KASAN: slab-use-after-free Write in binder_add_device

==================================================================
BUG: KASAN: slab-use-after-free in hlist_add_head include/linux/list.h:1026 [inline]
BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0 drivers/android/binder.c:6932
Write of size 8 at addr ffff8880254d4008 by task syz-executor/5951

CPU: 0 UID: 0 PID: 5951 Comm: syz-executor Not tainted 6.14.0-rc4-syzkaller-gd082ecbc71e9-dirty #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:408 [inline]
 print_report+0xc3/0x670 mm/kasan/report.c:521
 kasan_report+0xd9/0x110 mm/kasan/report.c:634
 hlist_add_head include/linux/list.h:1026 [inline]
 binder_add_device+0xa4/0xb0 drivers/android/binder.c:6932
 binderfs_binder_device_create.isra.0+0x95f/0xb70 drivers/android/binderfs.c:210
 binderfs_fill_super+0x8d6/0x1360 drivers/android/binderfs.c:729
 vfs_get_super fs/super.c:1280 [inline]
 get_tree_nodev+0xda/0x190 fs/super.c:1299
 vfs_get_tree+0x8b/0x340 fs/super.c:1814
 do_new_mount fs/namespace.c:3560 [inline]
 path_mount+0x14e6/0x1f10 fs/namespace.c:3887
 do_mount fs/namespace.c:3900 [inline]
 __do_sys_mount fs/namespace.c:4111 [inline]
 __se_sys_mount fs/namespace.c:4088 [inline]
 __x64_sys_mount+0x28f/0x310 fs/namespace.c:4088
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6baa9874ba
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff7be437c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f6baaa01de3 RCX: 00007f6baa9874ba
RDX: 00007f6baaa0eb3f RSI: 00007f6baaa01de3 RDI: 00007f6baaa0eb3f
RBP: 00007f6baaa01fdb R08: 0000000000000000 R09: 00000000000001ff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6baa9e41c8
R13: 00007f6baa9e41a8 R14: 0000000000000009 R15: 0000000000000000
 </TASK>

Allocated by task 5946:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 binderfs_binder_device_create.isra.0+0x17a/0xb70 drivers/android/binderfs.c:147
 binderfs_fill_super+0x8d6/0x1360 drivers/android/binderfs.c:729
 vfs_get_super fs/super.c:1280 [inline]
 get_tree_nodev+0xda/0x190 fs/super.c:1299
 vfs_get_tree+0x8b/0x340 fs/super.c:1814
 do_new_mount fs/namespace.c:3560 [inline]
 path_mount+0x14e6/0x1f10 fs/namespace.c:3887
 do_mount fs/namespace.c:3900 [inline]
 __do_sys_mount fs/namespace.c:4111 [inline]
 __se_sys_mount fs/namespace.c:4088 [inline]
 __x64_sys_mount+0x28f/0x310 fs/namespace.c:4088
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 5946:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2353 [inline]
 slab_free mm/slub.c:4609 [inline]
 kfree+0x2c4/0x4d0 mm/slub.c:4757
 binderfs_evict_inode+0x1e0/0x250 drivers/android/binderfs.c:278
 evict+0x409/0x960 fs/inode.c:796
 iput_final fs/inode.c:1946 [inline]
 iput fs/inode.c:1972 [inline]
 iput+0x52a/0x890 fs/inode.c:1958
 dentry_unlink_inode+0x29c/0x480 fs/dcache.c:440
 __dentry_kill+0x1d0/0x600 fs/dcache.c:643
 shrink_kill fs/dcache.c:1088 [inline]
 shrink_dentry_list+0x140/0x5d0 fs/dcache.c:1115
 shrink_dcache_parent+0xe2/0x530 fs/dcache.c:1549
 do_one_tree fs/dcache.c:1578 [inline]
 shrink_dcache_for_umount+0xa1/0x3e0 fs/dcache.c:1595
 generic_shutdown_super+0x6c/0x390 fs/super.c:620
 kill_anon_super fs/super.c:1237 [inline]
 kill_litter_super+0x70/0xa0 fs/super.c:1247
 binderfs_kill_super+0x3b/0xa0 drivers/android/binderfs.c:791
 deactivate_locked_super+0xbe/0x1a0 fs/super.c:473
 deactivate_super+0xde/0x100 fs/super.c:506
 cleanup_mnt+0x222/0x450 fs/namespace.c:1413
 task_work_run+0x14e/0x250 kernel/task_work.c:227
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0xad8/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 get_signal+0x24ed/0x26c0 kernel/signal.c:3036
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff8880254d4000
 which belongs to the cache kmalloc-512 of size 512
The buggy address is located 8 bytes inside of
 freed 512-byte region [ffff8880254d4000, ffff8880254d4200)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x254d4
head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801b042c80 dead000000000100 dead000000000122
raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 00fff00000000040 ffff88801b042c80 dead000000000100 dead000000000122
head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 00fff00000000002 ffffea0000953501 ffffffffffffffff 0000000000000000
head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9, tgid 9 (kworker/0:1), ts 8687427830, free_ts 0
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x181/0x1b0 mm/page_alloc.c:1551
 prep_new_page mm/page_alloc.c:1559 [inline]
 get_page_from_freelist+0xfce/0x2f80 mm/page_alloc.c:3477
 __alloc_frozen_pages_noprof+0x221/0x2470 mm/page_alloc.c:4739
 alloc_pages_mpol+0x1fc/0x540 mm/mempolicy.c:2270
 alloc_slab_page mm/slub.c:2423 [inline]
 allocate_slab mm/slub.c:2587 [inline]
 new_slab+0x23d/0x330 mm/slub.c:2640
 ___slab_alloc+0xc5d/0x1720 mm/slub.c:3826
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3916
 __slab_alloc_node mm/slub.c:3991 [inline]
 slab_alloc_node mm/slub.c:4152 [inline]
 __kmalloc_cache_noprof+0xfa/0x410 mm/slub.c:4320
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 drm_atomic_helper_setup_commit+0x633/0x15e0 drivers/gpu/drm/drm_atomic_helper.c:2288
 drm_atomic_helper_commit+0xa9/0x380 drivers/gpu/drm/drm_atomic_helper.c:2023
 drm_atomic_commit+0x232/0x300 drivers/gpu/drm/drm_atomic.c:1518
 drm_atomic_helper_dirtyfb+0x5ff/0x790 drivers/gpu/drm/drm_damage_helper.c:181
 drm_fbdev_shmem_helper_fb_dirty+0x1c9/0x330 drivers/gpu/drm/drm_fbdev_shmem.c:117
 drm_fb_helper_fb_dirty drivers/gpu/drm/drm_fb_helper.c:376 [inline]
 drm_fb_helper_damage_work+0x285/0x5e0 drivers/gpu/drm/drm_fb_helper.c:399
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3317 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
page_owner free stack trace missing

Memory state around the buggy address:
 ffff8880254d3f00: fb fb fb fb fb fb fc fc fc fc fa fb fb fb fb fb
 ffff8880254d3f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8880254d4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                      ^
 ffff8880254d4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff8880254d4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================


[   43.241930][   T39] audit: type=1400 audit(1740408667.823:80): avc:  denied  { write } for  pid=5888 comm="sh" path="pipe:[6281]" dev="pipefs" ino=6281 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   43.250007][   T39] audit: type=1400 audit(1740408667.823:81): avc:  denied  { rlimitinh } for  pid=5888 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   43.255706][   T39] audit: type=1400 audit(1740408667.823:82): avc:  denied  { siginh } for  pid=5888 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   44.985862][   T39] audit: type=1400 audit(1740408669.583:83): avc:  denied  { read } for  pid=5332 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[   44.992142][   T39] audit: type=1400 audit(1740408669.583:84): avc:  denied  { append } for  pid=5332 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   44.999432][   T39] audit: type=1400 audit(1740408669.583:85): avc:  denied  { open } for  pid=5332 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   45.006876][   T39] audit: type=1400 audit(1740408669.583:86): avc:  denied  { getattr } for  pid=5332 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
Warning: Permanently added '[localhost]:37135' (ED25519) to the list of known hosts.
[   50.030449][   T39] audit: type=1400 audit(1740408674.623:87): avc:  denied  { execute } for  pid=5930 comm="sh" name="syz-execprog" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[   50.037586][   T39] audit: type=1400 audit(1740408674.623:88): avc:  denied  { execute_no_trans } for  pid=5930 comm="sh" path="/syz-execprog" dev="sda1" ino=1924 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[   50.476568][   T39] audit: type=1400 audit(1740408675.073:89): avc:  denied  { write } for  pid=5930 comm="syz-execprog" path="pipe:[6331]" dev="pipefs" ino=6331 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
2025/02/24 14:51:15 ignoring optional flag "sandboxArg"="0"
2025/02/24 14:51:15 parsed 1 programs
[   50.875855][   T39] audit: type=1400 audit(1740408675.473:90): avc:  denied  { node_bind } for  pid=5930 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   52.790507][   T39] audit: type=1400 audit(1740408677.383:91): avc:  denied  { mounton } for  pid=5937 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   52.793141][ T5937] cgroup: Unknown subsys name 'net'
[   52.797712][   T39] audit: type=1400 audit(1740408677.383:92): avc:  denied  { mount } for  pid=5937 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   52.805745][   T39] audit: type=1400 audit(1740408677.403:93): avc:  denied  { unmount } for  pid=5937 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   52.949270][ T5937] cgroup: Unknown subsys name 'cpuset'
[   52.952970][ T5937] cgroup: Unknown subsys name 'rlimit'
[   53.122060][   T39] audit: type=1400 audit(1740408677.713:94): avc:  denied  { setattr } for  pid=5937 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=849 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   53.130552][   T39] audit: type=1400 audit(1740408677.713:95): avc:  denied  { create } for  pid=5937 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   53.138176][   T39] audit: type=1400 audit(1740408677.713:96): avc:  denied  { write } for  pid=5937 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   53.161640][ T5941] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   53.788674][ T5937] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   55.723624][   T39] kauditd_printk_skb: 8 callbacks suppressed
[   55.723637][   T39] audit: type=1400 audit(1740408680.313:105): avc:  denied  { execmem } for  pid=5945 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   55.731731][   T39] audit: type=1400 audit(1740408680.323:106): avc:  denied  { create } for  pid=5945 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[   55.738119][   T39] audit: type=1400 audit(1740408680.323:107): avc:  denied  { sys_admin } for  pid=5945 comm="syz-executor" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[   55.743822][   T39] audit: type=1400 audit(1740408680.323:108): avc:  denied  { read } for  pid=5946 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   55.749947][   T39] audit: type=1400 audit(1740408680.323:109): avc:  denied  { open } for  pid=5946 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   55.757133][   T39] audit: type=1400 audit(1740408680.323:110): avc:  denied  { mounton } for  pid=5946 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   55.771627][   T39] audit: type=1400 audit(1740408680.363:111): avc:  denied  { mount } for  pid=5946 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   55.778272][   T39] audit: type=1400 audit(1740408680.363:112): avc:  denied  { mounton } for  pid=5946 comm="syz-executor" path="/syzkaller.Fk2PMq/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   55.785339][   T39] audit: type=1400 audit(1740408680.363:113): avc:  denied  { mount } for  pid=5946 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   55.791981][   T39] audit: type=1400 audit(1740408680.373:114): avc:  denied  { mounton } for  pid=5946 comm="syz-executor" path="/syzkaller.Fk2PMq/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   55.807700][ T5946] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   56.017389][ T5951] ==================================================================
[   56.020113][ T5951] BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0
[   56.023231][ T5951] Write of size 8 at addr ffff8880254d4008 by task syz-executor/5951
[   56.028127][ T5951] 
[   56.028945][ T5951] CPU: 0 UID: 0 PID: 5951 Comm: syz-executor Not tainted 6.14.0-rc4-syzkaller-gd082ecbc71e9-dirty #0
[   56.028958][ T5951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   56.028965][ T5951] Call Trace:
[   56.028990][ T5951]  <TASK>
[   56.028995][ T5951]  dump_stack_lvl+0x116/0x1f0
[   56.029016][ T5951]  print_report+0xc3/0x670
[   56.029028][ T5951]  ? __virt_addr_valid+0x5e/0x590
[   56.029039][ T5951]  ? __phys_addr+0xc6/0x150
[   56.029048][ T5951]  kasan_report+0xd9/0x110
[   56.029059][ T5951]  ? binder_add_device+0xa4/0xb0
[   56.029074][ T5951]  ? binder_add_device+0xa4/0xb0
[   56.029088][ T5951]  binder_add_device+0xa4/0xb0
[   56.029103][ T5951]  binderfs_binder_device_create.isra.0+0x95f/0xb70
[   56.029122][ T5951]  binderfs_fill_super+0x8d6/0x1360
[   56.029132][ T5951]  ? __pfx_binderfs_fill_super+0x10/0x10
[   56.029152][ T5951]  ? shrinker_register+0x1a8/0x260
[   56.029167][ T5951]  ? sget_fc+0x808/0xc20
[   56.029182][ T5951]  ? __pfx_set_anon_super_fc+0x10/0x10
[   56.029197][ T5951]  ? __pfx_binderfs_fill_super+0x10/0x10
[   56.029213][ T5951]  get_tree_nodev+0xda/0x190
[   56.029228][ T5951]  vfs_get_tree+0x8b/0x340
[   56.029241][ T5951]  path_mount+0x14e6/0x1f10
[   56.029252][ T5951]  ? kmem_cache_free+0x2e2/0x4d0
[   56.029262][ T5951]  ? __pfx_path_mount+0x10/0x10
[   56.029273][ T5951]  ? putname+0x13c/0x180
[   56.029285][ T5951]  __x64_sys_mount+0x28f/0x310
[   56.029296][ T5951]  ? __pfx___x64_sys_mount+0x10/0x10
[   56.029308][ T5951]  do_syscall_64+0xcd/0x250
[   56.029324][ T5951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.029340][ T5951] RIP: 0033:0x7f6baa9874ba
[   56.029348][ T5951] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   56.029358][ T5951] RSP: 002b:00007fff7be437c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   56.029388][ T5951] RAX: ffffffffffffffda RBX: 00007f6baaa01de3 RCX: 00007f6baa9874ba
[   56.029395][ T5951] RDX: 00007f6baaa0eb3f RSI: 00007f6baaa01de3 RDI: 00007f6baaa0eb3f
[   56.029401][ T5951] RBP: 00007f6baaa01fdb R08: 0000000000000000 R09: 00000000000001ff
[   56.029406][ T5951] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6baa9e41c8
[   56.029412][ T5951] R13: 00007f6baa9e41a8 R14: 0000000000000009 R15: 0000000000000000
[   56.029420][ T5951]  </TASK>
[   56.029424][ T5951] 
[   56.101347][ T5951] Allocated by task 5946:
[   56.102638][ T5951]  kasan_save_stack+0x33/0x60
[   56.104150][ T5951]  kasan_save_track+0x14/0x30
[   56.105641][ T5951]  __kasan_kmalloc+0xaa/0xb0
[   56.107063][ T5951]  binderfs_binder_device_create.isra.0+0x17a/0xb70
[   56.109082][ T5951]  binderfs_fill_super+0x8d6/0x1360
[   56.110642][ T5951]  get_tree_nodev+0xda/0x190
[   56.112049][ T5951]  vfs_get_tree+0x8b/0x340
[   56.113557][ T5951]  path_mount+0x14e6/0x1f10
[   56.114952][ T5951]  __x64_sys_mount+0x28f/0x310
[   56.116414][ T5951]  do_syscall_64+0xcd/0x250
[   56.117907][ T5951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.119660][ T5951] 
[   56.120404][ T5951] Freed by task 5946:
[   56.121628][ T5951]  kasan_save_stack+0x33/0x60
[   56.123066][ T5951]  kasan_save_track+0x14/0x30
[   56.124476][ T5951]  kasan_save_free_info+0x3b/0x60
[   56.126077][ T5951]  __kasan_slab_free+0x51/0x70
[   56.127503][ T5951]  kfree+0x2c4/0x4d0
[   56.128717][ T5951]  binderfs_evict_inode+0x1e0/0x250
[   56.130287][ T5951]  evict+0x409/0x960
[   56.131464][ T5951]  iput+0x52a/0x890
[   56.132643][ T5951]  dentry_unlink_inode+0x29c/0x480
[   56.134253][ T5951]  __dentry_kill+0x1d0/0x600
[   56.135674][ T5951]  shrink_dentry_list+0x140/0x5d0
[   56.137405][ T5951]  shrink_dcache_parent+0xe2/0x530
[   56.138951][ T5951]  shrink_dcache_for_umount+0xa1/0x3e0
[   56.140711][ T5951]  generic_shutdown_super+0x6c/0x390
[   56.142294][ T5951]  kill_litter_super+0x70/0xa0
[   56.143768][ T5951]  binderfs_kill_super+0x3b/0xa0
[   56.145351][ T5951]  deactivate_locked_super+0xbe/0x1a0
[   56.147086][ T5951]  deactivate_super+0xde/0x100
[   56.148593][ T5951]  cleanup_mnt+0x222/0x450
[   56.149938][ T5951]  task_work_run+0x14e/0x250
[   56.151817][ T5951]  do_exit+0xad8/0x2d70
[   56.153521][ T5951]  do_group_exit+0xd3/0x2a0
[   56.155336][ T5951]  get_signal+0x24ed/0x26c0
[   56.157013][ T5951]  arch_do_signal_or_restart+0x90/0x7e0
[   56.158678][ T5951]  syscall_exit_to_user_mode+0x150/0x2a0
[   56.160355][ T5951]  do_syscall_64+0xda/0x250
[   56.161737][ T5951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.163586][ T5951] 
[   56.164365][ T5951] The buggy address belongs to the object at ffff8880254d4000
[   56.164365][ T5951]  which belongs to the cache kmalloc-512 of size 512
[   56.169238][ T5951] The buggy address is located 8 bytes inside of
[   56.169238][ T5951]  freed 512-byte region [ffff8880254d4000, ffff8880254d4200)
[   56.174058][ T5951] 
[   56.174844][ T5951] The buggy address belongs to the physical page:
[   56.177473][ T5951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x254d4
[   56.180650][ T5951] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   56.183346][ T5951] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   56.185737][ T5951] page_type: f5(slab)
[   56.186941][ T5951] raw: 00fff00000000040 ffff88801b042c80 dead000000000100 dead000000000122
[   56.189471][ T5951] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   56.192607][ T5951] head: 00fff00000000040 ffff88801b042c80 dead000000000100 dead000000000122
[   56.196145][ T5951] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[   56.199462][ T5951] head: 00fff00000000002 ffffea0000953501 ffffffffffffffff 0000000000000000
[   56.202123][ T5951] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[   56.205141][ T5951] page dumped because: kasan: bad access detected
[   56.207126][ T5951] page_owner tracks the page as allocated
[   56.208915][ T5951] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9, tgid 9 (kworker/0:1), ts 8687427830, free_ts 0
[   56.216413][ T5951]  post_alloc_hook+0x181/0x1b0
[   56.218369][ T5951]  get_page_from_freelist+0xfce/0x2f80
[   56.220577][ T5951]  __alloc_frozen_pages_noprof+0x221/0x2470
[   56.222969][ T5951]  alloc_pages_mpol+0x1fc/0x540
[   56.224833][ T5951]  new_slab+0x23d/0x330
[   56.226133][ T5951]  ___slab_alloc+0xc5d/0x1720
[   56.227940][ T5951]  __slab_alloc.constprop.0+0x56/0xb0
[   56.230222][ T5951]  __kmalloc_cache_noprof+0xfa/0x410
[   56.232387][ T5951]  drm_atomic_helper_setup_commit+0x633/0x15e0
[   56.234878][ T5951]  drm_atomic_helper_commit+0xa9/0x380
[   56.237143][ T5951]  drm_atomic_commit+0x232/0x300
[   56.239038][ T5951]  drm_atomic_helper_dirtyfb+0x5ff/0x790
[   56.240668][ T5951]  drm_fbdev_shmem_helper_fb_dirty+0x1c9/0x330
[   56.242448][ T5951]  drm_fb_helper_damage_work+0x285/0x5e0
[   56.244203][ T5951]  process_one_work+0x9c5/0x1ba0
[   56.245661][ T5951]  worker_thread+0x6c8/0xf00
[   56.247010][ T5951] page_owner free stack trace missing
[   56.248582][ T5951] 
[   56.249292][ T5951] Memory state around the buggy address:
[   56.250916][ T5951]  ffff8880254d3f00: fb fb fb fb fb fb fc fc fc fc fa fb fb fb fb fb
[   56.253278][ T5951]  ffff8880254d3f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   56.255677][ T5951] >ffff8880254d4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.258012][ T5951]                       ^
[   56.259275][ T5951]  ffff8880254d4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.261601][ T5951]  ffff8880254d4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   56.264015][ T5951] ==================================================================
[   56.266808][ T5951] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   56.269488][ T5951] CPU: 1 UID: 0 PID: 5951 Comm: syz-executor Not tainted 6.14.0-rc4-syzkaller-gd082ecbc71e9-dirty #0
[   56.273456][ T5951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   56.277523][ T5951] Call Trace:
[   56.278788][ T5951]  <TASK>
[   56.279905][ T5951]  dump_stack_lvl+0x3d/0x1f0
[   56.281923][ T5951]  panic+0x71d/0x800
[   56.283407][ T5951]  ? __pfx_panic+0x10/0x10
[   56.285253][ T5951]  ? irqentry_exit+0x3b/0x90
[   56.287140][ T5951]  ? lockdep_hardirqs_on+0x7c/0x110
[   56.289117][ T5951]  ? preempt_schedule_thunk+0x1a/0x30
[   56.291128][ T5951]  ? preempt_schedule_common+0x44/0xc0
[   56.293373][ T5951]  ? check_panic_on_warn+0x1f/0xb0
[   56.295302][ T5951]  check_panic_on_warn+0xab/0xb0
[   56.297353][ T5951]  end_report+0x117/0x180
[   56.298993][ T5951]  kasan_report+0xe9/0x110
[   56.300781][ T5951]  ? binder_add_device+0xa4/0xb0
[   56.302855][ T5951]  ? binder_add_device+0xa4/0xb0
[   56.304929][ T5951]  binder_add_device+0xa4/0xb0
[   56.306733][ T5951]  binderfs_binder_device_create.isra.0+0x95f/0xb70
[   56.309233][ T5951]  binderfs_fill_super+0x8d6/0x1360
[   56.311206][ T5951]  ? __pfx_binderfs_fill_super+0x10/0x10
[   56.313322][ T5951]  ? shrinker_register+0x1a8/0x260
[   56.315344][ T5951]  ? sget_fc+0x808/0xc20
[   56.317221][ T5951]  ? __pfx_set_anon_super_fc+0x10/0x10
[   56.319331][ T5951]  ? __pfx_binderfs_fill_super+0x10/0x10
[   56.321441][ T5951]  get_tree_nodev+0xda/0x190
[   56.323436][ T5951]  vfs_get_tree+0x8b/0x340
[   56.325349][ T5951]  path_mount+0x14e6/0x1f10
[   56.327160][ T5951]  ? kmem_cache_free+0x2e2/0x4d0
[   56.329040][ T5951]  ? __pfx_path_mount+0x10/0x10
[   56.330894][ T5951]  ? putname+0x13c/0x180
[   56.332507][ T5951]  __x64_sys_mount+0x28f/0x310
[   56.334309][ T5951]  ? __pfx___x64_sys_mount+0x10/0x10
[   56.336314][ T5951]  do_syscall_64+0xcd/0x250
[   56.338255][ T5951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.340615][ T5951] RIP: 0033:0x7f6baa9874ba
[   56.342276][ T5951] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   56.349986][ T5951] RSP: 002b:00007fff7be437c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   56.353109][ T5951] RAX: ffffffffffffffda RBX: 00007f6baaa01de3 RCX: 00007f6baa9874ba
[   56.355805][ T5951] RDX: 00007f6baaa0eb3f RSI: 00007f6baaa01de3 RDI: 00007f6baaa0eb3f
[   56.359028][ T5951] RBP: 00007f6baaa01fdb R08: 0000000000000000 R09: 00000000000001ff
[   56.362003][ T5951] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6baa9e41c8
[   56.365034][ T5951] R13: 00007f6baa9e41a8 R14: 0000000000000009 R15: 0000000000000000
[   56.368235][ T5951]  </TASK>
[   56.370043][ T5951] Kernel Offset: disabled
[   56.371660][ T5951] Rebooting in 86400 seconds..

VM DIAGNOSIS:
14:51:20  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff854136f5 RDI=ffffffff9ab898c0 RBP=ffffffff9ab89880 RSP=ffffc90003ba7510
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3532303838387257
R12=0000000000000000 R13=0000000000000066 R14=ffffffff9ab89880 R15=0000000000000000
RIP=ffffffff8541371f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055557f5e8500 ffffffff 00c00000
GS =0000 ffff88806a600000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f6baa90f700 CR3=000000002ee10000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000eee0c0c0 Opmask01=000000000000000f Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff7be437e0 0000003000000010
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2029706d742d7a79 73287269646b6d00 706d742d7a79732f 2e00303030303031
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 050c554851085f5c 560d574c414e4800 554851085f5c560a 0b00151515151514
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 243b3c2d2c12332b 2d2a3a1b34672710 212c2038161d5f29 2364392e3c2b2129
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000362e325f5855 4e494c0054555054 554f5f454c49464f 52505f444c004b41
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0200362e04716a0a 161c02491855617a 3a3c712a3f2d3062 2a25312d20002e37
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 363f3e2f3e7f7f7f 3f3e3e7f3f776f7f 3b3c7b3b3f3d7f7b 6f777d7f7f7f6f7f
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 45425f434900414e 41445f444c005242 494c444449005f44 4c00574f4e5f444e
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000004644 4c0057444c004441
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=dffffc0000000000 RBX=ffff88801da8c880 RCX=1ffffffff20c4951 RDX=1ffff11003b51a69
RSI=0000000000000000 RDI=ffffffff8b6cefe0 RBP=ffffffffffffffff RSP=ffffc900006b0df0
R8 =0000000000000000 R9 =0000000000000001 R10=ffffffff90628e17 R11=0000000000000000
R12=0000000000000001 R13=ffff88806a73fc60 R14=ffffffff8e1c7980 R15=0000000000000000
RIP=ffffffff8b585d10 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a700000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000c00018d600 CR3=000000000df80000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffc0000 Opmask01=000000000000000f Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20303d766765735f 656c646e61683d53 4e4f4954504f5f4e 4153410063657865
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 162d2c203a5f1754 34203c2d37260d2d 3a28291b13000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d534e4f4954504f 5f4e415341006365 786500726f747563 6578652d7a79732f
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 243b3c2d2c12332b 2d2a3a1b34672710 212c2038161d5f29 2364392e3c2b2129
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000362e325f5855 4e494c0054555054 554f5f454c49464f 52505f444c004b41
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0200362e04716a0a 161c02491855617a 3a3c712a3f2d3062 2a25312d20002e37
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 363f3e2f3e7f7f7f 3f3e3e7f3f776f7f 3b3c7b3b3f3d7f7b 6f777d7f7f7f6f7f
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 45425f434900414e 41445f444c005242 494c444449005f44 4c00574f4e5f444e
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000004644 4c0057444c004441
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=00000000000425df RBX=0000000000000002 RCX=ffffffff8b585469 RDX=0000000000000000
RSI=ffffffff8b6ced20 RDI=ffffffff8bd36940 RBP=ffffed1003b54000 RSP=ffffc90000197e08
R8 =0000000000000001 R9 =ffffed100d506f85 R10=ffff88806a837c2b R11=0000000000000000
R12=0000000000000002 R13=ffff88801daa0000 R14=ffffffff90628e10 R15=0000000000000000
RIP=ffffffff8b58684f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a800000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fc6781f3870 CR3=000000000df80000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffc0000 Opmask01=000000000000000f Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 20303d766765735f 656c646e61683d53 4e4f4954504f5f4e 4153410063657865
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 162d2c203a5f1754 34203c2d37260d2d 3a28291b13000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d534e4f4954504f 5f4e415341006365 786500726f747563 6578652d7a79732f
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 243b3c2d2c12332b 2d2a3a1b34672710 212c2038161d5f29 2364392e3c2b2129
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000362e325f5855 4e494c0054555054 554f5f454c49464f 52505f444c004b41
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0200362e04716a0a 161c02491855617a 3a3c712a3f2d3062 2a25312d20002e37
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 363f3e2f3e7f7f7f 3f3e3e7f3f776f7f 3b3c7b3b3f3d7f7b 6f777d7f7f7f6f7f
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 45425f434900414e 41445f444c005242 494c444449005f44 4c00574f4e5f444e
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000004644 4c0057444c004441
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000033083 RBX=0000000000000003 RCX=ffffffff8b585469 RDX=0000000000000000
RSI=ffffffff8b6ced20 RDI=ffffffff8bd36940 RBP=ffffed1003b54488 RSP=ffffc900001a7e08
R8 =0000000000000001 R9 =ffffed100d526f85 R10=ffff88806a937c2b R11=0000000000000000
R12=0000000000000003 R13=ffff88801daa2440 R14=ffffffff90628e10 R15=0000000000000000
RIP=ffffffff8b58684f RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806a900000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f6baa94f150 CR3=000000003117c000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000004080 Opmask01=0000000000000000 Opmask02=000000000000ffdf Opmask03=0000000000000000
Opmask04=00000000ffffffff Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc87155dd0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000ff0000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000b1 0000000000000000 44455a494c414954 494e495f43455355
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f6f742079617272 6120656c75722079 7261726f706d6574 002a3f005b3f2a00
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4a4a51055c445757 440540495057055c 5744574a55484051 000f1a005b1a0f00
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 a975cc939d455b17 000000055fa1ebe3 00000000000003f1 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355 0000000000000021 0000000000007374
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4943213f395b2249 5a6e786b6e646b7e 59647a305f474f5b 647c79303a243a78
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 26483b3a3a264b3b 3a0a00307f617930 382433273f397b27 697a787c69303b7e
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020


syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build4153462404=/tmp/go-build -gno-record-gcc-switches'

git status (err=<nil>)
HEAD detached at 7cbfbb3ab4
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=7cbfbb3ab457b0a8ecf525a27a65a2078c5dcaa8 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241213-162906'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"7cbfbb3ab457b0a8ecf525a27a65a2078c5dcaa8\"
/usr/bin/ld: /tmp/ccA02fEm.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking