last executing test programs:
2.321898975s ago: executing program 1 (id=181):
sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x0)
2.320729284s ago: executing program 1 (id=185):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/relabel', 0x2, 0x0)
2.274941456s ago: executing program 1 (id=192):
syz_open_dev$midi(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$midi(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$midi(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$midi(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$midi(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$midi(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$midi(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$midi(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$midi(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$midi(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$midi(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$midi(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$midi(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$midi(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$midi(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$midi(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$midi(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$midi(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$midi(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$midi(&(0x7f0000000500), 0x4, 0x800)
2.213249776s ago: executing program 1 (id=200):
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)
2.16385508s ago: executing program 1 (id=204):
add_key(&(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0, 0x0)
2.14155355s ago: executing program 1 (id=208):
pause()
567.413904ms ago: executing program 3 (id=382):
sync()
363.744878ms ago: executing program 0 (id=396):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self', 0x800, 0x0)
341.201345ms ago: executing program 0 (id=399):
syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$sndctrl(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$sndctrl(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$sndctrl(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$sndctrl(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$sndctrl(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$sndctrl(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$sndctrl(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$sndctrl(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$sndctrl(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$sndctrl(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$sndctrl(&(0x7f0000000500), 0x4, 0x800)
274.156646ms ago: executing program 4 (id=405):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsu', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsu', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsu', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcsu', 0x800, 0x0)
273.819658ms ago: executing program 2 (id=406):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20', 0x800, 0x0)
252.957647ms ago: executing program 2 (id=407):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer', 0x800, 0x0)
192.014202ms ago: executing program 4 (id=408):
faccessat2(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
191.821577ms ago: executing program 0 (id=409):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse', 0x2, 0x0)
191.753616ms ago: executing program 3 (id=410):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/revoke-subject', 0x2, 0x0)
191.583492ms ago: executing program 4 (id=411):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem', 0x1, 0x0)
191.439007ms ago: executing program 2 (id=412):
syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x800)
184.337011ms ago: executing program 3 (id=413):
sigaltstack(&(0x7f0000000000), 0x0)
182.108102ms ago: executing program 4 (id=414):
eventfd2(0x0, 0x0)
169.620951ms ago: executing program 0 (id=415):
rt_sigaction(0x0, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000))
120.544156ms ago: executing program 3 (id=416):
syz_open_dev$hidraw(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$hidraw(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$hidraw(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$hidraw(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$hidraw(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$hidraw(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$hidraw(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$hidraw(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$hidraw(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$hidraw(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$hidraw(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$hidraw(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$hidraw(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$hidraw(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$hidraw(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$hidraw(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$hidraw(&(0x7f0000000500), 0x4, 0x800)
120.372399ms ago: executing program 2 (id=417):
epoll_wait(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
120.319033ms ago: executing program 0 (id=418):
futimesat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000))
120.247821ms ago: executing program 4 (id=419):
truncate(&(0x7f0000000000), 0x0)
120.198586ms ago: executing program 2 (id=420):
setgid(0x0)
120.091712ms ago: executing program 3 (id=421):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full', 0x800, 0x0)
75.961558ms ago: executing program 4 (id=422):
io_destroy(0x0)
75.678068ms ago: executing program 0 (id=423):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng', 0x800, 0x0)
75.583496ms ago: executing program 2 (id=424):
socket$inet_icmp(0x2, 0x2, 0x1)
0s ago: executing program 3 (id=428):
sched_getparam(0x0, &(0x7f0000000000))
kernel console output (not intermixed with test programs):
Warning: Permanently added '10.128.0.130' (ED25519) to the list of known hosts.
[ 58.174222][ T5822] cgroup: Unknown subsys name 'net'
[ 58.293794][ T5822] cgroup: Unknown subsys name 'cpuset'
[ 58.301384][ T5822] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 59.572458][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 63.193414][ T6102] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 64.556741][ T6241] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 65.017573][ T6280] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 65.026830][ T6280] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 65.034777][ T6280] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 65.054013][ T6280] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 65.064664][ T6280] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 65.073584][ T6280] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 65.280091][ T6273] ==================================================================
[ 65.280123][ T6273] BUG: KASAN: slab-use-after-free in binder_add_device+0x5f/0xa0
[ 65.280183][ T6273] Write of size 8 at addr ffff888030e9dc08 by task syz-executor/6273
[ 65.280207][ T6273]
[ 65.280237][ T6273] CPU: 0 UID: 0 PID: 6273 Comm: syz-executor Not tainted 6.13.0-next-20250122-syzkaller #0
[ 65.280254][ T6273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 65.280264][ T6273] Call Trace:
[ 65.280270][ T6273]
[ 65.280277][ T6273] dump_stack_lvl+0x241/0x360
[ 65.280296][ T6273] ? __pfx_dump_stack_lvl+0x10/0x10
[ 65.280320][ T6273] ? __pfx__printk+0x10/0x10
[ 65.280336][ T6273] ? _printk+0xd5/0x120
[ 65.280349][ T6273] ? __virt_addr_valid+0x183/0x530
[ 65.280371][ T6273] ? __virt_addr_valid+0x183/0x530
[ 65.280393][ T6273] print_report+0x169/0x550
[ 65.280415][ T6273] ? __virt_addr_valid+0x183/0x530
[ 65.280435][ T6273] ? __virt_addr_valid+0x183/0x530
[ 65.280456][ T6273] ? __virt_addr_valid+0x45f/0x530
[ 65.280476][ T6273] ? __phys_addr+0xba/0x170
[ 65.280497][ T6273] ? binder_add_device+0x5f/0xa0
[ 65.280517][ T6273] kasan_report+0x143/0x180
[ 65.280539][ T6273] ? binder_add_device+0x5f/0xa0
[ 65.280563][ T6273] binder_add_device+0x5f/0xa0
[ 65.280585][ T6273] binderfs_binder_device_create+0x7bf/0x9c0
[ 65.280610][ T6273] binderfs_fill_super+0x944/0xd90
[ 65.280632][ T6273] ? __pfx_binderfs_fill_super+0x10/0x10
[ 65.280662][ T6273] ? shrinker_register+0x160/0x230
[ 65.280683][ T6273] ? sget_fc+0x909/0x9c0
[ 65.280702][ T6273] ? __pfx_set_anon_super_fc+0x10/0x10
[ 65.280721][ T6273] ? __pfx_binderfs_fill_super+0x10/0x10
[ 65.280742][ T6273] get_tree_nodev+0xb7/0x140
[ 65.280762][ T6273] vfs_get_tree+0x90/0x2b0
[ 65.280782][ T6273] do_new_mount+0x2be/0xb40
[ 65.280800][ T6273] ? __pfx_do_new_mount+0x10/0x10
[ 65.280819][ T6273] __se_sys_mount+0x2d6/0x3c0
[ 65.280834][ T6273] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 65.280856][ T6273] ? __pfx___se_sys_mount+0x10/0x10
[ 65.280872][ T6273] ? do_syscall_64+0x100/0x230
[ 65.280889][ T6273] ? __x64_sys_mount+0x20/0xc0
[ 65.280905][ T6273] do_syscall_64+0xf3/0x230
[ 65.280921][ T6273] ? clear_bhb_loop+0x35/0x90
[ 65.280942][ T6273] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 65.280967][ T6273] RIP: 0033:0x7f9fde18e4ca
[ 65.280985][ T6273] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 65.280997][ T6273] RSP: 002b:00007ffefa7351b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 65.281016][ T6273] RAX: ffffffffffffffda RBX: 00007f9fde20e663 RCX: 00007f9fde18e4ca
[ 65.281028][ T6273] RDX: 00007f9fde21dd57 RSI: 00007f9fde20e663 RDI: 00007f9fde21dd57
[ 65.281039][ T6273] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 65.281048][ T6273] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9fde228440
[ 65.281057][ T6273] R13: 00007ffefa735238 R14: 0000000000000009 R15: 0000000000000000
[ 65.281073][ T6273]
[ 65.281079][ T6273]
[ 65.281395][ T6273] Allocated by task 5833:
[ 65.281412][ T6273] kasan_save_track+0x3f/0x80
[ 65.281441][ T6273] __kasan_kmalloc+0x98/0xb0
[ 65.281468][ T6273] __kmalloc_cache_noprof+0x243/0x390
[ 65.281494][ T6273] binderfs_binder_device_create+0x16c/0x9c0
[ 65.281523][ T6273] binderfs_fill_super+0x944/0xd90
[ 65.281550][ T6273] get_tree_nodev+0xb7/0x140
[ 65.281576][ T6273] vfs_get_tree+0x90/0x2b0
[ 65.281603][ T6273] do_new_mount+0x2be/0xb40
[ 65.281625][ T6273] __se_sys_mount+0x2d6/0x3c0
[ 65.281648][ T6273] do_syscall_64+0xf3/0x230
[ 65.281672][ T6273] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 65.281699][ T6273]
[ 65.281713][ T6273] Freed by task 5833:
[ 65.281730][ T6273] kasan_save_track+0x3f/0x80
[ 65.281757][ T6273] kasan_save_free_info+0x40/0x50
[ 65.281782][ T6273] __kasan_slab_free+0x59/0x70
[ 65.281810][ T6273] kfree+0x196/0x430
[ 65.281833][ T6273] evict+0x4e8/0x9a0
[ 65.281860][ T6273] __dentry_kill+0x20d/0x630
[ 65.281884][ T6273] shrink_kill+0xa9/0x2c0
[ 65.281909][ T6273] shrink_dentry_list+0x2c0/0x5b0
[ 65.281933][ T6273] shrink_dcache_parent+0xcb/0x3b0
[ 65.281958][ T6273] do_one_tree+0x23/0xe0
[ 65.281982][ T6273] shrink_dcache_for_umount+0xb4/0x180
[ 65.282009][ T6273] generic_shutdown_super+0x6a/0x2d0
[ 65.282034][ T6273] kill_litter_super+0x76/0xb0
[ 65.282061][ T6273] binderfs_kill_super+0x44/0x90
[ 65.282088][ T6273] deactivate_locked_super+0xc4/0x130
[ 65.282114][ T6273] cleanup_mnt+0x41f/0x4b0
[ 65.282139][ T6273] task_work_run+0x24f/0x310
[ 65.282167][ T6273] do_exit+0xa2a/0x28e0
[ 65.282193][ T6273] do_group_exit+0x207/0x2c0
[ 65.282220][ T6273] get_signal+0x16b2/0x1750
[ 65.282243][ T6273] arch_do_signal_or_restart+0x96/0x860
[ 65.282268][ T6273] syscall_exit_to_user_mode+0xce/0x340
[ 65.282292][ T6273] do_syscall_64+0x100/0x230
[ 65.282327][ T6273] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 65.282353][ T6273]
[ 65.282367][ T6273] The buggy address belongs to the object at ffff888030e9dc00
[ 65.282367][ T6273] which belongs to the cache kmalloc-512 of size 512
[ 65.282390][ T6273] The buggy address is located 8 bytes inside of
[ 65.282390][ T6273] freed 512-byte region [ffff888030e9dc00, ffff888030e9de00)
[ 65.282415][ T6273]
[ 65.282429][ T6273] The buggy address belongs to the physical page:
[ 65.282451][ T6273] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30e9c
[ 65.282476][ T6273] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 65.282498][ T6273] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 65.282526][ T6273] page_type: f5(slab)
[ 65.282550][ T6273] raw: 00fff00000000040 ffff88801ac41c80 dead000000000100 dead000000000122
[ 65.282573][ T6273] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 65.282596][ T6273] head: 00fff00000000040 ffff88801ac41c80 dead000000000100 dead000000000122
[ 65.282618][ T6273] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 65.282641][ T6273] head: 00fff00000000002 ffffea0000c3a701 ffffffffffffffff 0000000000000000
[ 65.282663][ T6273] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[ 65.282681][ T6273] page dumped because: kasan: bad access detected
[ 65.282710][ T6273] page_owner tracks the page as allocated
[ 65.282726][ T6273] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5224, tgid 5224 (udevadm), ts 22014802858, free_ts 21741994275
[ 65.282763][ T6273] post_alloc_hook+0x1f4/0x240
[ 65.282790][ T6273] get_page_from_freelist+0x365c/0x37a0
[ 65.282819][ T6273] __alloc_frozen_pages_noprof+0x292/0x710
[ 65.282847][ T6273] alloc_pages_mpol+0x311/0x660
[ 65.282869][ T6273] allocate_slab+0x8f/0x3a0
[ 65.282896][ T6273] ___slab_alloc+0xc27/0x14a0
[ 65.282921][ T6273] __slab_alloc+0x58/0xa0
[ 65.282945][ T6273] __kmalloc_cache_noprof+0x27b/0x390
[ 65.282971][ T6273] kernfs_fop_open+0x3e0/0xd10
[ 65.282997][ T6273] do_dentry_open+0xdec/0x1960
[ 65.283019][ T6273] vfs_open+0x3b/0x370
[ 65.283041][ T6273] path_openat+0x2c81/0x3590
[ 65.283069][ T6273] do_filp_open+0x27f/0x4e0
[ 65.283095][ T6273] do_sys_openat2+0x13e/0x1d0
[ 65.283119][ T6273] __x64_sys_openat+0x247/0x2a0
[ 65.283145][ T6273] do_syscall_64+0xf3/0x230
[ 65.283170][ T6273] page last free pid 5220 tgid 5220 stack trace:
[ 65.283189][ T6273] free_frozen_pages+0xe0d/0x10e0
[ 65.283214][ T6273] __put_partials+0x160/0x1c0
[ 65.283238][ T6273] put_cpu_partial+0x17c/0x250
[ 65.283264][ T6273] __slab_free+0x290/0x380
[ 65.283290][ T6273] qlist_free_all+0x9a/0x140
[ 65.283323][ T6273] kasan_quarantine_reduce+0x14f/0x170
[ 65.283350][ T6273] __kasan_slab_alloc+0x23/0x80
[ 65.283379][ T6273] kmem_cache_alloc_noprof+0x1d9/0x380
[ 65.283404][ T6273] getname_flags+0xb7/0x540
[ 65.283428][ T6273] do_sys_openat2+0xd2/0x1d0
[ 65.283453][ T6273] __x64_sys_openat+0x247/0x2a0
[ 65.283478][ T6273] do_syscall_64+0xf3/0x230
[ 65.283502][ T6273] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 65.283531][ T6273]
[ 65.283546][ T6273] Memory state around the buggy address:
[ 65.283565][ T6273] ffff888030e9db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 65.283585][ T6273] ffff888030e9db80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 65.283604][ T6273] >ffff888030e9dc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 65.283621][ T6273] ^
[ 65.283639][ T6273] ffff888030e9dc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 65.283660][ T6273] ffff888030e9dd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 65.283677][ T6273] ==================================================================
[ 65.304804][ T6273] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 66.139769][ T6273] CPU: 0 UID: 0 PID: 6273 Comm: syz-executor Not tainted 6.13.0-next-20250122-syzkaller #0
[ 66.150009][ T6273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 66.160265][ T6273] Call Trace:
[ 66.163558][ T6273]
[ 66.166507][ T6273] dump_stack_lvl+0x241/0x360
[ 66.171253][ T6273] ? __pfx_dump_stack_lvl+0x10/0x10
[ 66.176471][ T6273] ? __pfx__printk+0x10/0x10
[ 66.181077][ T6273] ? preempt_schedule+0xe1/0xf0
[ 66.185942][ T6273] ? vscnprintf+0x5d/0x90
[ 66.190281][ T6273] panic+0x349/0x880
[ 66.194293][ T6273] ? check_panic_on_warn+0x21/0xb0
[ 66.199502][ T6273] ? __pfx_panic+0x10/0x10
[ 66.203935][ T6273] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 66.210022][ T6273] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 66.216363][ T6273] ? print_report+0x502/0x550
[ 66.221147][ T6273] check_panic_on_warn+0x86/0xb0
[ 66.226111][ T6273] ? binder_add_device+0x5f/0xa0
[ 66.231061][ T6273] end_report+0x77/0x160
[ 66.235330][ T6273] kasan_report+0x154/0x180
[ 66.239838][ T6273] ? binder_add_device+0x5f/0xa0
[ 66.244876][ T6273] binder_add_device+0x5f/0xa0
[ 66.249741][ T6273] binderfs_binder_device_create+0x7bf/0x9c0
[ 66.255738][ T6273] binderfs_fill_super+0x944/0xd90
[ 66.260957][ T6273] ? __pfx_binderfs_fill_super+0x10/0x10
[ 66.266609][ T6273] ? shrinker_register+0x160/0x230
[ 66.271725][ T6273] ? sget_fc+0x909/0x9c0
[ 66.275973][ T6273] ? __pfx_set_anon_super_fc+0x10/0x10
[ 66.281528][ T6273] ? __pfx_binderfs_fill_super+0x10/0x10
[ 66.287354][ T6273] get_tree_nodev+0xb7/0x140
[ 66.291969][ T6273] vfs_get_tree+0x90/0x2b0
[ 66.296503][ T6273] do_new_mount+0x2be/0xb40
[ 66.301106][ T6273] ? __pfx_do_new_mount+0x10/0x10
[ 66.306141][ T6273] __se_sys_mount+0x2d6/0x3c0
[ 66.310826][ T6273] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 66.316912][ T6273] ? __pfx___se_sys_mount+0x10/0x10
[ 66.322125][ T6273] ? do_syscall_64+0x100/0x230
[ 66.326909][ T6273] ? __x64_sys_mount+0x20/0xc0
[ 66.331679][ T6273] do_syscall_64+0xf3/0x230
[ 66.336191][ T6273] ? clear_bhb_loop+0x35/0x90
[ 66.340867][ T6273] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 66.346755][ T6273] RIP: 0033:0x7f9fde18e4ca
[ 66.351242][ T6273] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 66.370925][ T6273] RSP: 002b:00007ffefa7351b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 66.379361][ T6273] RAX: ffffffffffffffda RBX: 00007f9fde20e663 RCX: 00007f9fde18e4ca
[ 66.387349][ T6273] RDX: 00007f9fde21dd57 RSI: 00007f9fde20e663 RDI: 00007f9fde21dd57
[ 66.395394][ T6273] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 66.403367][ T6273] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9fde228440
[ 66.411412][ T6273] R13: 00007ffefa735238 R14: 0000000000000009 R15: 0000000000000000
[ 66.419466][ T6273]
[ 66.422979][ T6273] Kernel Offset: disabled
[ 66.427301][ T6273] Rebooting in 86400 seconds..