last executing test programs:
1.020595886s ago: executing program 0 (id=496):
io_pgetevents(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0)
976.094421ms ago: executing program 0 (id=500):
poll(&(0x7f0000000000), 0x0, 0x0)
957.896227ms ago: executing program 0 (id=504):
socket$xdp(0x2c, 0x3, 0x0)
906.146735ms ago: executing program 0 (id=510):
prlimit64(0x0, 0x0, 0x0, 0x0)
856.478034ms ago: executing program 0 (id=515):
syz_open_dev$amidi(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$amidi(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$amidi(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$amidi(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$amidi(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$amidi(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$amidi(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$amidi(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$amidi(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$amidi(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$amidi(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$amidi(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$amidi(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$amidi(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$amidi(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$amidi(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$amidi(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$amidi(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$amidi(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$amidi(&(0x7f0000000500), 0x4, 0x800)
782.251486ms ago: executing program 0 (id=523):
pause()
420.771869ms ago: executing program 3 (id=563):
syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$vim2m(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$vim2m(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$vim2m(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$vim2m(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$vim2m(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$vim2m(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$vim2m(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$vim2m(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$vim2m(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$vim2m(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$vim2m(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$vim2m(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$vim2m(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$vim2m(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$vim2m(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$vim2m(&(0x7f0000000500), 0x4, 0x800)
419.859981ms ago: executing program 5 (id=568):
set_tid_address(&(0x7f0000000000))
408.563377ms ago: executing program 5 (id=571):
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000000), 0x0)
332.824894ms ago: executing program 3 (id=573):
newfstatat(0xffffffffffffff9c, &(0x7f0000000000), &(0x7f0000000000), 0x0)
332.549242ms ago: executing program 5 (id=576):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/unconfined', 0x2, 0x0)
330.327681ms ago: executing program 3 (id=579):
rt_sigqueueinfo(0x0, 0x0, &(0x7f0000000000))
317.549733ms ago: executing program 2 (id=580):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp', 0x800, 0x0)
305.780095ms ago: executing program 5 (id=581):
get_robust_list(0x0, &(0x7f0000000000), &(0x7f0000000000))
256.844885ms ago: executing program 1 (id=582):
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0)
256.651972ms ago: executing program 3 (id=583):
socket$qrtr(0x2a, 0x2, 0x0)
256.501784ms ago: executing program 4 (id=584):
socket$inet_udp(0x2, 0x2, 0x0)
248.227624ms ago: executing program 2 (id=585):
truncate(&(0x7f0000000000), 0x0)
248.04227ms ago: executing program 5 (id=586):
personality(0x0)
244.745239ms ago: executing program 1 (id=587):
setns(0xffffffffffffffff, 0x0)
200.826772ms ago: executing program 3 (id=588):
process_vm_writev(0x0, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0, 0x0)
200.621912ms ago: executing program 4 (id=589):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ndctl0', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ndctl0', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ndctl0', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ndctl0', 0x800, 0x0)
200.441968ms ago: executing program 5 (id=590):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1', 0x800, 0x0)
200.258047ms ago: executing program 2 (id=591):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey', 0x800, 0x0)
200.195081ms ago: executing program 3 (id=592):
process_mrelease(0xffffffffffffffff, 0x0)
200.022102ms ago: executing program 1 (id=593):
dup2(0xffffffffffffffff, 0xffffffffffffffff)
153.328247ms ago: executing program 4 (id=595):
timer_delete(0x0)
152.680303ms ago: executing program 2 (id=596):
dup(0xffffffffffffffff)
138.344899ms ago: executing program 1 (id=597):
socket$igmp6(0xa, 0x3, 0x2)
80.809015ms ago: executing program 4 (id=598):
clone(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000))
exit(0x0)
80.620344ms ago: executing program 1 (id=599):
lseek(0xffffffffffffffff, 0x0, 0x0)
80.551256ms ago: executing program 2 (id=600):
gettid()
71.315057ms ago: executing program 1 (id=601):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
59.229134ms ago: executing program 4 (id=602):
syz_open_dev$hidraw(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$hidraw(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$hidraw(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$hidraw(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$hidraw(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$hidraw(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$hidraw(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$hidraw(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$hidraw(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$hidraw(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$hidraw(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$hidraw(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$hidraw(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$hidraw(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$hidraw(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$hidraw(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$hidraw(&(0x7f0000000500), 0x4, 0x800)
239.591µs ago: executing program 2 (id=603):
timer_getoverrun(0x0)
0s ago: executing program 4 (id=605):
set_robust_list(&(0x7f0000000000), 0x0)
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.1.142' (ED25519) to the list of known hosts.
[ 79.150725][ T5817] cgroup: Unknown subsys name 'net'
[ 79.262987][ T5817] cgroup: Unknown subsys name 'cpuset'
[ 79.272071][ T5817] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 80.782868][ T5817] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 86.545777][ T6269] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 86.758418][ T6294] mmap: syz.0.446 (6294) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 87.590823][ T6397] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 88.683264][ T6458] ==================================================================
[ 88.691377][ T6458] BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0
[ 88.699134][ T6458] Write of size 8 at addr ffff888034676008 by task syz-executor/6458
[ 88.707220][ T6458]
[ 88.709556][ T6458] CPU: 0 UID: 0 PID: 6458 Comm: syz-executor Not tainted 6.13.0-syzkaller-08997-gf34b580514c9 #0
[ 88.709599][ T6458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 88.709624][ T6458] Call Trace:
[ 88.709635][ T6458]
[ 88.709648][ T6458] dump_stack_lvl+0x116/0x1f0
[ 88.709695][ T6458] print_report+0xc3/0x620
[ 88.709754][ T6458] ? srso_alias_return_thunk+0x5/0xfbef5
[ 88.709815][ T6458] ? srso_alias_return_thunk+0x5/0xfbef5
[ 88.709874][ T6458] ? __phys_addr+0xc6/0x150
[ 88.709913][ T6458] kasan_report+0xd9/0x110
[ 88.709970][ T6458] ? binder_add_device+0xa4/0xb0
[ 88.710013][ T6458] ? binder_add_device+0xa4/0xb0
[ 88.710060][ T6458] binder_add_device+0xa4/0xb0
[ 88.710102][ T6458] binderfs_binder_device_create.isra.0+0x95f/0xb70
[ 88.710163][ T6458] binderfs_fill_super+0x8d6/0x1360
[ 88.710218][ T6458] ? __pfx_binderfs_fill_super+0x10/0x10
[ 88.710271][ T6458] ? srso_alias_return_thunk+0x5/0xfbef5
[ 88.710345][ T6458] ? shrinker_register+0x1a8/0x260
[ 88.710392][ T6458] ? srso_alias_return_thunk+0x5/0xfbef5
[ 88.710452][ T6458] ? sget_fc+0x808/0xc20
[ 88.710499][ T6458] ? apparmor_capable+0x114/0x1d0
[ 88.710558][ T6458] ? __pfx_set_anon_super_fc+0x10/0x10
[ 88.710605][ T6458] ? __pfx_binderfs_fill_super+0x10/0x10
[ 88.710660][ T6458] get_tree_nodev+0xdd/0x190
[ 88.710711][ T6458] vfs_get_tree+0x8e/0x340
[ 88.710752][ T6458] path_mount+0x14e6/0x1f10
[ 88.710810][ T6458] ? srso_alias_return_thunk+0x5/0xfbef5
[ 88.710870][ T6458] ? kmem_cache_free+0x2e2/0x4d0
[ 88.710924][ T6458] ? __pfx_path_mount+0x10/0x10
[ 88.710983][ T6458] ? srso_alias_return_thunk+0x5/0xfbef5
[ 88.711042][ T6458] ? putname+0x13c/0x180
[ 88.711078][ T6458] __x64_sys_mount+0x28f/0x310
[ 88.711137][ T6458] ? __pfx___x64_sys_mount+0x10/0x10
[ 88.711201][ T6458] do_syscall_64+0xcd/0x250
[ 88.711249][ T6458] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 88.711302][ T6458] RIP: 0033:0x7f420638e4ca
[ 88.711328][ T6458] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 88.711363][ T6458] RSP: 002b:00007fff96f05ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 88.711397][ T6458] RAX: ffffffffffffffda RBX: 00007f420640e663 RCX: 00007f420638e4ca
[ 88.711422][ T6458] RDX: 00007f420641dd57 RSI: 00007f420640e663 RDI: 00007f420641dd57
[ 88.711446][ T6458] RBP: 00007f420640e85b R08: 0000000000000000 R09: 00000000000001ff
[ 88.711469][ T6458] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f42063eb1c8
[ 88.711492][ T6458] R13: 00007f42063eb1a8 R14: 0000000000000009 R15: 0000000000000000
[ 88.711525][ T6458]
[ 88.711537][ T6458]
[ 88.972766][ T6458] Allocated by task 5835:
[ 88.977200][ T6458] kasan_save_stack+0x33/0x60
[ 88.981929][ T6458] kasan_save_track+0x14/0x30
[ 88.986652][ T6458] __kasan_kmalloc+0xaa/0xb0
[ 88.991288][ T6458] binderfs_binder_device_create.isra.0+0x17a/0xb70
[ 88.997925][ T6458] binderfs_fill_super+0x8d6/0x1360
[ 89.003165][ T6458] get_tree_nodev+0xdd/0x190
[ 89.007786][ T6458] vfs_get_tree+0x8e/0x340
[ 89.012234][ T6458] path_mount+0x14e6/0x1f10
[ 89.016786][ T6458] __x64_sys_mount+0x28f/0x310
[ 89.021600][ T6458] do_syscall_64+0xcd/0x250
[ 89.026153][ T6458] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.032094][ T6458]
[ 89.034432][ T6458] Freed by task 5835:
[ 89.038425][ T6458] kasan_save_stack+0x33/0x60
[ 89.043148][ T6458] kasan_save_track+0x14/0x30
[ 89.047864][ T6458] kasan_save_free_info+0x3b/0x60
[ 89.052921][ T6458] __kasan_slab_free+0x51/0x70
[ 89.057736][ T6458] kfree+0x2c4/0x4d0
[ 89.061671][ T6458] binderfs_evict_inode+0x1e0/0x250
[ 89.066907][ T6458] evict+0x40c/0x960
[ 89.070831][ T6458] iput+0x52a/0x890
[ 89.074668][ T6458] dentry_unlink_inode+0x29c/0x480
[ 89.079805][ T6458] __dentry_kill+0x1d0/0x600
[ 89.084687][ T6458] shrink_dentry_list+0x140/0x5d0
[ 89.089748][ T6458] shrink_dcache_parent+0xe2/0x530
[ 89.094893][ T6458] shrink_dcache_for_umount+0xa1/0x3e0
[ 89.100390][ T6458] generic_shutdown_super+0x6c/0x390
[ 89.105713][ T6458] kill_litter_super+0x70/0xa0
[ 89.110512][ T6458] binderfs_kill_super+0x3b/0xa0
[ 89.115491][ T6458] deactivate_locked_super+0xc1/0x1a0
[ 89.120900][ T6458] deactivate_super+0xde/0x100
[ 89.125700][ T6458] cleanup_mnt+0x222/0x450
[ 89.130152][ T6458] task_work_run+0x151/0x250
[ 89.134810][ T6458] do_exit+0xad8/0x2d70
[ 89.138994][ T6458] do_group_exit+0xd3/0x2a0
[ 89.143528][ T6458] get_signal+0x24ed/0x26c0
[ 89.148082][ T6458] arch_do_signal_or_restart+0x90/0x7e0
[ 89.153661][ T6458] syscall_exit_to_user_mode+0x150/0x2a0
[ 89.159332][ T6458] do_syscall_64+0xda/0x250
[ 89.163875][ T6458] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.169810][ T6458]
[ 89.172146][ T6458] The buggy address belongs to the object at ffff888034676000
[ 89.172146][ T6458] which belongs to the cache kmalloc-512 of size 512
[ 89.186220][ T6458] The buggy address is located 8 bytes inside of
[ 89.186220][ T6458] freed 512-byte region [ffff888034676000, ffff888034676200)
[ 89.199900][ T6458]
[ 89.202234][ T6458] The buggy address belongs to the physical page:
[ 89.208670][ T6458] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34674
[ 89.217452][ T6458] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 89.225972][ T6458] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 89.233974][ T6458] page_type: f5(slab)
[ 89.237981][ T6458] raw: 00fff00000000040 ffff88801b041c80 0000000000000000 dead000000000001
[ 89.246593][ T6458] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 89.255210][ T6458] head: 00fff00000000040 ffff88801b041c80 0000000000000000 dead000000000001
[ 89.263908][ T6458] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 89.272604][ T6458] head: 00fff00000000002 ffffea0000d19d01 ffffffffffffffff 0000000000000000
[ 89.281307][ T6458] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 89.290167][ T6458] page dumped because: kasan: bad access detected
[ 89.296591][ T6458] page_owner tracks the page as allocated
[ 89.302320][ T6458] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5209, tgid 5209 (udevadm), ts 40110704010, free_ts 40107330264
[ 89.323290][ T6458] post_alloc_hook+0x181/0x1b0
[ 89.328099][ T6458] get_page_from_freelist+0xfce/0x2f80
[ 89.333610][ T6458] __alloc_frozen_pages_noprof+0x221/0x2470
[ 89.339554][ T6458] alloc_pages_mpol+0x1fc/0x540
[ 89.344467][ T6458] new_slab+0x23d/0x330
[ 89.348662][ T6458] ___slab_alloc+0xc5d/0x1720
[ 89.353375][ T6458] __slab_alloc.constprop.0+0x56/0xb0
[ 89.358782][ T6458] __kmalloc_cache_noprof+0xfa/0x410
[ 89.364109][ T6458] kernfs_fop_open+0x28b/0xdb0
[ 89.368894][ T6458] do_dentry_open+0x738/0x1c40
[ 89.373700][ T6458] vfs_open+0x82/0x3f0
[ 89.377796][ T6458] path_openat+0x1e88/0x2d80
[ 89.382429][ T6458] do_filp_open+0x20c/0x470
[ 89.386976][ T6458] do_sys_openat2+0x17a/0x1e0
[ 89.391685][ T6458] __x64_sys_openat+0x175/0x210
[ 89.396570][ T6458] do_syscall_64+0xcd/0x250
[ 89.401114][ T6458] page last free pid 5205 tgid 5205 stack trace:
[ 89.407452][ T6458] free_frozen_pages+0x6db/0xfb0
[ 89.412434][ T6458] qlist_free_all+0x4e/0x120
[ 89.417069][ T6458] kasan_quarantine_reduce+0x195/0x1e0
[ 89.422578][ T6458] __kasan_slab_alloc+0x69/0x90
[ 89.427478][ T6458] __kmalloc_noprof+0x1cd/0x510
[ 89.432380][ T6458] tomoyo_encode2+0x100/0x3e0
[ 89.437097][ T6458] tomoyo_encode+0x29/0x50
[ 89.441554][ T6458] tomoyo_path_perm+0x3a7/0x460
[ 89.446440][ T6458] tomoyo_path_symlink+0x98/0xe0
[ 89.451426][ T6458] security_path_symlink+0x152/0x2e0
[ 89.456742][ T6458] do_symlinkat+0x10e/0x310
[ 89.461294][ T6458] __x64_sys_symlink+0x75/0x90
[ 89.466114][ T6458] do_syscall_64+0xcd/0x250
[ 89.470657][ T6458] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.476597][ T6458]
[ 89.478932][ T6458] Memory state around the buggy address:
[ 89.484575][ T6458] ffff888034675f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 89.492657][ T6458] ffff888034675f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 89.500742][ T6458] >ffff888034676000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.508819][ T6458] ^
[ 89.513161][ T6458] ffff888034676080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.521242][ T6458] ffff888034676100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 89.529321][ T6458] ==================================================================
[ 89.573706][ T6458] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[ 89.581457][ T6458] CPU: 0 UID: 0 PID: 6458 Comm: syz-executor Not tainted 6.13.0-syzkaller-08997-gf34b580514c9 #0
[ 89.591988][ T6458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 89.602062][ T6458] Call Trace:
[ 89.605349][ T6458]
[ 89.608296][ T6458] dump_stack_lvl+0x3d/0x1f0
[ 89.612933][ T6458] panic+0x71d/0x800
[ 89.616861][ T6458] ? __pfx_panic+0x10/0x10
[ 89.621310][ T6458] ? lockdep_hardirqs_on+0x7c/0x110
[ 89.626550][ T6458] ? srso_alias_return_thunk+0x5/0xfbef5
[ 89.632240][ T6458] ? srso_alias_return_thunk+0x5/0xfbef5
[ 89.637925][ T6458] ? preempt_schedule_common+0x44/0xc0
[ 89.643420][ T6458] ? srso_alias_return_thunk+0x5/0xfbef5
[ 89.649106][ T6458] ? preempt_schedule_thunk+0x1a/0x30
[ 89.654531][ T6458] end_report+0x169/0x180
[ 89.658915][ T6458] kasan_report+0xe9/0x110
[ 89.663387][ T6458] ? binder_add_device+0xa4/0xb0
[ 89.668378][ T6458] ? binder_add_device+0xa4/0xb0
[ 89.673360][ T6458] binder_add_device+0xa4/0xb0
[ 89.678164][ T6458] binderfs_binder_device_create.isra.0+0x95f/0xb70
[ 89.684804][ T6458] binderfs_fill_super+0x8d6/0x1360
[ 89.690062][ T6458] ? __pfx_binderfs_fill_super+0x10/0x10
[ 89.695739][ T6458] ? srso_alias_return_thunk+0x5/0xfbef5
[ 89.701437][ T6458] ? shrinker_register+0x1a8/0x260
[ 89.706577][ T6458] ? srso_alias_return_thunk+0x5/0xfbef5
[ 89.712246][ T6458] ? sget_fc+0x808/0xc20
[ 89.716513][ T6458] ? apparmor_capable+0x114/0x1d0
[ 89.721574][ T6458] ? __pfx_set_anon_super_fc+0x10/0x10
[ 89.727059][ T6458] ? __pfx_binderfs_fill_super+0x10/0x10
[ 89.732721][ T6458] get_tree_nodev+0xdd/0x190
[ 89.737339][ T6458] vfs_get_tree+0x8e/0x340
[ 89.741780][ T6458] path_mount+0x14e6/0x1f10
[ 89.746319][ T6458] ? srso_alias_return_thunk+0x5/0xfbef5
[ 89.751994][ T6458] ? kmem_cache_free+0x2e2/0x4d0
[ 89.756962][ T6458] ? __pfx_path_mount+0x10/0x10
[ 89.761850][ T6458] ? srso_alias_return_thunk+0x5/0xfbef5
[ 89.767518][ T6458] ? putname+0x13c/0x180
[ 89.771777][ T6458] __x64_sys_mount+0x28f/0x310
[ 89.776576][ T6458] ? __pfx___x64_sys_mount+0x10/0x10
[ 89.781904][ T6458] do_syscall_64+0xcd/0x250
[ 89.786433][ T6458] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 89.792357][ T6458] RIP: 0033:0x7f420638e4ca
[ 89.796788][ T6458] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 89.816413][ T6458] RSP: 002b:00007fff96f05ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 89.824848][ T6458] RAX: ffffffffffffffda RBX: 00007f420640e663 RCX: 00007f420638e4ca
[ 89.832829][ T6458] RDX: 00007f420641dd57 RSI: 00007f420640e663 RDI: 00007f420641dd57
[ 89.840815][ T6458] RBP: 00007f420640e85b R08: 0000000000000000 R09: 00000000000001ff
[ 89.848794][ T6458] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f42063eb1c8
[ 89.856774][ T6458] R13: 00007f42063eb1a8 R14: 0000000000000009 R15: 0000000000000000
[ 89.864765][ T6458]
[ 89.867983][ T6458] Kernel Offset: disabled
[ 89.872304][ T6458] Rebooting in 86400 seconds..