last executing test programs:
1.819999466s ago: executing program 0 (id=367):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vfio/vfio', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vfio/vfio', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vfio/vfio', 0x800, 0x0)
1.816124683s ago: executing program 0 (id=372):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/register', 0x1, 0x0)
1.760031733s ago: executing program 0 (id=375):
tgkill(0x0, 0x0, 0x0)
1.759738737s ago: executing program 0 (id=377):
msgsnd(0x0, &(0x7f0000000000), 0x0, 0x0)
1.759232158s ago: executing program 0 (id=380):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
1.704171175s ago: executing program 0 (id=383):
rt_sigreturn()
159.140855ms ago: executing program 1 (id=569):
syz_open_dev$rtc(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$rtc(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$rtc(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$rtc(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$rtc(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$rtc(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$rtc(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$rtc(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$rtc(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$rtc(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$rtc(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$rtc(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$rtc(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$rtc(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$rtc(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$rtc(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$rtc(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$rtc(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$rtc(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$rtc(&(0x7f0000000500), 0x4, 0x800)
158.918899ms ago: executing program 4 (id=570):
rt_sigqueueinfo(0x0, 0x0, &(0x7f0000000000))
158.579366ms ago: executing program 1 (id=571):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rfkill', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill', 0x800, 0x0)
158.43631ms ago: executing program 2 (id=572):
fdatasync(0xffffffffffffffff)
117.247819ms ago: executing program 4 (id=574):
getresuid(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000))
117.146415ms ago: executing program 3 (id=575):
prlimit64(0x0, 0x0, 0x0, 0x0)
117.007447ms ago: executing program 2 (id=576):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/cipso', 0x2, 0x0)
116.904627ms ago: executing program 1 (id=577):
fstatfs(0xffffffffffffffff, &(0x7f0000000000))
116.851799ms ago: executing program 4 (id=578):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/unconfined', 0x2, 0x0)
116.753885ms ago: executing program 3 (id=579):
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
116.544201ms ago: executing program 2 (id=580):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock', 0x800, 0x0)
64.328682ms ago: executing program 1 (id=581):
sched_getattr(0x0, &(0x7f0000000000), 0x0, 0x0)
63.862658ms ago: executing program 4 (id=582):
epoll_create1(0x0)
63.780376ms ago: executing program 2 (id=583):
chdir(&(0x7f0000000000))
63.743094ms ago: executing program 3 (id=584):
splice(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
63.537633ms ago: executing program 1 (id=585):
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000000), 0x0)
63.425728ms ago: executing program 4 (id=586):
mremap(0x0, 0x0, 0x0, 0x0, 0x0)
62.565457ms ago: executing program 3 (id=587):
name_to_handle_at(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0)
57.66847ms ago: executing program 1 (id=588):
getpriority(0x0, 0x0)
51.578917ms ago: executing program 4 (id=589):
socket$key(0xf, 0x3, 0x2)
325.465µs ago: executing program 2 (id=590):
getrandom(&(0x7f0000000000), 0x0, 0x0)
225.788µs ago: executing program 3 (id=591):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/syslog', 0x2, 0x0)
111.613µs ago: executing program 2 (id=593):
open_tree(0xffffffffffffffff, &(0x7f0000000000), 0x0)
0s ago: executing program 3 (id=594):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tty', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty', 0x800, 0x0)
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.0.9' (ED25519) to the list of known hosts.
[ 51.295954][ T29] audit: type=1400 audit(1738073465.573:88): avc: denied { mounton } for pid=5805 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 51.300235][ T5805] cgroup: Unknown subsys name 'net'
[ 51.318762][ T29] audit: type=1400 audit(1738073465.573:89): avc: denied { mount } for pid=5805 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 51.346236][ T29] audit: type=1400 audit(1738073465.603:90): avc: denied { unmount } for pid=5805 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 51.507185][ T5805] cgroup: Unknown subsys name 'cpuset'
[ 51.515030][ T5805] cgroup: Unknown subsys name 'rlimit'
[ 51.721113][ T29] audit: type=1400 audit(1738073465.993:91): avc: denied { setattr } for pid=5805 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 51.744482][ T29] audit: type=1400 audit(1738073465.993:92): avc: denied { create } for pid=5805 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 51.772748][ T29] audit: type=1400 audit(1738073465.993:93): avc: denied { write } for pid=5805 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 51.794618][ T29] audit: type=1400 audit(1738073465.993:94): avc: denied { read } for pid=5805 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 51.815327][ T29] audit: type=1400 audit(1738073466.023:95): avc: denied { mounton } for pid=5805 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 51.841229][ T29] audit: type=1400 audit(1738073466.023:96): avc: denied { mount } for pid=5805 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 51.864643][ T29] audit: type=1400 audit(1738073466.023:97): avc: denied { read } for pid=5487 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[ 51.865063][ T5808] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 52.798230][ T5805] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 54.842217][ T5876] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 55.457637][ T5968] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 56.329010][ T29] kauditd_printk_skb: 84 callbacks suppressed
[ 56.329025][ T29] audit: type=1400 audit(1738073470.603:182): avc: denied { read } for pid=6099 comm="syz.0.272" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 56.419845][ T29] audit: type=1400 audit(1738073470.603:183): avc: denied { open } for pid=6099 comm="syz.0.272" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 56.481783][ T29] audit: type=1400 audit(1738073470.603:184): avc: denied { write } for pid=6099 comm="syz.0.272" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 56.546325][ T29] audit: type=1400 audit(1738073470.653:185): avc: denied { sys_module } for pid=6100 comm="syz.3.271" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 56.569032][ T29] audit: type=1400 audit(1738073470.673:186): avc: denied { read } for pid=6105 comm="syz.2.278" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 56.621199][ T6131] mmap: syz.4.305 (6131) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 56.635123][ T29] audit: type=1400 audit(1738073470.673:187): avc: denied { open } for pid=6105 comm="syz.2.278" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 56.694594][ T29] audit: type=1400 audit(1738073470.673:188): avc: denied { write } for pid=6105 comm="syz.2.278" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 56.768992][ T29] audit: type=1400 audit(1738073470.733:189): avc: denied { read } for pid=6110 comm="syz.4.283" name="mouse0" dev="devtmpfs" ino=998 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[ 56.795068][ T29] audit: type=1400 audit(1738073470.733:190): avc: denied { open } for pid=6110 comm="syz.4.283" path="/dev/input/mouse0" dev="devtmpfs" ino=998 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[ 56.855742][ T29] audit: type=1400 audit(1738073470.733:191): avc: denied { write } for pid=6110 comm="syz.4.283" name="mouse0" dev="devtmpfs" ino=998 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[ 59.502508][ T6430] ==================================================================
[ 59.510602][ T6430] BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0
[ 59.518350][ T6430] Write of size 8 at addr ffff888021352008 by task syz-executor/6430
[ 59.526417][ T6430]
[ 59.528755][ T6430] CPU: 0 UID: 0 PID: 6430 Comm: syz-executor Not tainted 6.13.0-syzkaller-09030-g6d61a53dd6f5 #0
[ 59.528782][ T6430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 59.528795][ T6430] Call Trace:
[ 59.528801][ T6430]
[ 59.528808][ T6430] dump_stack_lvl+0x116/0x1f0
[ 59.528835][ T6430] print_report+0xc3/0x620
[ 59.528855][ T6430] ? __virt_addr_valid+0x5e/0x590
[ 59.528874][ T6430] ? __phys_addr+0xc6/0x150
[ 59.528893][ T6430] kasan_report+0xd9/0x110
[ 59.528911][ T6430] ? binder_add_device+0xa4/0xb0
[ 59.528932][ T6430] ? binder_add_device+0xa4/0xb0
[ 59.528953][ T6430] binder_add_device+0xa4/0xb0
[ 59.528972][ T6430] binderfs_binder_device_create.isra.0+0x95f/0xb70
[ 59.529000][ T6430] binderfs_fill_super+0x8d6/0x1360
[ 59.529030][ T6430] ? __pfx_binderfs_fill_super+0x10/0x10
[ 59.529062][ T6430] ? shrinker_register+0x1a8/0x260
[ 59.529087][ T6430] ? sget_fc+0x808/0xc20
[ 59.529113][ T6430] ? __pfx_set_anon_super_fc+0x10/0x10
[ 59.529137][ T6430] ? __pfx_binderfs_fill_super+0x10/0x10
[ 59.529158][ T6430] get_tree_nodev+0xda/0x190
[ 59.529184][ T6430] vfs_get_tree+0x8b/0x340
[ 59.529206][ T6430] path_mount+0x14e6/0x1f10
[ 59.529225][ T6430] ? kmem_cache_free+0x2e2/0x4d0
[ 59.529241][ T6430] ? __pfx_path_mount+0x10/0x10
[ 59.529261][ T6430] ? putname+0x13c/0x180
[ 59.529282][ T6430] __x64_sys_mount+0x28f/0x310
[ 59.529302][ T6430] ? __pfx___x64_sys_mount+0x10/0x10
[ 59.529324][ T6430] do_syscall_64+0xcd/0x250
[ 59.529346][ T6430] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.529371][ T6430] RIP: 0033:0x7f273438e54a
[ 59.529390][ T6430] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 59.529411][ T6430] RSP: 002b:00007fffbdf5d2e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 59.529428][ T6430] RAX: ffffffffffffffda RBX: 00007f273440e663 RCX: 00007f273438e54a
[ 59.529441][ T6430] RDX: 00007f273441dda7 RSI: 00007f273440e663 RDI: 00007f273441dda7
[ 59.529453][ T6430] RBP: 00007f273440e8ac R08: 0000000000000000 R09: 00000000000001ff
[ 59.529464][ T6430] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f27343eb1a8
[ 59.529476][ T6430] R13: 00007f27343eb180 R14: 0000000000000009 R15: 0000000000000000
[ 59.529492][ T6430]
[ 59.529498][ T6430]
[ 59.757043][ T6430] Allocated by task 5818:
[ 59.761380][ T6430] kasan_save_stack+0x33/0x60
[ 59.766067][ T6430] kasan_save_track+0x14/0x30
[ 59.770750][ T6430] __kasan_kmalloc+0xaa/0xb0
[ 59.775350][ T6430] binderfs_binder_device_create.isra.0+0x17a/0xb70
[ 59.781954][ T6430] binderfs_fill_super+0x8d6/0x1360
[ 59.787170][ T6430] get_tree_nodev+0xda/0x190
[ 59.791777][ T6430] vfs_get_tree+0x8b/0x340
[ 59.796192][ T6430] path_mount+0x14e6/0x1f10
[ 59.800689][ T6430] __x64_sys_mount+0x28f/0x310
[ 59.805454][ T6430] do_syscall_64+0xcd/0x250
[ 59.809960][ T6430] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.815867][ T6430]
[ 59.818181][ T6430] Freed by task 5818:
[ 59.822139][ T6430] kasan_save_stack+0x33/0x60
[ 59.826803][ T6430] kasan_save_track+0x14/0x30
[ 59.831462][ T6430] kasan_save_free_info+0x3b/0x60
[ 59.836481][ T6430] __kasan_slab_free+0x51/0x70
[ 59.841228][ T6430] kfree+0x2c4/0x4d0
[ 59.845119][ T6430] binderfs_evict_inode+0x1e0/0x250
[ 59.850304][ T6430] evict+0x409/0x960
[ 59.854191][ T6430] iput+0x52a/0x890
[ 59.857990][ T6430] dentry_unlink_inode+0x29c/0x480
[ 59.863089][ T6430] __dentry_kill+0x1d0/0x600
[ 59.867666][ T6430] shrink_dentry_list+0x140/0x5d0
[ 59.872691][ T6430] shrink_dcache_parent+0xe2/0x530
[ 59.877801][ T6430] shrink_dcache_for_umount+0xa1/0x3e0
[ 59.883257][ T6430] generic_shutdown_super+0x6c/0x390
[ 59.888539][ T6430] kill_litter_super+0x70/0xa0
[ 59.893293][ T6430] binderfs_kill_super+0x3b/0xa0
[ 59.898236][ T6430] deactivate_locked_super+0xbe/0x1a0
[ 59.903596][ T6430] deactivate_super+0xde/0x100
[ 59.908348][ T6430] cleanup_mnt+0x222/0x450
[ 59.912756][ T6430] task_work_run+0x14e/0x250
[ 59.917340][ T6430] do_exit+0xad8/0x2d70
[ 59.921566][ T6430] do_group_exit+0xd3/0x2a0
[ 59.926052][ T6430] get_signal+0x24ed/0x26c0
[ 59.930545][ T6430] arch_do_signal_or_restart+0x90/0x7e0
[ 59.936077][ T6430] syscall_exit_to_user_mode+0x150/0x2a0
[ 59.941696][ T6430] do_syscall_64+0xda/0x250
[ 59.946185][ T6430] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 59.952068][ T6430]
[ 59.954376][ T6430] The buggy address belongs to the object at ffff888021352000
[ 59.954376][ T6430] which belongs to the cache kmalloc-512 of size 512
[ 59.968412][ T6430] The buggy address is located 8 bytes inside of
[ 59.968412][ T6430] freed 512-byte region [ffff888021352000, ffff888021352200)
[ 59.982020][ T6430]
[ 59.984359][ T6430] The buggy address belongs to the physical page:
[ 59.990759][ T6430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21350
[ 59.999496][ T6430] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 60.007975][ T6430] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 60.015940][ T6430] page_type: f5(slab)
[ 60.019903][ T6430] raw: 00fff00000000040 ffff88801b041c80 0000000000000000 dead000000000001
[ 60.028482][ T6430] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 60.037229][ T6430] head: 00fff00000000040 ffff88801b041c80 0000000000000000 dead000000000001
[ 60.045890][ T6430] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 60.054557][ T6430] head: 00fff00000000002 ffffea000084d401 ffffffffffffffff 0000000000000000
[ 60.063208][ T6430] head: ffff888000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 60.071867][ T6430] page dumped because: kasan: bad access detected
[ 60.078284][ T6430] page_owner tracks the page as allocated
[ 60.084027][ T6430] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5194, tgid 5194 (udevadm), ts 17651763271, free_ts 17197321915
[ 60.104953][ T6430] post_alloc_hook+0x181/0x1b0
[ 60.109809][ T6430] get_page_from_freelist+0xfce/0x2f80
[ 60.115250][ T6430] __alloc_frozen_pages_noprof+0x221/0x2470
[ 60.121126][ T6430] alloc_pages_mpol+0x1fc/0x540
[ 60.125960][ T6430] new_slab+0x23d/0x330
[ 60.130110][ T6430] ___slab_alloc+0xc5d/0x1720
[ 60.134776][ T6430] __slab_alloc.constprop.0+0x56/0xb0
[ 60.140140][ T6430] __kmalloc_cache_noprof+0xfa/0x410
[ 60.145415][ T6430] kernfs_fop_open+0x28b/0xdb0
[ 60.150187][ T6430] do_dentry_open+0x735/0x1c40
[ 60.154955][ T6430] vfs_open+0x82/0x3f0
[ 60.159018][ T6430] path_openat+0x1e88/0x2d80
[ 60.163589][ T6430] do_filp_open+0x20c/0x470
[ 60.168095][ T6430] do_sys_openat2+0x17a/0x1e0
[ 60.172774][ T6430] __x64_sys_openat+0x175/0x210
[ 60.177613][ T6430] do_syscall_64+0xcd/0x250
[ 60.182120][ T6430] page last free pid 5194 tgid 5194 stack trace:
[ 60.188425][ T6430] free_frozen_pages+0x6db/0xfb0
[ 60.193347][ T6430] __put_partials+0x14c/0x170
[ 60.198013][ T6430] qlist_free_all+0x4e/0x120
[ 60.202595][ T6430] kasan_quarantine_reduce+0x195/0x1e0
[ 60.208132][ T6430] __kasan_slab_alloc+0x69/0x90
[ 60.212983][ T6430] kmem_cache_alloc_noprof+0x226/0x3d0
[ 60.218435][ T6430] getname_flags.part.0+0x4c/0x550
[ 60.223549][ T6430] getname+0x8d/0xe0
[ 60.227440][ T6430] do_sys_openat2+0x104/0x1e0
[ 60.232112][ T6430] __x64_sys_openat+0x175/0x210
[ 60.236968][ T6430] do_syscall_64+0xcd/0x250
[ 60.241468][ T6430] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.247361][ T6430]
[ 60.249671][ T6430] Memory state around the buggy address:
[ 60.255287][ T6430] ffff888021351f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 60.263335][ T6430] ffff888021351f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 60.271392][ T6430] >ffff888021352000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.279429][ T6430] ^
[ 60.283735][ T6430] ffff888021352080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.291782][ T6430] ffff888021352100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.299841][ T6430] ==================================================================
[ 60.307894][ C0] vkms_vblank_simulate: vblank timer overrun
[ 60.366906][ T6430] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 60.374122][ T6430] CPU: 0 UID: 0 PID: 6430 Comm: syz-executor Not tainted 6.13.0-syzkaller-09030-g6d61a53dd6f5 #0
[ 60.384625][ T6430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 60.394693][ T6430] Call Trace:
[ 60.397976][ T6430]
[ 60.400914][ T6430] dump_stack_lvl+0x3d/0x1f0
[ 60.405552][ T6430] panic+0x71d/0x800
[ 60.409452][ T6430] ? __pfx_panic+0x10/0x10
[ 60.413873][ T6430] ? irqentry_exit+0x3b/0x90
[ 60.418469][ T6430] ? lockdep_hardirqs_on+0x7c/0x110
[ 60.423679][ T6430] ? preempt_schedule_thunk+0x1a/0x30
[ 60.429065][ T6430] ? preempt_schedule_common+0x44/0xc0
[ 60.434531][ T6430] ? check_panic_on_warn+0x1f/0xb0
[ 60.439649][ T6430] check_panic_on_warn+0xab/0xb0
[ 60.444602][ T6430] end_report+0x117/0x180
[ 60.448944][ T6430] kasan_report+0xe9/0x110
[ 60.453373][ T6430] ? binder_add_device+0xa4/0xb0
[ 60.458320][ T6430] ? binder_add_device+0xa4/0xb0
[ 60.463266][ T6430] binder_add_device+0xa4/0xb0
[ 60.468037][ T6430] binderfs_binder_device_create.isra.0+0x95f/0xb70
[ 60.474639][ T6430] binderfs_fill_super+0x8d6/0x1360
[ 60.479852][ T6430] ? __pfx_binderfs_fill_super+0x10/0x10
[ 60.485509][ T6430] ? shrinker_register+0x1a8/0x260
[ 60.490635][ T6430] ? sget_fc+0x808/0xc20
[ 60.494889][ T6430] ? __pfx_set_anon_super_fc+0x10/0x10
[ 60.500362][ T6430] ? __pfx_binderfs_fill_super+0x10/0x10
[ 60.506262][ T6430] get_tree_nodev+0xda/0x190
[ 60.510865][ T6430] vfs_get_tree+0x8b/0x340
[ 60.515292][ T6430] path_mount+0x14e6/0x1f10
[ 60.519800][ T6430] ? kmem_cache_free+0x2e2/0x4d0
[ 60.524745][ T6430] ? __pfx_path_mount+0x10/0x10
[ 60.529604][ T6430] ? putname+0x13c/0x180
[ 60.533855][ T6430] __x64_sys_mount+0x28f/0x310
[ 60.538628][ T6430] ? __pfx___x64_sys_mount+0x10/0x10
[ 60.543927][ T6430] do_syscall_64+0xcd/0x250
[ 60.548451][ T6430] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.554361][ T6430] RIP: 0033:0x7f273438e54a
[ 60.558780][ T6430] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 60.578744][ T6430] RSP: 002b:00007fffbdf5d2e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 60.587166][ T6430] RAX: ffffffffffffffda RBX: 00007f273440e663 RCX: 00007f273438e54a
[ 60.595147][ T6430] RDX: 00007f273441dda7 RSI: 00007f273440e663 RDI: 00007f273441dda7
[ 60.603127][ T6430] RBP: 00007f273440e8ac R08: 0000000000000000 R09: 00000000000001ff
[ 60.611105][ T6430] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f27343eb1a8
[ 60.619081][ T6430] R13: 00007f27343eb180 R14: 0000000000000009 R15: 0000000000000000
[ 60.627061][ T6430]
[ 60.630304][ T6430] Kernel Offset: disabled
[ 60.634631][ T6430] Rebooting in 86400 seconds..