last executing test programs:
1.094634618s ago: executing program 0 (id=159):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttynull', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttynull', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttynull', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttynull', 0x800, 0x0)
851.829812ms ago: executing program 0 (id=161):
syz_open_dev$admmidi(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$admmidi(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$admmidi(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$admmidi(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$admmidi(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$admmidi(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$admmidi(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$admmidi(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$admmidi(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$admmidi(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$admmidi(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$admmidi(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$admmidi(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$admmidi(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$admmidi(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$admmidi(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$admmidi(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$admmidi(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$admmidi(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$admmidi(&(0x7f0000000500), 0x4, 0x800)
772.177397ms ago: executing program 1 (id=162):
io_pgetevents(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0)
629.075565ms ago: executing program 0 (id=163):
readv(0xffffffffffffffff, &(0x7f0000000000), 0x0)
628.716945ms ago: executing program 1 (id=164):
tkill(0x0, 0x0)
510.018002ms ago: executing program 0 (id=165):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/bluetooth/6lowpan_enable', 0x2, 0x0)
509.664021ms ago: executing program 1 (id=166):
timer_delete(0x0)
380.743609ms ago: executing program 0 (id=167):
renameat2(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0)
301.058173ms ago: executing program 1 (id=168):
uname(&(0x7f0000000000))
191.427789ms ago: executing program 0 (id=169):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/virtual_nci', 0x2, 0x0)
191.123589ms ago: executing program 1 (id=170):
sched_yield()
0s ago: executing program 1 (id=171):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/exec', 0x2, 0x0)
kernel console output (not intermixed with test programs):
Warning: Permanently added '[localhost]:44944' (ED25519) to the list of known hosts.
[ 128.107578][ T30] audit: type=1400 audit(127.880:58): avc: denied { name_bind } for pid=3295 comm="sshd" src=30005 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[ 128.398202][ T30] audit: type=1400 audit(128.170:59): avc: denied { execute } for pid=3297 comm="sh" name="syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[ 128.402729][ T30] audit: type=1400 audit(128.170:60): avc: denied { execute_no_trans } for pid=3297 comm="sh" path="/syz-executor" dev="vda" ino=1735 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[ 132.011223][ T30] audit: type=1400 audit(131.780:61): avc: denied { mounton } for pid=3297 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=1736 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 132.012350][ T30] audit: type=1400 audit(131.780:62): avc: denied { mount } for pid=3297 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 132.037273][ T3297] cgroup: Unknown subsys name 'net'
[ 132.057871][ T30] audit: type=1400 audit(131.830:63): avc: denied { unmount } for pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 132.502865][ T3297] cgroup: Unknown subsys name 'cpuset'
[ 132.532756][ T3297] cgroup: Unknown subsys name 'rlimit'
[ 132.875808][ T30] audit: type=1400 audit(132.650:64): avc: denied { setattr } for pid=3297 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 132.880089][ T30] audit: type=1400 audit(132.650:65): avc: denied { create } for pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 132.885415][ T30] audit: type=1400 audit(132.660:66): avc: denied { write } for pid=3297 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 132.891573][ T30] audit: type=1400 audit(132.660:67): avc: denied { module_request } for pid=3297 comm="syz-executor" kmod="net-pf-16-proto-16-family-nl802154" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 133.438740][ T3300] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 133.445568][ T30] kauditd_printk_skb: 3 callbacks suppressed
[ 133.445713][ T30] audit: type=1400 audit(133.220:71): avc: denied { relabelto } for pid=3300 comm="mkswap" name="swap-file" dev="vda" ino=1739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 133.455169][ T30] audit: type=1400 audit(133.230:72): avc: denied { write } for pid=3300 comm="mkswap" path="/swap-file" dev="vda" ino=1739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[ 133.543268][ T30] audit: type=1400 audit(133.320:73): avc: denied { read } for pid=3297 comm="syz-executor" name="swap-file" dev="vda" ino=1739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 133.547046][ T30] audit: type=1400 audit(133.320:74): avc: denied { open } for pid=3297 comm="syz-executor" path="/swap-file" dev="vda" ino=1739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 133.575626][ T3297] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 151.564324][ T30] audit: type=1400 audit(151.340:75): avc: denied { execmem } for pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 151.634696][ T30] audit: type=1400 audit(151.410:76): avc: denied { read } for pid=3303 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 151.639452][ T30] audit: type=1400 audit(151.410:77): avc: denied { open } for pid=3303 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 151.652347][ T30] audit: type=1400 audit(151.420:78): avc: denied { mounton } for pid=3303 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 152.253269][ T30] audit: type=1400 audit(152.030:79): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 152.260315][ T30] audit: type=1400 audit(152.030:80): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/syzkaller.uu9UFN/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 152.286702][ T30] audit: type=1400 audit(152.060:81): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 152.313882][ T30] audit: type=1400 audit(152.090:82): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/syzkaller.uu9UFN/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 152.330750][ T30] audit: type=1400 audit(152.090:83): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/syzkaller.uu9UFN/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=2604 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[ 152.338941][ T30] audit: type=1400 audit(152.110:84): avc: denied { unmount } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 156.693520][ T30] kauditd_printk_skb: 21 callbacks suppressed
[ 156.695689][ T30] audit: type=1400 audit(156.470:106): avc: denied { read } for pid=3353 comm="syz.1.45" name="rtc0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 156.699709][ T30] audit: type=1400 audit(156.470:107): avc: denied { open } for pid=3353 comm="syz.1.45" path="/dev/rtc0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 156.722173][ T30] audit: type=1400 audit(156.500:108): avc: denied { write } for pid=3353 comm="syz.1.45" name="rtc0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 156.929817][ T30] audit: type=1400 audit(156.700:109): avc: denied { create } for pid=3355 comm="syz.1.47" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 157.521504][ T30] audit: type=1400 audit(157.290:110): avc: denied { read } for pid=3363 comm="syz.0.53" name="card0" dev="devtmpfs" ino=617 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 157.525193][ T30] audit: type=1400 audit(157.300:111): avc: denied { open } for pid=3363 comm="syz.0.53" path="/dev/dri/card0" dev="devtmpfs" ino=617 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 157.539834][ T30] audit: type=1400 audit(157.310:112): avc: denied { write } for pid=3363 comm="syz.0.53" name="card0" dev="devtmpfs" ino=617 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 157.728610][ T30] audit: type=1400 audit(157.500:113): avc: denied { create } for pid=3366 comm="syz.0.56" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[ 157.774434][ T30] audit: type=1400 audit(157.550:114): avc: denied { read } for pid=3365 comm="syz.1.55" name="mice" dev="devtmpfs" ino=704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[ 157.778400][ T30] audit: type=1400 audit(157.550:115): avc: denied { open } for pid=3365 comm="syz.1.55" path="/dev/input/mice" dev="devtmpfs" ino=704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[ 163.106903][ T30] kauditd_printk_skb: 7 callbacks suppressed
[ 163.107523][ T30] audit: type=1400 audit(162.880:123): avc: denied { create } for pid=3427 comm="syz.1.115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 163.405412][ T30] audit: type=1400 audit(163.180:124): avc: denied { create } for pid=3430 comm="syz.0.117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 163.418377][ T3430] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 164.727829][ T30] audit: type=1400 audit(164.500:125): avc: denied { read } for pid=3444 comm="syz.0.130" name="snapshot" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 164.746087][ T30] audit: type=1400 audit(164.500:126): avc: denied { open } for pid=3444 comm="syz.0.130" path="/dev/snapshot" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 164.816541][ T30] audit: type=1400 audit(164.590:127): avc: denied { write } for pid=3444 comm="syz.0.130" name="snapshot" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 164.837677][ T30] audit: type=1400 audit(164.610:128): avc: denied { create } for pid=3445 comm="syz.1.131" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 166.616812][ T30] audit: type=1400 audit(166.390:129): avc: denied { write } for pid=3465 comm="syz.1.149" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[ 166.795215][ T30] audit: type=1400 audit(166.570:130): avc: denied { create } for pid=3467 comm="syz.0.150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 168.804392][ T3303] ==================================================================
[ 168.805667][ T3303] BUG: KASAN: slab-use-after-free in binderfs_evict_inode+0x2ac/0x2b4
[ 168.807158][ T3303] Write of size 8 at addr ffff00001866a408 by task syz-executor/3303
[ 168.807364][ T3303]
[ 168.808678][ T3303] CPU: 0 UID: 0 PID: 3303 Comm: syz-executor Not tainted 6.15.0-rc4-syzkaller-00296-ge8ab83e34bdc #0 PREEMPT
[ 168.809056][ T3303] Hardware name: linux,dummy-virt (DT)
[ 168.809588][ T3303] Call trace:
[ 168.809899][ T3303] show_stack+0x18/0x24 (C)
[ 168.810247][ T3303] dump_stack_lvl+0xa4/0xf4
[ 168.810398][ T3303] print_report+0xf4/0x60c
[ 168.810505][ T3303] kasan_report+0xc8/0x108
[ 168.810595][ T3303] __asan_report_store8_noabort+0x20/0x2c
[ 168.810686][ T3303] binderfs_evict_inode+0x2ac/0x2b4
[ 168.810763][ T3303] evict+0x2c0/0x67c
[ 168.810828][ T3303] iput+0x3b0/0x6b4
[ 168.810886][ T3303] dentry_unlink_inode+0x208/0x46c
[ 168.810952][ T3303] __dentry_kill+0x150/0x52c
[ 168.811016][ T3303] shrink_dentry_list+0x114/0x3a4
[ 168.811081][ T3303] shrink_dcache_parent+0x158/0x354
[ 168.811157][ T3303] shrink_dcache_for_umount+0x88/0x304
[ 168.811224][ T3303] generic_shutdown_super+0x60/0x2e8
[ 168.811294][ T3303] kill_litter_super+0x68/0xa4
[ 168.811362][ T3303] binderfs_kill_super+0x38/0x88
[ 168.811429][ T3303] deactivate_locked_super+0x98/0x17c
[ 168.811497][ T3303] deactivate_super+0xb0/0xd4
[ 168.811566][ T3303] cleanup_mnt+0x198/0x424
[ 168.811630][ T3303] __cleanup_mnt+0x14/0x20
[ 168.811695][ T3303] task_work_run+0x128/0x210
[ 168.811758][ T3303] do_exit+0x7ac/0x1f68
[ 168.811823][ T3303] do_group_exit+0xa4/0x208
[ 168.811885][ T3303] get_signal+0x1b00/0x1ba8
[ 168.811971][ T3303] do_signal+0x160/0x620
[ 168.812037][ T3303] do_notify_resume+0x18c/0x258
[ 168.812108][ T3303] el0_svc_compat+0xfc/0x17c
[ 168.812171][ T3303] el0t_32_sync_handler+0x98/0x13c
[ 168.812259][ T3303] el0t_32_sync+0x19c/0x1a0
[ 168.812591][ T3303]
[ 168.815474][ T3303] Allocated by task 3304:
[ 168.815865][ T3303] kasan_save_stack+0x3c/0x64
[ 168.816049][ T3303] kasan_save_track+0x20/0x3c
[ 168.816218][ T3303] kasan_save_alloc_info+0x40/0x54
[ 168.816350][ T3303] __kasan_kmalloc+0xb8/0xbc
[ 168.816480][ T3303] __kmalloc_cache_noprof+0x1b0/0x3cc
[ 168.816610][ T3303] binderfs_binder_device_create.isra.0+0x140/0x9a0
[ 168.816742][ T3303] binderfs_fill_super+0x69c/0xed4
[ 168.816867][ T3303] get_tree_nodev+0xac/0x148
[ 168.816986][ T3303] binderfs_fs_context_get_tree+0x18/0x24
[ 168.817119][ T3303] vfs_get_tree+0x74/0x280
[ 168.817247][ T3303] path_mount+0xe54/0x1808
[ 168.817375][ T3303] __arm64_sys_mount+0x304/0x3dc
[ 168.817504][ T3303] invoke_syscall+0x6c/0x258
[ 168.817627][ T3303] el0_svc_common.constprop.0+0xac/0x230
[ 168.817751][ T3303] do_el0_svc_compat+0x40/0x68
[ 168.817873][ T3303] el0_svc_compat+0x4c/0x17c
[ 168.817993][ T3303] el0t_32_sync_handler+0x98/0x13c
[ 168.818122][ T3303] el0t_32_sync+0x19c/0x1a0
[ 168.818290][ T3303]
[ 168.818424][ T3303] Freed by task 3304:
[ 168.818557][ T3303] kasan_save_stack+0x3c/0x64
[ 168.818696][ T3303] kasan_save_track+0x20/0x3c
[ 168.818823][ T3303] kasan_save_free_info+0x4c/0x74
[ 168.818944][ T3303] __kasan_slab_free+0x50/0x6c
[ 168.819070][ T3303] kfree+0x1bc/0x444
[ 168.819201][ T3303] binderfs_evict_inode+0x238/0x2b4
[ 168.819328][ T3303] evict+0x2c0/0x67c
[ 168.819477][ T3303] iput+0x3b0/0x6b4
[ 168.819647][ T3303] dentry_unlink_inode+0x208/0x46c
[ 168.819828][ T3303] __dentry_kill+0x150/0x52c
[ 168.820013][ T3303] shrink_dentry_list+0x114/0x3a4
[ 168.820287][ T3303] shrink_dcache_parent+0x158/0x354
[ 168.820477][ T3303] shrink_dcache_for_umount+0x88/0x304
[ 168.820697][ T3303] generic_shutdown_super+0x60/0x2e8
[ 168.820884][ T3303] kill_litter_super+0x68/0xa4
[ 168.821053][ T3303] binderfs_kill_super+0x38/0x88
[ 168.821236][ T3303] deactivate_locked_super+0x98/0x17c
[ 168.821407][ T3303] deactivate_super+0xb0/0xd4
[ 168.821577][ T3303] cleanup_mnt+0x198/0x424
[ 168.821753][ T3303] __cleanup_mnt+0x14/0x20
[ 168.821924][ T3303] task_work_run+0x128/0x210
[ 168.822088][ T3303] do_exit+0x7ac/0x1f68
[ 168.822271][ T3303] do_group_exit+0xa4/0x208
[ 168.822458][ T3303] get_signal+0x1b00/0x1ba8
[ 168.822630][ T3303] do_signal+0x1f4/0x620
[ 168.822805][ T3303] do_notify_resume+0x18c/0x258
[ 168.822990][ T3303] el0_svc_compat+0xfc/0x17c
[ 168.823159][ T3303] el0t_32_sync_handler+0x98/0x13c
[ 168.823303][ T3303] el0t_32_sync+0x19c/0x1a0
[ 168.823487][ T3303]
[ 168.823701][ T3303] The buggy address belongs to the object at ffff00001866a400
[ 168.823701][ T3303] which belongs to the cache kmalloc-512 of size 512
[ 168.823954][ T3303] The buggy address is located 8 bytes inside of
[ 168.823954][ T3303] freed 512-byte region [ffff00001866a400, ffff00001866a600)
[ 168.824116][ T3303]
[ 168.824371][ T3303] The buggy address belongs to the physical page:
[ 168.825017][ T3303] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff000018668400 pfn:0x58668
[ 168.825941][ T3303] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 168.826201][ T3303] flags: 0x1ffc00000000240(workingset|head|node=0|zone=0|lastcpupid=0x7ff)
[ 168.826895][ T3303] page_type: f5(slab)
[ 168.827470][ T3303] raw: 01ffc00000000240 ffff00000dc01c80 fffffdffc0603f10 fffffdffc04aa010
[ 168.827625][ T3303] raw: ffff000018668400 000000000010000e 00000000f5000000 0000000000000000
[ 168.827850][ T3303] head: 01ffc00000000240 ffff00000dc01c80 fffffdffc0603f10 fffffdffc04aa010
[ 168.827981][ T3303] head: ffff000018668400 000000000010000e 00000000f5000000 0000000000000000
[ 168.828107][ T3303] head: 01ffc00000000002 fffffdffc0619a01 00000000ffffffff 00000000ffffffff
[ 168.828253][ T3303] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 168.828432][ T3303] page dumped because: kasan: bad access detected
[ 168.828562][ T3303]
[ 168.828673][ T3303] Memory state around the buggy address:
[ 168.829175][ T3303] ffff00001866a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 168.829362][ T3303] ffff00001866a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 168.829513][ T3303] >ffff00001866a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 168.829668][ T3303] ^
[ 168.829871][ T3303] ffff00001866a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 168.829986][ T3303] ffff00001866a500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 168.830278][ T3303] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 168.984303][ T3303] Disabling lock debugging due to kernel taint
VM DIAGNOSIS:
06:34:48 Registers:
info registers vcpu 0
CPU#0
PC=ffff8000844e23d0 X00=0000000000000000 X01=ffff8000870d3098
X02=dfff800000000000 X03=1ffff00010000ee0 X04=0000000000000000
X05=ffff700010000eb2 X06=00000000f1f1f1f1 X07=1ffff00010000eb2
X08=ffff000018d4e99f X09=dfff800000000000 X10=ffff6000031a9d33
X11=1fffe000031a9d33 X12=ffff6000031a9d34 X13=0000000000000000
X14=07011600649b0f02 X15=1850b997054d7e6a X16=22bf00001606ffff
X17=d0adaee801297e0d X18=ffff000018d4e8d0 X19=ffff000018d4e8c0
X20=ffff0000171c034e X21=ffff80008d3dc180 X22=ffff8000864bf200
X23=1ffff00011a7b8ac X24=ffff000018d4e930 X25=000000000000004c
X26=ffff0000171c0300 X27=1fffe000031a9d31 X28=1fffe000031a9d2f
X29=ffff800080007450 X30=ffff80008098cf48 SP=ffff800080007420
PSTATE=60000005 -ZC- EL1h FPCR=00000000 FPSR=00000000
Q00=0000000000000000:0000000000000000 Q01=0000000000000000:0000000000000000
Q02=0000000000000000:0000000000000000 Q03=0000000000000000:0000000000000000
Q04=0000000000000000:0000000000000000 Q05=0000000000000000:0000000000000000
Q06=0000000000000000:0000000000000000 Q07=0000000000000000:0000000000000000
Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000
Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000
Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000
Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000
Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000
Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000
Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000
Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000
Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000
Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000
Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000
Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000
info registers vcpu 1
CPU#1
PC=ffff800081b6941c X00=0000000000000002 X01=0000000000000000
X02=0000000000000002 X03=1fffe00001ee122f X04=0000000000000000
X05=ffff80008d9579e0 X06=ffff700011b2af3c X07=0000000000000001
X08=0000000000000003 X09=dfff800000000000 X10=ffff700011b2af3c
X11=1ffff00011b2af3c X12=ffff700011b2af3d X13=0000000000008000
X14=0000000000000000 X15=0000000000000000 X16=0000000000000000
X17=0000000000000000 X18=0000000000000000 X19=ffff00000f709080
X20=ffff800087a92820 X21=ffff80008d43b000 X22=0000000000000020
X23=dfff800000000000 X24=ffff00000f72a002 X25=0000000000000001
X26=0000000000000f01 X27=1fffe00001ee125a X28=ffff00000f7092d0
X29=ffff80008d9579d0 X30=ffff800081b69384 SP=ffff80008d9579d0
PSTATE=800000c5 N--- EL1h FPCR=00000000 FPSR=00000000
Q00=fffffff0ffffffff:fffffff0ffffffff Q01=30706f6f6c2f6b63:6f6c622f6c617574
Q02=00000000000000a1:0000000000000000 Q03=ffffffffffffff00:ffffffffffffff00
Q04=3003300330033003:3003300330033003 Q05=f00ff00ff00ff00f:f00ff00ff00ff00f
Q06=30000000cccccccc:30000000cccccccc Q07=0000aaab09141790:000002da00000000
Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000
Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000
Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000
Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000
Q16=0000000000002000:0000000000000000 Q17=000000000000000b:0000000000000000
Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000
Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000
Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000
Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000
Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000
Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000
Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000