last executing test programs:
397.885175ms ago: executing program 0 (id=150):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer', 0x800, 0x0)
340.422222ms ago: executing program 0 (id=153):
rename(&(0x7f0000000000), &(0x7f0000000000))
335.181965ms ago: executing program 0 (id=160):
syz_init_net_socket$bt_cmtp(0x1f, 0x3, 0x5)
273.373012ms ago: executing program 4 (id=169):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ashmem', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ashmem', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ashmem', 0x800, 0x0)
224.118346ms ago: executing program 5 (id=174):
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
223.815822ms ago: executing program 4 (id=176):
syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$vbi(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$vbi(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$vbi(&(0x7f0000000100), 0x0, 0x800)
214.49875ms ago: executing program 1 (id=177):
mlockall(0x0)
214.11537ms ago: executing program 2 (id=178):
io_getevents(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0)
201.934999ms ago: executing program 3 (id=179):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bifrost', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bifrost', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bifrost', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bifrost', 0x800, 0x0)
160.495194ms ago: executing program 5 (id=180):
setrlimit(0x0, &(0x7f0000000000))
160.329418ms ago: executing program 2 (id=181):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0)
160.168687ms ago: executing program 1 (id=182):
inotify_init()
160.110895ms ago: executing program 3 (id=183):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse', 0x2, 0x0)
159.986721ms ago: executing program 5 (id=184):
socket$caif_stream(0x25, 0x1, 0x0)
150.344906ms ago: executing program 1 (id=185):
rt_sigtimedwait(&(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0)
132.595798ms ago: executing program 3 (id=186):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log', 0x0, 0x0)
132.473998ms ago: executing program 4 (id=187):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self', 0x800, 0x0)
83.333415ms ago: executing program 2 (id=188):
syz_open_dev$dricontrol(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$dricontrol(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$dricontrol(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$dricontrol(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$dricontrol(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$dricontrol(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$dricontrol(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$dricontrol(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$dricontrol(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$dricontrol(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$dricontrol(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$dricontrol(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$dricontrol(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$dricontrol(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$dricontrol(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$dricontrol(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$dricontrol(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$dricontrol(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$dricontrol(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$dricontrol(&(0x7f0000000500), 0x4, 0x800)
83.232447ms ago: executing program 1 (id=189):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng', 0x800, 0x0)
82.952991ms ago: executing program 5 (id=190):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs', 0x800, 0x0)
82.791265ms ago: executing program 4 (id=191):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/cipso', 0x2, 0x0)
82.698737ms ago: executing program 0 (id=192):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock', 0x800, 0x0)
82.632657ms ago: executing program 3 (id=193):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vndbinder', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vndbinder', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vndbinder', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vndbinder', 0x800, 0x0)
82.482794ms ago: executing program 5 (id=194):
exit(0x0)
46.023728ms ago: executing program 4 (id=195):
getrandom(&(0x7f0000000000), 0x0, 0x0)
45.786749ms ago: executing program 2 (id=196):
sched_getaffinity(0x0, 0x0, &(0x7f0000000000))
45.706868ms ago: executing program 1 (id=197):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status', 0x0, 0x0)
45.639275ms ago: executing program 3 (id=198):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/iommu', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/iommu', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/iommu', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/iommu', 0x800, 0x0)
45.580687ms ago: executing program 0 (id=199):
fchmodat(0xffffffffffffffff, &(0x7f0000000000), 0x0)
45.50431ms ago: executing program 2 (id=200):
socket$inet_mptcp(0x2, 0x1, 0x106)
496.211µs ago: executing program 1 (id=201):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_threshold', 0x2, 0x0)
297.03µs ago: executing program 5 (id=202):
socket$inet_icmp(0x2, 0x2, 0x1)
212.609µs ago: executing program 4 (id=203):
symlink(&(0x7f0000000000), &(0x7f0000000000))
135.387µs ago: executing program 3 (id=204):
request_key(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0)
44.155µs ago: executing program 0 (id=205):
socket$rds(0x15, 0x5, 0x0)
0s ago: executing program 2 (id=206):
splice(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.1.184' (ED25519) to the list of known hosts.
[ 66.136195][ T5811] cgroup: Unknown subsys name 'net'
[ 66.274741][ T5811] cgroup: Unknown subsys name 'cpuset'
[ 66.283267][ T5811] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 67.683943][ T5811] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 70.899163][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[ 70.910506][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.772597][ T6046] ==================================================================
[ 71.780967][ T6046] BUG: KASAN: slab-use-after-free in binder_add_device+0x5f/0xa0
[ 71.788712][ T6046] Write of size 8 at addr ffff88803400f408 by task syz-executor/6046
[ 71.796789][ T6046]
[ 71.799125][ T6046] CPU: 0 UID: 0 PID: 6046 Comm: syz-executor Not tainted 6.13.0-syzkaller-09338-g05dbaf8dd8bf #0
[ 71.799152][ T6046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 71.799167][ T6046] Call Trace:
[ 71.799176][ T6046]
[ 71.799185][ T6046] dump_stack_lvl+0x241/0x360
[ 71.799220][ T6046] ? __pfx_dump_stack_lvl+0x10/0x10
[ 71.799246][ T6046] ? __pfx__printk+0x10/0x10
[ 71.799287][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.799326][ T6046] ? _printk+0xd5/0x120
[ 71.799364][ T6046] ? __virt_addr_valid+0x183/0x530
[ 71.799402][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.799449][ T6046] print_report+0x169/0x550
[ 71.799490][ T6046] ? __virt_addr_valid+0x183/0x530
[ 71.799527][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.799564][ T6046] ? __virt_addr_valid+0x45f/0x530
[ 71.799600][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.799638][ T6046] ? __phys_addr+0xba/0x170
[ 71.799675][ T6046] ? binder_add_device+0x5f/0xa0
[ 71.799706][ T6046] kasan_report+0x143/0x180
[ 71.799746][ T6046] ? binder_add_device+0x5f/0xa0
[ 71.799780][ T6046] binder_add_device+0x5f/0xa0
[ 71.799811][ T6046] binderfs_binder_device_create+0x7bf/0x9c0
[ 71.799846][ T6046] binderfs_fill_super+0x944/0xd90
[ 71.799880][ T6046] ? __pfx_binderfs_fill_super+0x10/0x10
[ 71.799923][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.799961][ T6046] ? shrinker_register+0x160/0x230
[ 71.799993][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.800031][ T6046] ? sget_fc+0x909/0x9c0
[ 71.800063][ T6046] ? __pfx_set_anon_super_fc+0x10/0x10
[ 71.800096][ T6046] ? __pfx_binderfs_fill_super+0x10/0x10
[ 71.800125][ T6046] get_tree_nodev+0xb9/0x140
[ 71.800159][ T6046] vfs_get_tree+0x92/0x2b0
[ 71.800195][ T6046] do_new_mount+0x2be/0xb40
[ 71.800220][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.800260][ T6046] ? __pfx_do_new_mount+0x10/0x10
[ 71.800290][ T6046] __se_sys_mount+0x2d6/0x3c0
[ 71.800315][ T6046] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 71.800352][ T6046] ? __pfx___se_sys_mount+0x10/0x10
[ 71.800378][ T6046] ? exc_page_fault+0x590/0x8b0
[ 71.800408][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.800456][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 71.800494][ T6046] ? __x64_sys_mount+0x20/0xc0
[ 71.800520][ T6046] do_syscall_64+0xf3/0x230
[ 71.800558][ T6046] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.800591][ T6046] RIP: 0033:0x7f5c4bf8e54a
[ 71.800611][ T6046] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 71.800630][ T6046] RSP: 002b:00007ffde97f3e88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 71.800655][ T6046] RAX: ffffffffffffffda RBX: 00007f5c4c00e663 RCX: 00007f5c4bf8e54a
[ 71.800673][ T6046] RDX: 00007f5c4c01dda7 RSI: 00007f5c4c00e663 RDI: 00007f5c4c01dda7
[ 71.800690][ T6046] RBP: 00007ffde97f3f00 R08: 0000000000000000 R09: 0000000000000000
[ 71.800706][ T6046] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffde97f3f00
[ 71.800722][ T6046] R13: 00007ffde97f3f08 R14: 0000000000000009 R15: 0000000000000000
[ 71.800747][ T6046]
[ 71.800757][ T6046]
[ 72.109035][ T6046] Allocated by task 5822:
[ 72.113360][ T6046] kasan_save_track+0x3f/0x80
[ 72.118053][ T6046] __kasan_kmalloc+0x98/0xb0
[ 72.122649][ T6046] __kmalloc_cache_noprof+0x243/0x390
[ 72.128021][ T6046] binderfs_binder_device_create+0x16c/0x9c0
[ 72.134009][ T6046] binderfs_fill_super+0x944/0xd90
[ 72.139122][ T6046] get_tree_nodev+0xb9/0x140
[ 72.143720][ T6046] vfs_get_tree+0x92/0x2b0
[ 72.148144][ T6046] do_new_mount+0x2be/0xb40
[ 72.152732][ T6046] __se_sys_mount+0x2d6/0x3c0
[ 72.157869][ T6046] do_syscall_64+0xf3/0x230
[ 72.162384][ T6046] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.168491][ T6046]
[ 72.170807][ T6046] Freed by task 5822:
[ 72.174777][ T6046] kasan_save_track+0x3f/0x80
[ 72.179466][ T6046] kasan_save_free_info+0x40/0x50
[ 72.184520][ T6046] __kasan_slab_free+0x59/0x70
[ 72.189472][ T6046] kfree+0x196/0x430
[ 72.193365][ T6046] evict+0x4ea/0x9a0
[ 72.197282][ T6046] __dentry_kill+0x20d/0x630
[ 72.201872][ T6046] shrink_kill+0xa9/0x2c0
[ 72.206205][ T6046] shrink_dentry_list+0x2c0/0x5b0
[ 72.211230][ T6046] shrink_dcache_parent+0xcb/0x3b0
[ 72.216348][ T6046] do_one_tree+0x23/0xe0
[ 72.220592][ T6046] shrink_dcache_for_umount+0xb4/0x180
[ 72.226054][ T6046] generic_shutdown_super+0x6a/0x2d0
[ 72.231342][ T6046] kill_litter_super+0x76/0xb0
[ 72.236115][ T6046] binderfs_kill_super+0x44/0x90
[ 72.241057][ T6046] deactivate_locked_super+0xc6/0x130
[ 72.246430][ T6046] cleanup_mnt+0x41f/0x4b0
[ 72.250851][ T6046] task_work_run+0x251/0x310
[ 72.255460][ T6046] do_exit+0xa2a/0x28e0
[ 72.259617][ T6046] do_group_exit+0x207/0x2c0
[ 72.264213][ T6046] get_signal+0x16b2/0x1750
[ 72.268714][ T6046] arch_do_signal_or_restart+0x96/0x860
[ 72.274264][ T6046] syscall_exit_to_user_mode+0xce/0x340
[ 72.279846][ T6046] do_syscall_64+0x100/0x230
[ 72.284453][ T6046] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.290364][ T6046]
[ 72.292683][ T6046] The buggy address belongs to the object at ffff88803400f400
[ 72.292683][ T6046] which belongs to the cache kmalloc-512 of size 512
[ 72.306730][ T6046] The buggy address is located 8 bytes inside of
[ 72.306730][ T6046] freed 512-byte region [ffff88803400f400, ffff88803400f600)
[ 72.320352][ T6046]
[ 72.322674][ T6046] The buggy address belongs to the physical page:
[ 72.329162][ T6046] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3400c
[ 72.337919][ T6046] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 72.346412][ T6046] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 72.353955][ T6046] page_type: f5(slab)
[ 72.357933][ T6046] raw: 00fff00000000040 ffff88801ac41c80 dead000000000100 dead000000000122
[ 72.366513][ T6046] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 72.375098][ T6046] head: 00fff00000000040 ffff88801ac41c80 dead000000000100 dead000000000122
[ 72.383769][ T6046] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 72.392437][ T6046] head: 00fff00000000002 ffffea0000d00301 ffffffffffffffff 0000000000000000
[ 72.401113][ T6046] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 72.409771][ T6046] page dumped because: kasan: bad access detected
[ 72.416176][ T6046] page_owner tracks the page as allocated
[ 72.421879][ T6046] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5207, tgid 5207 (udevd), ts 29205681627, free_ts 29198098744
[ 72.442847][ T6046] post_alloc_hook+0x1f4/0x240
[ 72.447620][ T6046] get_page_from_freelist+0x365c/0x37a0
[ 72.453176][ T6046] __alloc_frozen_pages_noprof+0x292/0x710
[ 72.458992][ T6046] alloc_pages_mpol+0x311/0x660
[ 72.463840][ T6046] allocate_slab+0x8f/0x3a0
[ 72.468350][ T6046] ___slab_alloc+0xc27/0x14a0
[ 72.473032][ T6046] __slab_alloc+0x58/0xa0
[ 72.477362][ T6046] __kmalloc_cache_noprof+0x27b/0x390
[ 72.482737][ T6046] kernfs_fop_open+0x3e0/0xd10
[ 72.487503][ T6046] do_dentry_open+0xdee/0x1960
[ 72.492266][ T6046] vfs_open+0x3b/0x370
[ 72.496332][ T6046] path_openat+0x2c74/0x3580
[ 72.500926][ T6046] do_filp_open+0x27f/0x4e0
[ 72.505432][ T6046] do_sys_openat2+0x13e/0x1d0
[ 72.510113][ T6046] __x64_sys_openat+0x247/0x2a0
[ 72.514961][ T6046] do_syscall_64+0xf3/0x230
[ 72.519559][ T6046] page last free pid 5201 tgid 5201 stack trace:
[ 72.525961][ T6046] free_frozen_pages+0xe0d/0x10e0
[ 72.530996][ T6046] __slab_free+0x2c2/0x380
[ 72.535418][ T6046] qlist_free_all+0x9a/0x140
[ 72.540034][ T6046] kasan_quarantine_reduce+0x14f/0x170
[ 72.545505][ T6046] __kasan_slab_alloc+0x23/0x80
[ 72.550371][ T6046] kmem_cache_alloc_noprof+0x1d9/0x380
[ 72.555831][ T6046] getname_flags+0xb7/0x540
[ 72.560334][ T6046] do_sys_openat2+0xd2/0x1d0
[ 72.564927][ T6046] __x64_sys_openat+0x247/0x2a0
[ 72.569775][ T6046] do_syscall_64+0xf3/0x230
[ 72.574291][ T6046] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.580198][ T6046]
[ 72.582514][ T6046] Memory state around the buggy address:
[ 72.588137][ T6046] ffff88803400f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 72.596208][ T6046] ffff88803400f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 72.604267][ T6046] >ffff88803400f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.612320][ T6046] ^
[ 72.616636][ T6046] ffff88803400f480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.624689][ T6046] ffff88803400f500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.632742][ T6046] ==================================================================
[ 72.640891][ C0] vkms_vblank_simulate: vblank timer overrun
[ 72.680685][ T6046] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 72.688001][ T6046] CPU: 0 UID: 0 PID: 6046 Comm: syz-executor Not tainted 6.13.0-syzkaller-09338-g05dbaf8dd8bf #0
[ 72.698545][ T6046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 72.708871][ T6046] Call Trace:
[ 72.712158][ T6046]
[ 72.715099][ T6046] dump_stack_lvl+0x241/0x360
[ 72.719795][ T6046] ? __pfx_dump_stack_lvl+0x10/0x10
[ 72.725010][ T6046] ? __pfx__printk+0x10/0x10
[ 72.729625][ T6046] ? preempt_schedule+0xe1/0xf0
[ 72.734496][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 72.740159][ T6046] ? vscnprintf+0x5d/0x90
[ 72.744512][ T6046] panic+0x349/0x880
[ 72.748439][ T6046] ? check_panic_on_warn+0x21/0xb0
[ 72.753577][ T6046] ? __pfx_panic+0x10/0x10
[ 72.758019][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 72.763683][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 72.769345][ T6046] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 72.775349][ T6046] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 72.781699][ T6046] ? print_report+0x502/0x550
[ 72.786407][ T6046] check_panic_on_warn+0x86/0xb0
[ 72.791372][ T6046] ? binder_add_device+0x5f/0xa0
[ 72.796330][ T6046] end_report+0x77/0x160
[ 72.800604][ T6046] kasan_report+0x154/0x180
[ 72.805138][ T6046] ? binder_add_device+0x5f/0xa0
[ 72.810109][ T6046] binder_add_device+0x5f/0xa0
[ 72.814900][ T6046] binderfs_binder_device_create+0x7bf/0x9c0
[ 72.820905][ T6046] binderfs_fill_super+0x944/0xd90
[ 72.826041][ T6046] ? __pfx_binderfs_fill_super+0x10/0x10
[ 72.831704][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 72.837369][ T6046] ? shrinker_register+0x160/0x230
[ 72.842507][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 72.848171][ T6046] ? sget_fc+0x909/0x9c0
[ 72.852447][ T6046] ? __pfx_set_anon_super_fc+0x10/0x10
[ 72.857929][ T6046] ? __pfx_binderfs_fill_super+0x10/0x10
[ 72.863582][ T6046] get_tree_nodev+0xb9/0x140
[ 72.868207][ T6046] vfs_get_tree+0x92/0x2b0
[ 72.872656][ T6046] do_new_mount+0x2be/0xb40
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 72.877177][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 72.882855][ T6046] ? __pfx_do_new_mount+0x10/0x10
[ 72.887898][ T6046] __se_sys_mount+0x2d6/0x3c0
[ 72.892590][ T6046] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 72.898596][ T6046] ? __pfx___se_sys_mount+0x10/0x10
[ 72.903814][ T6046] ? exc_page_fault+0x590/0x8b0
[ 72.908682][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 72.914340][ T6046] ? srso_alias_return_thunk+0x5/0xfbef5
[ 72.920353][ T6046] ? __x64_sys_mount+0x20/0xc0
[ 72.925138][ T6046] do_syscall_64+0xf3/0x230
[ 72.929673][ T6046] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.935591][ T6046] RIP: 0033:0x7f5c4bf8e54a
[ 72.940021][ T6046] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 72.959902][ T6046] RSP: 002b:00007ffde97f3e88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 72.968337][ T6046] RAX: ffffffffffffffda RBX: 00007f5c4c00e663 RCX: 00007f5c4bf8e54a
[ 72.976322][ T6046] RDX: 00007f5c4c01dda7 RSI: 00007f5c4c00e663 RDI: 00007f5c4c01dda7
[ 72.984320][ T6046] RBP: 00007ffde97f3f00 R08: 0000000000000000 R09: 0000000000000000
[ 72.992318][ T6046] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffde97f3f00
[ 73.000306][ T6046] R13: 00007ffde97f3f08 R14: 0000000000000009 R15: 0000000000000000
[ 73.008297][ T6046]
[ 73.011555][ T6046] Kernel Offset: disabled
[ 73.015871][ T6046] Rebooting in 86400 seconds..