KASAN: slab-use-after-free Write in binder_add_device

==================================================================
BUG: KASAN: slab-use-after-free in hlist_add_head include/linux/list.h:1026 [inline]
BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0 drivers/android/binder.c:6932
Write of size 8 at addr ffff88810621e408 by task syz-executor/5962

CPU: 2 UID: 0 PID: 5962 Comm: syz-executor Not tainted 6.14.0-rc3-syzkaller-g2408a807bfc3 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:489
 kasan_report+0xd9/0x110 mm/kasan/report.c:602
 hlist_add_head include/linux/list.h:1026 [inline]
 binder_add_device+0xa4/0xb0 drivers/android/binder.c:6932
 binderfs_binder_device_create.isra.0+0x95f/0xb70 drivers/android/binderfs.c:210
 binderfs_fill_super+0x8d6/0x1360 drivers/android/binderfs.c:729
 vfs_get_super fs/super.c:1280 [inline]
 get_tree_nodev+0xda/0x190 fs/super.c:1299
 vfs_get_tree+0x8b/0x340 fs/super.c:1814
 do_new_mount fs/namespace.c:3560 [inline]
 path_mount+0x14e6/0x1f10 fs/namespace.c:3887
 do_mount fs/namespace.c:3900 [inline]
 __do_sys_mount fs/namespace.c:4111 [inline]
 __se_sys_mount fs/namespace.c:4088 [inline]
 __x64_sys_mount+0x28f/0x310 fs/namespace.c:4088
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f649337ffba
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcc0cdbe98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f64933f1b21 RCX: 00007f649337ffba
RDX: 00007f64933fcf8a RSI: 00007f64933f1b21 RDI: 00007f64933fcf8a
RBP: 00007ffcc0cdbf10 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc0cdbf10
R13: 00007ffcc0cdbf18 R14: 0000000000000009 R15: 0000000000000000
 </TASK>

Allocated by task 5954:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 binderfs_binder_device_create.isra.0+0x17a/0xb70 drivers/android/binderfs.c:147
 binderfs_fill_super+0x8d6/0x1360 drivers/android/binderfs.c:729
 vfs_get_super fs/super.c:1280 [inline]
 get_tree_nodev+0xda/0x190 fs/super.c:1299
 vfs_get_tree+0x8b/0x340 fs/super.c:1814
 do_new_mount fs/namespace.c:3560 [inline]
 path_mount+0x14e6/0x1f10 fs/namespace.c:3887
 do_mount fs/namespace.c:3900 [inline]
 __do_sys_mount fs/namespace.c:4111 [inline]
 __se_sys_mount fs/namespace.c:4088 [inline]
 __x64_sys_mount+0x28f/0x310 fs/namespace.c:4088
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 5954:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2353 [inline]
 slab_free mm/slub.c:4609 [inline]
 kfree+0x2c4/0x4d0 mm/slub.c:4757
 binderfs_evict_inode+0x1e0/0x250 drivers/android/binderfs.c:278
 evict+0x409/0x960 fs/inode.c:796
 iput_final fs/inode.c:1946 [inline]
 iput fs/inode.c:1972 [inline]
 iput+0x52a/0x890 fs/inode.c:1958
 dentry_unlink_inode+0x29c/0x480 fs/dcache.c:440
 __dentry_kill+0x1d0/0x600 fs/dcache.c:643
 shrink_kill fs/dcache.c:1088 [inline]
 shrink_dentry_list+0x140/0x5d0 fs/dcache.c:1115
 shrink_dcache_parent+0xe2/0x530 fs/dcache.c:1549
 do_one_tree fs/dcache.c:1578 [inline]
 shrink_dcache_for_umount+0xa1/0x3e0 fs/dcache.c:1595
 generic_shutdown_super+0x6c/0x390 fs/super.c:620
 kill_anon_super fs/super.c:1237 [inline]
 kill_litter_super+0x70/0xa0 fs/super.c:1247
 binderfs_kill_super+0x3b/0xa0 drivers/android/binderfs.c:791
 deactivate_locked_super+0xbe/0x1a0 fs/super.c:473
 deactivate_super+0xde/0x100 fs/super.c:506
 cleanup_mnt+0x222/0x450 fs/namespace.c:1413
 task_work_run+0x14e/0x250 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xad8/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 get_signal+0x24ed/0x26c0 kernel/signal.c:3036
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff88810621e400
 which belongs to the cache kmalloc-512 of size 512
The buggy address is located 8 bytes inside of
 freed 512-byte region [ffff88810621e400, ffff88810621e600)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10621c
head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 057ff00000000040 ffff88801b042c80 dead000000000100 dead000000000122
raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 057ff00000000040 ffff88801b042c80 dead000000000100 dead000000000122
head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 057ff00000000002 ffffea0004188701 ffffffffffffffff 0000000000000000
head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 7516100367, free_ts 0
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x181/0x1b0 mm/page_alloc.c:1551
 prep_new_page mm/page_alloc.c:1559 [inline]
 get_page_from_freelist+0xfce/0x2f80 mm/page_alloc.c:3477
 __alloc_frozen_pages_noprof+0x221/0x2470 mm/page_alloc.c:4739
 alloc_pages_mpol+0x1fc/0x540 mm/mempolicy.c:2270
 alloc_slab_page mm/slub.c:2423 [inline]
 allocate_slab mm/slub.c:2587 [inline]
 new_slab+0x23d/0x330 mm/slub.c:2640
 ___slab_alloc+0xc5d/0x1720 mm/slub.c:3826
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3916
 __slab_alloc_node mm/slub.c:3991 [inline]
 slab_alloc_node mm/slub.c:4152 [inline]
 __kmalloc_cache_noprof+0xfa/0x410 mm/slub.c:4320
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 device_private_init drivers/base/core.c:3510 [inline]
 device_add+0xccf/0x1a70 drivers/base/core.c:3561
 platform_device_add+0x316/0x810 drivers/base/platform.c:716
 serial8250_init+0x112/0x1e0 drivers/tty/serial/8250/8250_platform.c:325
 do_one_initcall+0x128/0x700 init/main.c:1257
 do_initcall_level init/main.c:1319 [inline]
 do_initcalls init/main.c:1335 [inline]
 do_basic_setup init/main.c:1354 [inline]
 kernel_init_freeable+0x5c7/0x900 init/main.c:1568
 kernel_init+0x1c/0x2b0 init/main.c:1457
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
page_owner free stack trace missing

Memory state around the buggy address:
 ffff88810621e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88810621e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88810621e400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                      ^
 ffff88810621e480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88810621e500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================


[   37.909286][   T39] audit: type=1400 audit(1739898530.185:82): avc:  denied  { siginh } for  pid=5851 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   38.906323][   T39] audit: type=1400 audit(1739898531.205:83): avc:  denied  { read } for  pid=5334 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   38.913837][   T39] audit: type=1400 audit(1739898531.205:84): avc:  denied  { append } for  pid=5334 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   38.922643][   T39] audit: type=1400 audit(1739898531.205:85): avc:  denied  { open } for  pid=5334 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   38.933599][   T39] audit: type=1400 audit(1739898531.205:86): avc:  denied  { getattr } for  pid=5334 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
Warning: Permanently added '[localhost]:3422' (ED25519) to the list of known hosts.
[   44.078024][   T39] audit: type=1400 audit(1739898536.375:87): avc:  denied  { execute } for  pid=5936 comm="sh" name="syz-execprog" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[   44.084221][   T39] audit: type=1400 audit(1739898536.375:88): avc:  denied  { execute_no_trans } for  pid=5936 comm="sh" path="/syz-execprog" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
2025/02/18 17:08:56 ignoring optional flag "sandboxArg"="0"
[   44.439804][   T39] audit: type=1400 audit(1739898536.735:89): avc:  denied  { write } for  pid=5936 comm="syz-execprog" path="pipe:[7274]" dev="pipefs" ino=7274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
2025/02/18 17:08:57 parsed 1 programs
[   44.833522][   T39] audit: type=1400 audit(1739898537.135:90): avc:  denied  { node_bind } for  pid=5936 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   46.651662][ T5945] cgroup: Unknown subsys name 'net'
[   46.652559][   T39] audit: type=1400 audit(1739898538.945:91): avc:  denied  { mounton } for  pid=5945 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   46.661725][   T39] audit: type=1400 audit(1739898538.945:92): avc:  denied  { mount } for  pid=5945 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   46.669867][   T39] audit: type=1400 audit(1739898538.955:93): avc:  denied  { unmount } for  pid=5945 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   46.856228][ T5945] cgroup: Unknown subsys name 'cpuset'
[   46.859389][ T5945] cgroup: Unknown subsys name 'rlimit'
[   47.006817][   T39] audit: type=1400 audit(1739898539.305:94): avc:  denied  { setattr } for  pid=5945 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   47.015446][   T39] audit: type=1400 audit(1739898539.305:95): avc:  denied  { create } for  pid=5945 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   47.023106][   T39] audit: type=1400 audit(1739898539.305:96): avc:  denied  { write } for  pid=5945 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   47.048519][ T5950] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   47.734207][ T5945] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   49.636294][   T39] kauditd_printk_skb: 8 callbacks suppressed
[   49.636330][   T39] audit: type=1400 audit(1739898541.935:105): avc:  denied  { execmem } for  pid=5953 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   49.745158][   T39] audit: type=1400 audit(1739898542.045:106): avc:  denied  { read } for  pid=5954 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   49.750757][   T39] audit: type=1400 audit(1739898542.045:107): avc:  denied  { open } for  pid=5954 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   49.757215][   T39] audit: type=1400 audit(1739898542.045:108): avc:  denied  { mounton } for  pid=5954 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   49.797751][   T39] audit: type=1400 audit(1739898542.095:109): avc:  denied  { mount } for  pid=5954 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   49.804568][   T39] audit: type=1400 audit(1739898542.095:110): avc:  denied  { mounton } for  pid=5954 comm="syz-executor" path="/syzkaller.wgguFu/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   49.810909][   T39] audit: type=1400 audit(1739898542.095:111): avc:  denied  { mount } for  pid=5954 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   49.816846][   T39] audit: type=1400 audit(1739898542.105:112): avc:  denied  { mounton } for  pid=5954 comm="syz-executor" path="/syzkaller.wgguFu/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   49.823922][   T39] audit: type=1400 audit(1739898542.105:113): avc:  denied  { mounton } for  pid=5954 comm="syz-executor" path="/syzkaller.wgguFu/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=5768 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   49.832175][   T39] audit: type=1400 audit(1739898542.105:114): avc:  denied  { unmount } for  pid=5954 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   49.841978][ T5954] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   50.044683][ T5962] ==================================================================
[   50.047467][ T5962] BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0
[   50.050081][ T5962] Write of size 8 at addr ffff88810621e408 by task syz-executor/5962
[   50.054513][ T5962] 
[   50.055400][ T5962] CPU: 2 UID: 0 PID: 5962 Comm: syz-executor Not tainted 6.14.0-rc3-syzkaller-g2408a807bfc3 #0
[   50.055418][ T5962] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   50.055428][ T5962] Call Trace:
[   50.055491][ T5962]  <TASK>
[   50.055498][ T5962]  dump_stack_lvl+0x116/0x1f0
[   50.055518][ T5962]  print_report+0xc3/0x620
[   50.055534][ T5962]  ? __virt_addr_valid+0x5e/0x590
[   50.055549][ T5962]  ? __phys_addr+0xc6/0x150
[   50.055562][ T5962]  kasan_report+0xd9/0x110
[   50.055577][ T5962]  ? binder_add_device+0xa4/0xb0
[   50.055593][ T5962]  ? binder_add_device+0xa4/0xb0
[   50.055609][ T5962]  binder_add_device+0xa4/0xb0
[   50.055623][ T5962]  binderfs_binder_device_create.isra.0+0x95f/0xb70
[   50.055645][ T5962]  binderfs_fill_super+0x8d6/0x1360
[   50.055663][ T5962]  ? __pfx_binderfs_fill_super+0x10/0x10
[   50.055686][ T5962]  ? shrinker_register+0x1a8/0x260
[   50.055707][ T5962]  ? sget_fc+0x808/0xc20
[   50.055748][ T5962]  ? __pfx_set_anon_super_fc+0x10/0x10
[   50.055767][ T5962]  ? __pfx_binderfs_fill_super+0x10/0x10
[   50.055783][ T5962]  get_tree_nodev+0xda/0x190
[   50.055808][ T5962]  vfs_get_tree+0x8b/0x340
[   50.055825][ T5962]  path_mount+0x14e6/0x1f10
[   50.055841][ T5962]  ? kmem_cache_free+0x2e2/0x4d0
[   50.055854][ T5962]  ? __pfx_path_mount+0x10/0x10
[   50.055869][ T5962]  ? putname+0x13c/0x180
[   50.055885][ T5962]  __x64_sys_mount+0x28f/0x310
[   50.055900][ T5962]  ? __pfx___x64_sys_mount+0x10/0x10
[   50.055915][ T5962]  ? do_user_addr_fault+0x83d/0x13f0
[   50.055935][ T5962]  do_syscall_64+0xcd/0x250
[   50.055952][ T5962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.055972][ T5962] RIP: 0033:0x7f649337ffba
[   50.055984][ T5962] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.055997][ T5962] RSP: 002b:00007ffcc0cdbe98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   50.056013][ T5962] RAX: ffffffffffffffda RBX: 00007f64933f1b21 RCX: 00007f649337ffba
[   50.056022][ T5962] RDX: 00007f64933fcf8a RSI: 00007f64933f1b21 RDI: 00007f64933fcf8a
[   50.056031][ T5962] RBP: 00007ffcc0cdbf10 R08: 0000000000000000 R09: 0000000000000000
[   50.056040][ T5962] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc0cdbf10
[   50.056048][ T5962] R13: 00007ffcc0cdbf18 R14: 0000000000000009 R15: 0000000000000000
[   50.056060][ T5962]  </TASK>
[   50.056065][ T5962] 
[   50.122734][ T5962] Allocated by task 5954:
[   50.123969][ T5962]  kasan_save_stack+0x33/0x60
[   50.125332][ T5962]  kasan_save_track+0x14/0x30
[   50.126684][ T5962]  __kasan_kmalloc+0xaa/0xb0
[   50.128026][ T5962]  binderfs_binder_device_create.isra.0+0x17a/0xb70
[   50.130006][ T5962]  binderfs_fill_super+0x8d6/0x1360
[   50.131451][ T5962]  get_tree_nodev+0xda/0x190
[   50.132747][ T5962]  vfs_get_tree+0x8b/0x340
[   50.133994][ T5962]  path_mount+0x14e6/0x1f10
[   50.135258][ T5962]  __x64_sys_mount+0x28f/0x310
[   50.136637][ T5962]  do_syscall_64+0xcd/0x250
[   50.137935][ T5962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.139569][ T5962] 
[   50.140259][ T5962] Freed by task 5954:
[   50.141371][ T5962]  kasan_save_stack+0x33/0x60
[   50.142682][ T5962]  kasan_save_track+0x14/0x30
[   50.144023][ T5962]  kasan_save_free_info+0x3b/0x60
[   50.145422][ T5962]  __kasan_slab_free+0x51/0x70
[   50.146791][ T5962]  kfree+0x2c4/0x4d0
[   50.148003][ T5962]  binderfs_evict_inode+0x1e0/0x250
[   50.149442][ T5962]  evict+0x409/0x960
[   50.150545][ T5962]  iput+0x52a/0x890
[   50.151633][ T5962]  dentry_unlink_inode+0x29c/0x480
[   50.153071][ T5962]  __dentry_kill+0x1d0/0x600
[   50.154364][ T5962]  shrink_dentry_list+0x140/0x5d0
[   50.155816][ T5962]  shrink_dcache_parent+0xe2/0x530
[   50.157243][ T5962]  shrink_dcache_for_umount+0xa1/0x3e0
[   50.158752][ T5962]  generic_shutdown_super+0x6c/0x390
[   50.160218][ T5962]  kill_litter_super+0x70/0xa0
[   50.161550][ T5962]  binderfs_kill_super+0x3b/0xa0
[   50.162900][ T5962]  deactivate_locked_super+0xbe/0x1a0
[   50.164396][ T5962]  deactivate_super+0xde/0x100
[   50.165769][ T5962]  cleanup_mnt+0x222/0x450
[   50.167057][ T5962]  task_work_run+0x14e/0x250
[   50.168391][ T5962]  do_exit+0xad8/0x2d70
[   50.169554][ T5962]  do_group_exit+0xd3/0x2a0
[   50.170824][ T5962]  get_signal+0x24ed/0x26c0
[   50.172108][ T5962]  arch_do_signal_or_restart+0x90/0x7e0
[   50.173630][ T5962]  syscall_exit_to_user_mode+0x150/0x2a0
[   50.175179][ T5962]  do_syscall_64+0xda/0x250
[   50.176499][ T5962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.178157][ T5962] 
[   50.178835][ T5962] The buggy address belongs to the object at ffff88810621e400
[   50.178835][ T5962]  which belongs to the cache kmalloc-512 of size 512
[   50.182783][ T5962] The buggy address is located 8 bytes inside of
[   50.182783][ T5962]  freed 512-byte region [ffff88810621e400, ffff88810621e600)
[   50.186542][ T5962] 
[   50.187250][ T5962] The buggy address belongs to the physical page:
[   50.189096][ T5962] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10621c
[   50.191500][ T5962] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   50.193805][ T5962] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[   50.195939][ T5962] page_type: f5(slab)
[   50.197062][ T5962] raw: 057ff00000000040 ffff88801b042c80 dead000000000100 dead000000000122
[   50.199458][ T5962] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   50.201843][ T5962] head: 057ff00000000040 ffff88801b042c80 dead000000000100 dead000000000122
[   50.204685][ T5962] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   50.207643][ T5962] head: 057ff00000000002 ffffea0004188701 ffffffffffffffff 0000000000000000
[   50.210030][ T5962] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   50.212469][ T5962] page dumped because: kasan: bad access detected
[   50.214234][ T5962] page_owner tracks the page as allocated
[   50.215851][ T5962] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 7516100367, free_ts 0
[   50.223032][ T5962]  post_alloc_hook+0x181/0x1b0
[   50.224853][ T5962]  get_page_from_freelist+0xfce/0x2f80
[   50.226830][ T5962]  __alloc_frozen_pages_noprof+0x221/0x2470
[   50.228997][ T5962]  alloc_pages_mpol+0x1fc/0x540
[   50.230778][ T5962]  new_slab+0x23d/0x330
[   50.232275][ T5962]  ___slab_alloc+0xc5d/0x1720
[   50.233958][ T5962]  __slab_alloc.constprop.0+0x56/0xb0
[   50.235954][ T5962]  __kmalloc_cache_noprof+0xfa/0x410
[   50.237839][ T5962]  device_add+0xccf/0x1a70
[   50.239471][ T5962]  platform_device_add+0x316/0x810
[   50.241393][ T5962]  serial8250_init+0x112/0x1e0
[   50.243075][ T5962]  do_one_initcall+0x128/0x700
[   50.244778][ T5962]  kernel_init_freeable+0x5c7/0x900
[   50.246650][ T5962]  kernel_init+0x1c/0x2b0
[   50.248278][ T5962]  ret_from_fork+0x45/0x80
[   50.249581][ T5962]  ret_from_fork_asm+0x1a/0x30
[   50.251140][ T5962] page_owner free stack trace missing
[   50.252759][ T5962] 
[   50.253433][ T5962] Memory state around the buggy address:
[   50.255333][ T5962]  ffff88810621e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   50.257772][ T5962]  ffff88810621e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   50.260746][ T5962] >ffff88810621e400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.263649][ T5962]                       ^
[   50.265272][ T5962]  ffff88810621e480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.268196][ T5962]  ffff88810621e500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   50.271180][ T5962] ==================================================================
[   50.275660][ T5962] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   50.278673][ T5962] CPU: 0 UID: 0 PID: 5962 Comm: syz-executor Not tainted 6.14.0-rc3-syzkaller-g2408a807bfc3 #0
[   50.281991][ T5962] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   50.286228][ T5962] Call Trace:
[   50.287308][ T5962]  <TASK>
[   50.288329][ T5962]  dump_stack_lvl+0x3d/0x1f0
[   50.289630][ T5962]  panic+0x71d/0x800
[   50.290816][ T5962]  ? __pfx_panic+0x10/0x10
[   50.292184][ T5962]  ? irqentry_exit+0x3b/0x90
[   50.293958][ T5962]  ? lockdep_hardirqs_on+0x7c/0x110
[   50.296723][ T5962]  ? preempt_schedule_thunk+0x1a/0x30
[   50.299123][ T5962]  ? preempt_schedule_common+0x44/0xc0
[   50.301406][ T5962]  ? check_panic_on_warn+0x1f/0xb0
[   50.303832][ T5962]  check_panic_on_warn+0xab/0xb0
[   50.306135][ T5962]  end_report+0x117/0x180
[   50.307921][ T5962]  kasan_report+0xe9/0x110
[   50.309183][ T5962]  ? binder_add_device+0xa4/0xb0
[   50.310568][ T5962]  ? binder_add_device+0xa4/0xb0
[   50.312220][ T5962]  binder_add_device+0xa4/0xb0
[   50.314008][ T5962]  binderfs_binder_device_create.isra.0+0x95f/0xb70
[   50.316551][ T5962]  binderfs_fill_super+0x8d6/0x1360
[   50.318543][ T5962]  ? __pfx_binderfs_fill_super+0x10/0x10
[   50.320239][ T5962]  ? shrinker_register+0x1a8/0x260
[   50.321893][ T5962]  ? sget_fc+0x808/0xc20
[   50.323653][ T5962]  ? __pfx_set_anon_super_fc+0x10/0x10
[   50.325820][ T5962]  ? __pfx_binderfs_fill_super+0x10/0x10
[   50.327458][ T5962]  get_tree_nodev+0xda/0x190
[   50.328794][ T5962]  vfs_get_tree+0x8b/0x340
[   50.330055][ T5962]  path_mount+0x14e6/0x1f10
[   50.331413][ T5962]  ? kmem_cache_free+0x2e2/0x4d0
[   50.332864][ T5962]  ? __pfx_path_mount+0x10/0x10
[   50.334226][ T5962]  ? putname+0x13c/0x180
[   50.335414][ T5962]  __x64_sys_mount+0x28f/0x310
[   50.336823][ T5962]  ? __pfx___x64_sys_mount+0x10/0x10
[   50.338295][ T5962]  ? do_user_addr_fault+0x83d/0x13f0
[   50.339773][ T5962]  do_syscall_64+0xcd/0x250
[   50.341048][ T5962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.343310][ T5962] RIP: 0033:0x7f649337ffba
[   50.345077][ T5962] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.350661][ T5962] RSP: 002b:00007ffcc0cdbe98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   50.353025][ T5962] RAX: ffffffffffffffda RBX: 00007f64933f1b21 RCX: 00007f649337ffba
[   50.355347][ T5962] RDX: 00007f64933fcf8a RSI: 00007f64933f1b21 RDI: 00007f64933fcf8a
[   50.357582][ T5962] RBP: 00007ffcc0cdbf10 R08: 0000000000000000 R09: 0000000000000000
[   50.359767][ T5962] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc0cdbf10
[   50.362246][ T5962] R13: 00007ffcc0cdbf18 R14: 0000000000000009 R15: 0000000000000000
[   50.365279][ T5962]  </TASK>
[   50.367014][ T5962] Kernel Offset: disabled
[   50.368237][ T5962] Rebooting in 86400 seconds..

VM DIAGNOSIS:
17:09:02  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000099657 RBX=0000000000000000 RCX=ffffffff8b4e4469 RDX=0000000000000000
RSI=ffffffff8b6ceca0 RDI=ffffffff8bd26900 RBP=fffffbfff1bd2ee8 RSP=ffffffff8de07e20
R8 =0000000000000001 R9 =ffffed100d4c6f85 R10=ffff88806a637c2b R11=0000000000000000
R12=0000000000000000 R13=ffffffff8de97740 R14=ffffffff90614b10 R15=0000000000000000
RIP=ffffffff8b4e584f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f6c21d062d8 CR3=000000000df80000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000c0fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2cc94062c8
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000300000007 0000000200000011
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000005ffffffff 0000000400000008
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2cc950cd00
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000039343935 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000006f666e6975 70632f636f72702f 0000000000000009 0000555000000001
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000073656c7564 6f6d2f636f72702f 000000010000000f 0000555500000001
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6572636573040020 000000004a4ea2de 000000000000003a 0000706e00000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6163707367040028 000000004a55bf6f 000000000000003b 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000004a8e00b4 000000000000f95c 000000000000003c 7878363000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000004af987bd 000000000000fbd3 000000000000003f
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6c696b6600000000 000000004ace8136 0000000000010b04 000000000000003e
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 766e626900000000 000000004aa3cbf5 000000000000f5cc 000063720000003d
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 69636d6300000000 000000004a8e00b4 000000000000f95c 000000000000003c
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6361396666666666 6666660a302e7965 6b5f5f2062203032 3239346361396666
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3061323934636139 6666666666666666 0a312e79656b5f5f 2062203036323934
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5f5f206220306532 3934636139666666 66666666660a302e 79656b5f5f206220
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 660a342e79656b5f 5f20622030343664 3463613966666666 666666660a332e79
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6666666666660a35 2e79656b5f5f2062 2030383664346361 3966666666666666
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 69645f746f6f725f 736667756265645f 7273682062203063 3664346361396666
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 646e61685f766564 6d336c2062203030 3764346361396666 6666666666660a72
info registers vcpu 1

CPU#1
RAX=0000000000058bed RBX=0000000000000001 RCX=ffffffff8b4e4469 RDX=0000000000000000
RSI=ffffffff8b6ceca0 RDI=ffffffff8bd26900 RBP=ffffed10039df910 RSP=ffffc90000187e08
R8 =0000000000000001 R9 =ffffed100d4e6f85 R10=ffff88806a737c2b R11=0000000000000001
R12=0000000000000001 R13=ffff88801cefc880 R14=ffffffff90614b10 R15=0000000000000000
RIP=ffffffff8b4e584f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffcab5010d8 CR3=000000000df80000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5dad6c155dad6c15 5dad6c155dad6c15
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 eed9c478eed9c478 eed9c478eed9c478
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 99cfc61e99cfc61e 99cfc61e99cfc61e
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 9340ead49340ead4 9340ead49340ead4
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3e86a2ad0222df5f 6d9b4d5c35e9d453
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 824762645a0d3c61 ff337aa0c6e13828
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8c12cca76fe6f57e 21b328ab097258a7
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 93985a5572ca4d31 af2ac17c9e562fe6
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 346d5a130ce7a1e9 f171edd8d9a96cad
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 885bd63e221eefee dfcaaf976545db66
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 fcb5aef015710ddd 2c1c191e6d5e6d24
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e5c52c8bf10b704 21ea69f73cb1f0b2
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 d9f34038d9f34038 d9f34038d9f34038
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f55b5ea6f55b5ea 6f55b5ea6f55b5ea
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 eaf023c9eaf023c9 eaf023c9eaf023c9
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff85373f15 RDI=ffffffff9ab4fa00 RBP=ffffffff9ab4f9c0 RSP=ffffc9000429f510
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3630313838387257
R12=0000000000000000 R13=0000000000000020 R14=ffffffff9ab4f9c0 R15=0000000000000000
RIP=ffffffff85373f3f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055557cdf9500 ffffffff 00c00000
GS =0000 ffff88806a800000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f6493307980 CR3=00000000272b0000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000ffe00000 Opmask01=000000000000000f Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3030352036373538 3430312034323031
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3432303120303035 2036373538343031
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6e616d006574756f 7262003432303120 3030352036373538 3430312034323031
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4b4448004051504a 5747001117151405 151510051312101d 1115140511171514
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000033bd9 RBX=0000000000000003 RCX=ffffffff8b4e4469 RDX=0000000000000000
RSI=ffffffff8b6ceca0 RDI=ffffffff8bd26900 RBP=ffffed1003ad2488 RSP=ffffc900001a7e08
R8 =0000000000000001 R9 =ffffed100d526f85 R10=ffff88806a937c2b R11=0000000000000000
R12=0000000000000003 R13=ffff88801d692440 R14=ffffffff90614b10 R15=0000000000000000
RIP=ffffffff8b4e584f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a900000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffcc0cdbda8 CR3=0000000031e76000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000080000010 Opmask01=0000000000001d1f Opmask02=00000000ff001fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000006f20 74276e6163003a23
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00002f6e69622f3a 6e776f6474756873
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffff0f0e0d0c0b0a 0908070605040302
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000006f20 74276e6163003a23
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6362696c5f5f0045 5441564952505f43
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5f766e6f63675f5f 0000000000000000 000000706d74752f 6e75722f7261762f
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 706d742f73666d61 7220746f6e207369 206d657473797365 6c696620746f6f72
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00656c6966207261 6c75676572206120 746f6e2073692027 7325270074696e69
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000


syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1571425482=/tmp/go-build -gno-record-gcc-switches'

git status (err=<nil>)
HEAD detached at 68da6d951a
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=68da6d951a345757b69b764ceb8dda1e9d65b038 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241122-101921'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"68da6d951a345757b69b764ceb8dda1e9d65b038\"
/usr/bin/ld: /tmp/ccItnQ6l.o: in function `test_cover_filter()':
executor.cc:(.text+0x142db): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/ccItnQ6l.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking