Warning: Permanently added '10.128.0.191' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   38.429827][ T3606] ==================================================================
[   38.437922][ T3606] BUG: KASAN: use-after-free in kill_fasync+0x45e/0x470
[   38.444873][ T3606] Read of size 8 at addr ffff88807abbe968 by task syz-executor339/3606
[   38.453096][ T3606] 
[   38.455405][ T3606] CPU: 1 PID: 3606 Comm: syz-executor339 Not tainted 5.19.0-rc6-syzkaller-00418-g972a278fe60c #0
[   38.465891][ T3606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   38.475939][ T3606] Call Trace:
[   38.479212][ T3606]  <TASK>
[   38.482133][ T3606]  dump_stack_lvl+0xcd/0x134
[   38.486737][ T3606]  print_address_description.constprop.0.cold+0xeb/0x495
[   38.493935][ T3606]  ? kill_fasync+0x45e/0x470
[   38.498528][ T3606]  kasan_report.cold+0xf4/0x1c6
[   38.503373][ T3606]  ? kill_fasync+0x45e/0x470
[   38.507957][ T3606]  kill_fasync+0x45e/0x470
[   38.512366][ T3606]  post_one_notification.isra.0+0x6e4/0x990
[   38.518250][ T3606]  __post_watch_notification+0x561/0x840
[   38.523873][ T3606]  ? down_write_killable+0x170/0x170
[   38.529153][ T3606]  ? user_update+0x148/0x310
[   38.533730][ T3606]  key_create_or_update+0xdbf/0xde0
[   38.538919][ T3606]  ? key_alloc+0x1210/0x1210
[   38.543501][ T3606]  ? join_session_keyring+0x340/0x340
[   38.548877][ T3606]  __do_sys_add_key+0x215/0x430
[   38.553720][ T3606]  ? __do_sys_request_key+0x3b0/0x3b0
[   38.559087][ T3606]  ? syscall_enter_from_user_mode+0x21/0x70
[   38.564974][ T3606]  ? syscall_enter_from_user_mode+0x21/0x70
[   38.570856][ T3606]  do_syscall_64+0x35/0xb0
[   38.575264][ T3606]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   38.581147][ T3606] RIP: 0033:0x7fb1a43aaf49
[   38.585551][ T3606] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   38.605151][ T3606] RSP: 002b:00007ffc4dcbdb48 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[   38.613551][ T3606] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007fb1a43aaf49
[   38.621514][ T3606] RDX: 0000000020000280 RSI: 0000000020000100 RDI: 00000000200000c0
[   38.629477][ T3606] RBP: 0000000000000000 R08: 00000000fffffffc R09: 0000000000000001
[   38.637434][ T3606] R10: 0000000000000048 R11: 0000000000000246 R12: 00007fb1a436e720
[   38.645391][ T3606] R13: 0000000000000000 R14: 00007ffc4dcbdb70 R15: 00007ffc4dcbdb60
[   38.653357][ T3606]  </TASK>
[   38.656970][ T3606] 
[   38.659280][ T3606] Allocated by task 3600:
[   38.663588][ T3606]  kasan_save_stack+0x1e/0x40
[   38.668265][ T3606]  __kasan_kmalloc+0xa9/0xd0
[   38.672847][ T3606]  alloc_pipe_info+0x105/0x590
[   38.677602][ T3606]  create_pipe_files+0x8d/0x880
[   38.682445][ T3606]  do_pipe2+0x96/0x1b0
[   38.686503][ T3606]  __x64_sys_pipe2+0x50/0x70
[   38.691077][ T3606]  do_syscall_64+0x35/0xb0
[   38.695483][ T3606]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   38.701367][ T3606] 
[   38.703675][ T3606] Freed by task 3600:
[   38.707639][ T3606]  kasan_save_stack+0x1e/0x40
[   38.712306][ T3606]  kasan_set_track+0x21/0x30
[   38.716886][ T3606]  kasan_set_free_info+0x20/0x30
[   38.721985][ T3606]  ____kasan_slab_free+0x166/0x1a0
[   38.727261][ T3606]  slab_free_freelist_hook+0x8b/0x1c0
[   38.732624][ T3606]  kfree+0xd6/0x4d0
[   38.736423][ T3606]  pipe_release+0x2b6/0x310
[   38.740916][ T3606]  __fput+0x277/0x9d0
[   38.744886][ T3606]  task_work_run+0xdd/0x1a0
[   38.749379][ T3606]  do_exit+0xade/0x29d0
[   38.753520][ T3606]  do_group_exit+0xd2/0x2f0
[   38.758100][ T3606]  __x64_sys_exit_group+0x3a/0x50
[   38.763206][ T3606]  do_syscall_64+0x35/0xb0
[   38.767616][ T3606]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   38.773500][ T3606] 
[   38.775983][ T3606] The buggy address belongs to the object at ffff88807abbe800
[   38.775983][ T3606]  which belongs to the cache kmalloc-cg-512 of size 512
[   38.790367][ T3606] The buggy address is located 360 bytes inside of
[   38.790367][ T3606]  512-byte region [ffff88807abbe800, ffff88807abbea00)
[   38.803628][ T3606] 
[   38.805941][ T3606] The buggy address belongs to the physical page:
[   38.812337][ T3606] page:ffffea0001eaef00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7abbc
[   38.822558][ T3606] head:ffffea0001eaef00 order:2 compound_mapcount:0 compound_pincount:0
[   38.830863][ T3606] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   38.838837][ T3606] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888011842dc0
[   38.847407][ T3606] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   38.855970][ T3606] page dumped because: kasan: bad access detected
[   38.862450][ T3606] page_owner tracks the page as allocated
[   38.868146][ T3606] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3185, tgid 3185 (dhcpcd), ts 21830558237, free_ts 18232364269
[   38.888975][ T3606]  get_page_from_freelist+0x1290/0x3b70
[   38.894520][ T3606]  __alloc_pages+0x1c7/0x510
[   38.899104][ T3606]  alloc_pages+0x1aa/0x310
[   38.903506][ T3606]  allocate_slab+0x26c/0x3c0
[   38.908088][ T3606]  ___slab_alloc+0x9c4/0xe20
[   38.912753][ T3606]  __slab_alloc.constprop.0+0x4d/0xa0
[   38.918116][ T3606]  __kmalloc_node_track_caller+0x2cb/0x360
[   38.924343][ T3606]  __alloc_skb+0xde/0x340
[   38.928660][ T3606]  alloc_skb_with_frags+0x93/0x730
[   38.933788][ T3606]  sock_alloc_send_pskb+0x793/0x920
[   38.939007][ T3606]  unix_dgram_sendmsg+0x425/0x1ad0
[   38.944118][ T3606]  sock_sendmsg+0xcf/0x120
[   38.948524][ T3606]  sock_write_iter+0x284/0x3c0
[   38.953275][ T3606]  do_iter_readv_writev+0x3d1/0x640
[   38.958558][ T3606]  do_iter_write+0x182/0x700
[   38.963140][ T3606]  vfs_writev+0x1aa/0x630
[   38.967474][ T3606] page last free stack trace:
[   38.972132][ T3606]  free_pcp_prepare+0x549/0xd20
[   38.976977][ T3606]  free_unref_page+0x19/0x6a0
[   38.981642][ T3606]  qlist_free_all+0x6a/0x170
[   38.986312][ T3606]  kasan_quarantine_reduce+0x180/0x200
[   38.991763][ T3606]  __kasan_slab_alloc+0xa2/0xc0
[   38.996599][ T3606]  kmem_cache_alloc+0x204/0x3b0
[   39.001790][ T3606]  getname_flags.part.0+0x50/0x4f0
[   39.006891][ T3606]  getname_flags+0x9a/0xe0
[   39.011295][ T3606]  vfs_fstatat+0x73/0xb0
[   39.015528][ T3606]  __do_sys_newfstatat+0x91/0x110
[   39.020538][ T3606]  do_syscall_64+0x35/0xb0
[   39.025034][ T3606]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   39.030918][ T3606] 
[   39.033226][ T3606] Memory state around the buggy address:
[   39.038845][ T3606]  ffff88807abbe800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.046896][ T3606]  ffff88807abbe880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.054940][ T3606] >ffff88807abbe900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.062984][ T3606]                                                           ^
[   39.070595][ T3606]  ffff88807abbe980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.078640][ T3606]  ffff88807abbea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.086684][ T3606] ==================================================================
[   39.103034][ T3606] Kernel panic - not syncing: panic_on_warn set ...
[   39.109645][ T3606] CPU: 1 PID: 3606 Comm: syz-executor339 Not tainted 5.19.0-rc6-syzkaller-00418-g972a278fe60c #0
[   39.120173][ T3606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[   39.130232][ T3606] Call Trace:
[   39.133503][ T3606]  <TASK>
[   39.136425][ T3606]  dump_stack_lvl+0xcd/0x134
[   39.141020][ T3606]  panic+0x2d7/0x636
[   39.144907][ T3606]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   39.150883][ T3606]  ? preempt_schedule_common+0x59/0xc0
[   39.156407][ T3606]  ? kill_fasync+0x45e/0x470
[   39.161076][ T3606]  ? preempt_schedule_thunk+0x16/0x18
[   39.166445][ T3606]  ? kill_fasync+0x45e/0x470
[   39.171031][ T3606]  end_report.part.0+0x3f/0x7c
[   39.175791][ T3606]  kasan_report.cold+0x93/0x1c6
[   39.180638][ T3606]  ? kill_fasync+0x45e/0x470
[   39.185245][ T3606]  kill_fasync+0x45e/0x470
[   39.189663][ T3606]  post_one_notification.isra.0+0x6e4/0x990
[   39.195560][ T3606]  __post_watch_notification+0x561/0x840
[   39.201364][ T3606]  ? down_write_killable+0x170/0x170
[   39.206647][ T3606]  ? user_update+0x148/0x310
[   39.211231][ T3606]  key_create_or_update+0xdbf/0xde0
[   39.216423][ T3606]  ? key_alloc+0x1210/0x1210
[   39.221004][ T3606]  ? join_session_keyring+0x340/0x340
[   39.226384][ T3606]  __do_sys_add_key+0x215/0x430
[   39.231227][ T3606]  ? __do_sys_request_key+0x3b0/0x3b0
[   39.236590][ T3606]  ? syscall_enter_from_user_mode+0x21/0x70
[   39.242476][ T3606]  ? syscall_enter_from_user_mode+0x21/0x70
[   39.248378][ T3606]  do_syscall_64+0x35/0xb0
[   39.252800][ T3606]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   39.259209][ T3606] RIP: 0033:0x7fb1a43aaf49
[   39.263612][ T3606] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   39.283222][ T3606] RSP: 002b:00007ffc4dcbdb48 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[   39.291634][ T3606] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007fb1a43aaf49
[   39.299598][ T3606] RDX: 0000000020000280 RSI: 0000000020000100 RDI: 00000000200000c0
[   39.307819][ T3606] RBP: 0000000000000000 R08: 00000000fffffffc R09: 0000000000000001
[   39.315786][ T3606] R10: 0000000000000048 R11: 0000000000000246 R12: 00007fb1a436e720
[   39.323743][ T3606] R13: 0000000000000000 R14: 00007ffc4dcbdb70 R15: 00007ffc4dcbdb60
[   39.331895][ T3606]  </TASK>
[   39.335514][ T3606] Kernel Offset: disabled
[   39.339825][ T3606] Rebooting in 86400 seconds..