ T5996] RBP: 00007effdfe0e8ac R08: 0000000000000000 R09: 00000000000001ff
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   58.253522][ T5996] R10: 0000000000000000 R11: 0000000000000246 R12: 00007effdfdeb1a8
[   58.261500][ T5996] R13: 00007effdfdeb180 R14: 0000000000000009 R15: 0000000000000000
[   58.269482][ T5996]  </TASK>
[   58.272706][ T5996] Kernel Offset: disabled
[   58.277012][ T5996] Rebooting in 86400 seconds..