program: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/oss_mixer\x00', 0x202, 0x0) (async) r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/oss_mixer\x00', 0x202, 0x0) r2 = socket$inet_dccp(0x2, 0x6, 0x0) write$proc_mixer(r1, &(0x7f0000000080)=ANY=[@ANYBLOB='\t'], 0x2b) (async) write$proc_mixer(r1, &(0x7f0000000080)=ANY=[@ANYBLOB='\t'], 0x2b) dup3(r2, r1, 0x0) (async) dup3(r2, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x1802, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f00000003c0)=[@increfs], 0x0, 0x0, 0x0}) r4 = dup3(r3, r0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000240)={0x10, 0x0, &(0x7f00000002c0)=[@request_death={0x400c6313}], 0x0, 0x0, 0x0}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x4ca31, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r6 = socket$netlink(0x10, 0x3, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f00000000c0)={0x28, 0x0, 0x0, 0x0, &(0x7f0000ff9000/0x4000)=nil, 0x4000}) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r7, &(0x7f00000002c0)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) (async) connect$inet6(r7, &(0x7f00000002c0)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) writev(r8, &(0x7f0000000040)=[{&(0x7f0000000080)='e', 0x45c}, {0x0, 0x8b8}], 0x2) getsockopt$inet6_mptcp_buf(r7, 0x11c, 0x3, &(0x7f00000000c0)=""/156, &(0x7f0000000040)=0x9c) (async) getsockopt$inet6_mptcp_buf(r7, 0x11c, 0x3, &(0x7f00000000c0)=""/156, &(0x7f0000000040)=0x9c) r9 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000480), r9) (async) syz_genetlink_get_family_id$tipc(&(0x7f0000000480), r9) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r6, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x7f, 0x0, 0xd, 0x9, 0x1, 0x5, 0xea, 0x101, 0x6}}}}]}, 0x58}}, 0x0) (async) sendmsg$nl_route_sched(r6, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x7f, 0x0, 0xd, 0x9, 0x1, 0x5, 0xea, 0x101, 0x6}}}}]}, 0x58}}, 0x0) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014751c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a0c93d47018c12e7ba8188a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab188dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b4896c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e547f7ad33850d9feccd0111a2e3700845dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005202000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a12489c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af14915f29b719f54926fc32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86ae826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa520000afe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da357f9e93ce055019c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c672b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981fd9086e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2826b47ad8ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b478abc5b196dd5308cb20c4e2a0bd702651bb39f10523102dcd8ece692159028f314e0d6bfa400475c6699fdc40efe0948e3cef7419a7f113134e5ee20fd87c4521ccfbd32d6f147f743d30866bdd86ca8bf0c7bcc475f4ed53517aaa51f1c151d859a7f0b53abd332c84bdad313e82ac3777a6f7f649ff8a25f6dfe09cb29213896b49a825257bf143e9fa3bbd47009e66fe5705b3ef2b40a182e408c680727d64e00e1ce508f8fd64ac6c84ccc28fc333067de63b9bb5daaa12ce60ee3779ded79651be69d2a413cd948a873dd7ad7017b150828cf100d3df8537f22aff58343c9ee966fceb594bbe10b911427f76a25a219be2f85287b7f83d323a30991067ad1369792166062085ff20c5fb9f6e4f78dd09c7d2d6ca3c8a5d0d26ccbe576f44a1bc94194817"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r11, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f0000000640)="b9ff03076844268cb89e14f088a847e086dd200000006006000aac14140ce0", 0x0, 0x11, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x48) mremap(&(0x7f0000000000/0x9000)=nil, 0x600a00, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) [ 74.688598][ T4681] Bluetooth: hci0: command tx timeout [ 74.780382][ T5341] ALSA: mixer_oss: invalid OSS volume '' [ 74.785038][ T5341] binder: BINDER_SET_CONTEXT_MGR already set [ 74.797478][ T5341] binder: 5340:5341 ioctl 40046207 0 returned -16 [ 74.980001][ T9] ================================================================== [ 74.982982][ T9] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x2f/0x140 [ 74.986269][ T9] Read of size 8 at addr ffff88804324c508 by task kworker/0:1/9 [ 74.988993][ T9] [ 74.989868][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0 [ 74.993299][ T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.997008][ T9] Workqueue: events binder_deferred_func [ 74.999076][ T9] Call Trace: [ 75.000340][ T9] [ 75.001474][ T9] dump_stack_lvl+0x241/0x360 [ 75.003291][ T9] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.005269][ T9] ? __pfx__printk+0x10/0x10 [ 75.007164][ T9] ? _printk+0xd5/0x120 [ 75.008738][ T9] ? __virt_addr_valid+0x183/0x530 [ 75.010547][ T9] ? __virt_addr_valid+0x183/0x530 [ 75.012447][ T9] print_report+0x169/0x550 [ 75.014108][ T9] ? __virt_addr_valid+0x183/0x530 [ 75.016039][ T9] ? __virt_addr_valid+0x183/0x530 [ 75.017901][ T9] ? __virt_addr_valid+0x45f/0x530 [ 75.019852][ T9] ? __phys_addr+0xba/0x170 [ 75.021576][ T9] ? __list_del_entry_valid_or_report+0x2f/0x140 [ 75.023948][ T9] kasan_report+0x143/0x180 [ 75.025638][ T9] ? __list_del_entry_valid_or_report+0x2f/0x140 [ 75.028233][ T9] __list_del_entry_valid_or_report+0x2f/0x140 [ 75.030441][ T9] binder_release_work+0xc7/0x480 [ 75.032328][ T9] binder_deferred_func+0x1275/0x1460 [ 75.034382][ T9] ? process_scheduled_works+0x976/0x1850 [ 75.036513][ T9] process_scheduled_works+0xa63/0x1850 [ 75.038549][ T9] ? __pfx_process_scheduled_works+0x10/0x10 [ 75.040643][ T9] ? assign_work+0x364/0x3d0 [ 75.042421][ T9] worker_thread+0x870/0xd30 [ 75.044167][ T9] ? __kthread_parkme+0x169/0x1d0 [ 75.046088][ T9] ? __pfx_worker_thread+0x10/0x10 [ 75.047916][ T9] kthread+0x2f0/0x390 [ 75.049295][ T9] ? __pfx_worker_thread+0x10/0x10 [ 75.050980][ T9] ? __pfx_kthread+0x10/0x10 [ 75.052745][ T9] ret_from_fork+0x4b/0x80 [ 75.054127][ T9] ? __pfx_kthread+0x10/0x10 [ 75.055775][ T9] ret_from_fork_asm+0x1a/0x30 [ 75.057376][ T9] [ 75.058467][ T9] [ 75.059333][ T9] Allocated by task 5342: [ 75.060833][ T9] kasan_save_track+0x3f/0x80 [ 75.062623][ T9] __kasan_kmalloc+0x98/0xb0 [ 75.064310][ T9] __kmalloc_cache_noprof+0x243/0x390 [ 75.066115][ T9] binder_ioctl_write_read+0xe7f/0xb560 [ 75.068097][ T9] binder_ioctl+0x436/0x1cc0 [ 75.069735][ T9] __se_sys_ioctl+0xf5/0x170 [ 75.071481][ T9] do_syscall_64+0xf3/0x230 [ 75.073087][ T9] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.074911][ T9] [ 75.075855][ T9] Freed by task 9: [ 75.077277][ T9] kasan_save_track+0x3f/0x80 [ 75.079055][ T9] kasan_save_free_info+0x40/0x50 [ 75.080947][ T9] __kasan_slab_free+0x59/0x70 [ 75.082778][ T9] kfree+0x196/0x420 [ 75.084195][ T9] binder_deferred_func+0x11df/0x1460 [ 75.086192][ T9] process_scheduled_works+0xa63/0x1850 [ 75.088129][ T9] worker_thread+0x870/0xd30 [ 75.089834][ T9] kthread+0x2f0/0x390 [ 75.091432][ T9] ret_from_fork+0x4b/0x80 [ 75.093133][ T9] ret_from_fork_asm+0x1a/0x30 [ 75.094947][ T9] [ 75.095820][ T9] The buggy address belongs to the object at ffff88804324c500 [ 75.095820][ T9] which belongs to the cache kmalloc-64 of size 64 [ 75.100684][ T9] The buggy address is located 8 bytes inside of [ 75.100684][ T9] freed 64-byte region [ffff88804324c500, ffff88804324c540) [ 75.105642][ T9] [ 75.106510][ T9] The buggy address belongs to the physical page: [ 75.108892][ T9] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4324c [ 75.111997][ T9] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff) [ 75.114574][ T9] page_type: f5(slab) [ 75.115986][ T9] raw: 04fff00000000000 ffff88801ac418c0 ffffea00010edb00 0000000000000004 [ 75.119085][ T9] raw: 0000000000000000 0000000000200020 00000001f5000000 0000000000000000 [ 75.122184][ T9] page dumped because: kasan: bad access detected [ 75.124486][ T9] page_owner tracks the page as allocated [ 75.126562][ T9] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5323, tgid 5323 (sh), ts 64146085751, free_ts 64136448480 [ 75.132752][ T9] post_alloc_hook+0x1f3/0x230 [ 75.134489][ T9] get_page_from_freelist+0x3649/0x3790 [ 75.136775][ T9] __alloc_pages_noprof+0x292/0x710 [ 75.138957][ T9] alloc_pages_mpol_noprof+0x3e8/0x680 [ 75.141014][ T9] alloc_slab_page+0x6a/0x140 [ 75.142698][ T9] allocate_slab+0x5a/0x2f0 [ 75.144372][ T9] ___slab_alloc+0xcd1/0x14b0 [ 75.146054][ T9] __slab_alloc+0x58/0xa0 [ 75.147676][ T9] __kmalloc_noprof+0x2e6/0x4c0 [ 75.149456][ T9] tomoyo_encode+0x26f/0x540 [ 75.151112][ T9] tomoyo_realpath_from_path+0x59e/0x5e0 [ 75.153102][ T9] tomoyo_check_open_permission+0x258/0x4f0 [ 75.155164][ T9] security_file_open+0xac/0x250 [ 75.156888][ T9] do_dentry_open+0x328/0x1b70 [ 75.158721][ T9] vfs_open+0x3e/0x330 [ 75.160211][ T9] path_openat+0x2c84/0x3590 [ 75.161825][ T9] page last free pid 5322 tgid 5322 stack trace: [ 75.164105][ T9] free_unref_page+0xdf9/0x1140 [ 75.165830][ T9] __put_partials+0xeb/0x130 [ 75.167460][ T9] put_cpu_partial+0x17c/0x250 [ 75.169087][ T9] __slab_free+0x2ea/0x3d0 [ 75.170705][ T9] qlist_free_all+0x9a/0x140 [ 75.172327][ T9] kasan_quarantine_reduce+0x14f/0x170 [ 75.174306][ T9] __kasan_slab_alloc+0x23/0x80 [ 75.175996][ T9] kmem_cache_alloc_noprof+0x1d9/0x380 [ 75.178036][ T9] getname_flags+0xb7/0x540 [ 75.179651][ T9] do_sys_openat2+0xd2/0x1d0 [ 75.181262][ T9] __x64_sys_openat+0x247/0x2a0 [ 75.182951][ T9] do_syscall_64+0xf3/0x230 [ 75.184620][ T9] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.186882][ T9] [ 75.187869][ T9] Memory state around the buggy address: [ 75.189930][ T9] ffff88804324c400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 75.192881][ T9] ffff88804324c480: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 75.195814][ T9] >ffff88804324c500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 75.198826][ T9] ^ [ 75.200451][ T9] ffff88804324c580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 75.203508][ T9] ffff88804324c600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 75.206300][ T9] ================================================================== [ 75.209628][ T9] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 75.212343][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0 [ 75.216048][ T9] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.219892][ T9] Workqueue: events binder_deferred_func [ 75.221997][ T9] Call Trace: [ 75.223297][ T9] [ 75.224413][ T9] dump_stack_lvl+0x241/0x360 [ 75.226210][ T9] ? __pfx_dump_stack_lvl+0x10/0x10 [ 75.228222][ T9] ? __pfx__printk+0x10/0x10 [ 75.229910][ T9] ? lock_release+0xbf/0xa30 [ 75.231645][ T9] ? vscnprintf+0x5d/0x90 [ 75.233267][ T9] panic+0x349/0x880 [ 75.234728][ T9] ? check_panic_on_warn+0x21/0xb0 [ 75.236692][ T9] ? __pfx_panic+0x10/0x10 [ 75.238328][ T9] ? mark_lock+0x9a/0x360 [ 75.239898][ T9] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 75.242077][ T9] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 75.244253][ T9] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 75.246467][ T9] ? print_report+0x502/0x550 [ 75.248204][ T9] check_panic_on_warn+0x86/0xb0 [ 75.250024][ T9] ? __list_del_entry_valid_or_report+0x2f/0x140 [ 75.252270][ T9] end_report+0x77/0x160 [ 75.253902][ T9] kasan_report+0x154/0x180 [ 75.255644][ T9] ? __list_del_entry_valid_or_report+0x2f/0x140 [ 75.258010][ T9] __list_del_entry_valid_or_report+0x2f/0x140 [ 75.260346][ T9] binder_release_work+0xc7/0x480 [ 75.262214][ T9] binder_deferred_func+0x1275/0x1460 [ 75.264143][ T9] ? process_scheduled_works+0x976/0x1850 [ 75.266247][ T9] process_scheduled_works+0xa63/0x1850 [ 75.268340][ T9] ? __pfx_process_scheduled_works+0x10/0x10 [ 75.270541][ T9] ? assign_work+0x364/0x3d0 [ 75.272274][ T9] worker_thread+0x870/0xd30 [ 75.274030][ T9] ? __kthread_parkme+0x169/0x1d0 [ 75.275939][ T9] ? __pfx_worker_thread+0x10/0x10 [ 75.277740][ T9] kthread+0x2f0/0x390 [ 75.279174][ T9] ? __pfx_worker_thread+0x10/0x10 [ 75.281054][ T9] ? __pfx_kthread+0x10/0x10 [ 75.282830][ T9] ret_from_fork+0x4b/0x80 [ 75.284606][ T9] ? __pfx_kthread+0x10/0x10 [ 75.286305][ T9] ret_from_fork_asm+0x1a/0x30 [ 75.287994][ T9] [ 75.289436][ T9] Kernel Offset: disabled [ 75.291076][ T9] Rebooting in 86400 seconds..