Warning: Permanently added '10.128.0.212' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 39.324040][ T3589] ==================================================================
[ 39.332183][ T3589] BUG: KASAN: use-after-free in null_skcipher_crypt+0xa8/0x120
[ 39.339733][ T3589] Write of size 4096 at addr ffff888074df8000 by task syz-executor157/3589
[ 39.348407][ T3589]
[ 39.350708][ T3589] CPU: 1 PID: 3589 Comm: syz-executor157 Not tainted 5.17.0-rc6-syzkaller-00066-g5859a2b19911 #0
[ 39.361177][ T3589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 39.371209][ T3589] Call Trace:
[ 39.374466][ T3589]
[ 39.377375][ T3589] dump_stack_lvl+0xcd/0x134
[ 39.381958][ T3589] print_address_description.constprop.0.cold+0x8d/0x336
[ 39.388977][ T3589] ? null_skcipher_crypt+0xa8/0x120
[ 39.394174][ T3589] ? null_skcipher_crypt+0xa8/0x120
[ 39.399511][ T3589] kasan_report.cold+0x83/0xdf
[ 39.404257][ T3589] ? null_skcipher_crypt+0xa8/0x120
[ 39.409433][ T3589] kasan_check_range+0x13d/0x180
[ 39.414348][ T3589] memcpy+0x39/0x60
[ 39.418133][ T3589] null_skcipher_crypt+0xa8/0x120
[ 39.423136][ T3589] ? null_crypt+0x30/0x30
[ 39.427614][ T3589] ? find_held_lock+0x2d/0x110
[ 39.432358][ T3589] ? memset+0x20/0x40
[ 39.436319][ T3589] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 39.442539][ T3589] ? sg_next+0x73/0xb0
[ 39.446698][ T3589] crypto_skcipher_encrypt+0xaa/0xf0
[ 39.451966][ T3589] crypto_authenc_encrypt+0x3b4/0x510
[ 39.457322][ T3589] crypto_aead_encrypt+0xaa/0xf0
[ 39.462241][ T3589] esp6_output_tail+0x777/0x1a90
[ 39.467171][ T3589] esp6_output+0x4af/0x8a0
[ 39.471572][ T3589] ? esp6_output_head+0x1b70/0x1b70
[ 39.476758][ T3589] ? __local_bh_enable_ip+0xa0/0x120
[ 39.482043][ T3589] xfrm_output_resume+0x2a92/0x5ca0
[ 39.487242][ T3589] ? xfrm_inner_extract_output+0x2ab0/0x2ab0
[ 39.493201][ T3589] ? __sanitizer_cov_trace_switch+0x63/0xf0
[ 39.499074][ T3589] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80
[ 39.505295][ T3589] ? __xfrm_state_mtu+0x27c/0x370
[ 39.510299][ T3589] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80
[ 39.516520][ T3589] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 39.522739][ T3589] ? xfrm_state_mtu+0x89/0xa0
[ 39.527392][ T3589] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80
[ 39.533613][ T3589] ? xfrm_output+0x2cd/0x1290
[ 39.538271][ T3589] xfrm_output+0x2eb/0x1290
[ 39.542928][ T3589] __xfrm6_output+0x4bf/0x1080
[ 39.547684][ T3589] xfrm6_output+0x117/0x550
[ 39.552166][ T3589] ? xfrm6_local_error+0x2e0/0x2e0
[ 39.557251][ T3589] ? ip6_output+0x530/0x530
[ 39.561735][ T3589] ? xfrm6_local_rxpmtu+0x230/0x230
[ 39.566907][ T3589] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 39.573127][ T3589] ? ip6_setup_cork+0xfee/0x1780
[ 39.578132][ T3589] ip6_local_out+0xaf/0x1a0
[ 39.582617][ T3589] ip6_send_skb+0xb7/0x340
[ 39.587013][ T3589] ip6_push_pending_frames+0xdd/0x100
[ 39.592363][ T3589] rawv6_sendmsg+0x2b89/0x3b30
[ 39.597281][ T3589] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 39.603522][ T3589] ? mark_lock.part.0+0x836/0x1910
[ 39.608616][ T3589] ? rawv6_bind+0xa10/0xa10
[ 39.613099][ T3589] ? find_held_lock+0x2d/0x110
[ 39.617841][ T3589] ? __might_fault+0xd1/0x170
[ 39.622498][ T3589] ? lock_downgrade+0x6e0/0x6e0
[ 39.627338][ T3589] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 39.633569][ T3589] ? inet_sendmsg+0x4a/0xe0
[ 39.638053][ T3589] inet_sendmsg+0x99/0xe0
[ 39.642361][ T3589] ? inet_send_prepare+0x4e0/0x4e0
[ 39.647464][ T3589] sock_sendmsg+0xcf/0x120
[ 39.651879][ T3589] ____sys_sendmsg+0x6e8/0x810
[ 39.656622][ T3589] ? kernel_sendmsg+0x50/0x50
[ 39.661275][ T3589] ? do_recvmmsg+0x6d0/0x6d0
[ 39.665857][ T3589] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 39.671816][ T3589] ? release_sock+0x1b/0x1b0
[ 39.676382][ T3589] ? reacquire_held_locks+0x214/0x4e0
[ 39.681731][ T3589] ___sys_sendmsg+0xf3/0x170
[ 39.686294][ T3589] ? sendmsg_copy_msghdr+0x160/0x160
[ 39.691560][ T3589] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 39.697529][ T3589] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 39.703491][ T3589] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 39.709706][ T3589] ? __fget_light+0x215/0x280
[ 39.714362][ T3589] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 39.720670][ T3589] __sys_sendmsg+0xe5/0x1b0
[ 39.725147][ T3589] ? __sys_sendmsg_sock+0x30/0x30
[ 39.730150][ T3589] ? syscall_enter_from_user_mode+0x21/0x70
[ 39.736024][ T3589] do_syscall_64+0x35/0xb0
[ 39.740443][ T3589] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 39.746401][ T3589] RIP: 0033:0x7f255dfc6559
[ 39.750790][ T3589] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 39.770401][ T3589] RSP: 002b:00007ffe53f07168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 39.778803][ T3589] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f255dfc6559
[ 39.786781][ T3589] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 39.794736][ T3589] RBP: 00007f255df8a540 R08: 0000000000000000 R09: 0000000000000000
[ 39.802690][ T3589] R10: 00000000000000e8 R11: 0000000000000246 R12: 00007f255df8a5d0
[ 39.810652][ T3589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 39.818620][ T3589]
[ 39.821619][ T3589]
[ 39.823914][ T3589] Allocated by task 3589:
[ 39.828212][ T3589] kasan_save_stack+0x1e/0x40
[ 39.832873][ T3589] __kasan_kmalloc+0xa9/0xd0
[ 39.837439][ T3589] tomoyo_realpath_from_path+0xc3/0x620
[ 39.842963][ T3589] tomoyo_check_open_permission+0x272/0x380
[ 39.848830][ T3589] tomoyo_file_open+0xa3/0xd0
[ 39.853485][ T3589] security_file_open+0x45/0xb0
[ 39.858310][ T3589] do_dentry_open+0x358/0x1250
[ 39.863049][ T3589] path_openat+0x1c9e/0x2940
[ 39.867611][ T3589] do_filp_open+0x1aa/0x400
[ 39.872088][ T3589] do_sys_openat2+0x16d/0x4d0
[ 39.876741][ T3589] __x64_sys_openat+0x13f/0x1f0
[ 39.881565][ T3589] do_syscall_64+0x35/0xb0
[ 39.885959][ T3589] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 39.891826][ T3589]
[ 39.894126][ T3589] Freed by task 3589:
[ 39.898076][ T3589] kasan_save_stack+0x1e/0x40
[ 39.902749][ T3589] kasan_set_track+0x21/0x30
[ 39.907314][ T3589] kasan_set_free_info+0x20/0x30
[ 39.912237][ T3589] ____kasan_slab_free+0x126/0x160
[ 39.917325][ T3589] slab_free_freelist_hook+0x8b/0x1c0
[ 39.922673][ T3589] kfree+0xd0/0x390
[ 39.926469][ T3589] tomoyo_realpath_from_path+0x191/0x620
[ 39.932078][ T3589] tomoyo_check_open_permission+0x272/0x380
[ 39.937946][ T3589] tomoyo_file_open+0xa3/0xd0
[ 39.942597][ T3589] security_file_open+0x45/0xb0
[ 39.947422][ T3589] do_dentry_open+0x358/0x1250
[ 39.952159][ T3589] path_openat+0x1c9e/0x2940
[ 39.956732][ T3589] do_filp_open+0x1aa/0x400
[ 39.961210][ T3589] do_sys_openat2+0x16d/0x4d0
[ 39.965858][ T3589] __x64_sys_openat+0x13f/0x1f0
[ 39.970683][ T3589] do_syscall_64+0x35/0xb0
[ 39.975076][ T3589] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 39.980951][ T3589]
[ 39.983250][ T3589] The buggy address belongs to the object at ffff888074df8000
[ 39.983250][ T3589] which belongs to the cache kmalloc-4k of size 4096
[ 39.997274][ T3589] The buggy address is located 0 bytes inside of
[ 39.997274][ T3589] 4096-byte region [ffff888074df8000, ffff888074df9000)
[ 40.010449][ T3589] The buggy address belongs to the page:
[ 40.016055][ T3589] page:ffffea0001d37e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x74df8
[ 40.026191][ T3589] head:ffffea0001d37e00 order:3 compound_mapcount:0 compound_pincount:0
[ 40.034489][ T3589] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 40.042448][ T3589] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010c42140
[ 40.051012][ T3589] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[ 40.059565][ T3589] page dumped because: kasan: bad access detected
[ 40.065958][ T3589] page_owner tracks the page as allocated
[ 40.071643][ T3589] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2967, ts 17149793924, free_ts 17109961066
[ 40.089940][ T3589] get_page_from_freelist+0xa72/0x2f50
[ 40.095380][ T3589] __alloc_pages+0x1b2/0x500
[ 40.099943][ T3589] alloc_pages+0x1aa/0x310
[ 40.104338][ T3589] allocate_slab+0x27f/0x3c0
[ 40.108901][ T3589] ___slab_alloc+0xbe1/0x12b0
[ 40.113551][ T3589] __slab_alloc.constprop.0+0x4d/0xa0
[ 40.118898][ T3589] __kmalloc+0x372/0x450
[ 40.123129][ T3589] tomoyo_realpath_from_path+0xc3/0x620
[ 40.128649][ T3589] tomoyo_path_perm+0x21b/0x400
[ 40.133487][ T3589] security_inode_getattr+0xcf/0x140
[ 40.138760][ T3589] vfs_statx+0x164/0x390
[ 40.142978][ T3589] __do_sys_newfstatat+0x96/0x120
[ 40.147974][ T3589] do_syscall_64+0x35/0xb0
[ 40.152366][ T3589] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 40.158235][ T3589] page last free stack trace:
[ 40.162880][ T3589] free_pcp_prepare+0x374/0x870
[ 40.167702][ T3589] free_unref_page+0x19/0x690
[ 40.172354][ T3589] __unfreeze_partials+0x320/0x340
[ 40.177442][ T3589] qlist_free_all+0x6d/0x160
[ 40.182012][ T3589] kasan_quarantine_reduce+0x180/0x200
[ 40.187458][ T3589] __kasan_slab_alloc+0xa2/0xc0
[ 40.192303][ T3589] kmem_cache_alloc+0x1b1/0x4b0
[ 40.197131][ T3589] anon_vma_fork+0xed/0x630
[ 40.201612][ T3589] dup_mm+0xa07/0x13e0
[ 40.205654][ T3589] copy_process+0x3cf7/0x7250
[ 40.210304][ T3589] kernel_clone+0xe7/0xab0
[ 40.214693][ T3589] __do_sys_clone+0xc8/0x110
[ 40.219269][ T3589] do_syscall_64+0x35/0xb0
[ 40.223674][ T3589] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 40.229547][ T3589]
[ 40.231848][ T3589] Memory state around the buggy address:
[ 40.237450][ T3589] ffff888074df7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.245486][ T3589] ffff888074df7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 40.253526][ T3589] >ffff888074df8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.261562][ T3589] ^
[ 40.265603][ T3589] ffff888074df8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.273648][ T3589] ffff888074df8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 40.281679][ T3589] ==================================================================
[ 40.289709][ T3589] Disabling lock debugging due to kernel taint
[ 40.296015][ T3589] Kernel panic - not syncing: panic_on_warn set ...
[ 40.302590][ T3589] CPU: 1 PID: 3589 Comm: syz-executor157 Tainted: G B 5.17.0-rc6-syzkaller-00066-g5859a2b19911 #0
[ 40.314458][ T3589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 40.324494][ T3589] Call Trace:
[ 40.327752][ T3589]
[ 40.330663][ T3589] dump_stack_lvl+0xcd/0x134
[ 40.335241][ T3589] panic+0x2b0/0x6dd
[ 40.339123][ T3589] ? __warn_printk+0xf3/0xf3
[ 40.343699][ T3589] ? preempt_schedule_common+0x59/0xc0
[ 40.349142][ T3589] ? null_skcipher_crypt+0xa8/0x120
[ 40.354327][ T3589] ? preempt_schedule_thunk+0x16/0x18
[ 40.359683][ T3589] ? trace_hardirqs_on+0x38/0x1c0
[ 40.364689][ T3589] ? trace_hardirqs_on+0x51/0x1c0
[ 40.369696][ T3589] ? null_skcipher_crypt+0xa8/0x120
[ 40.374877][ T3589] ? null_skcipher_crypt+0xa8/0x120
[ 40.380058][ T3589] end_report.cold+0x63/0x6f
[ 40.384643][ T3589] kasan_report.cold+0x71/0xdf
[ 40.389390][ T3589] ? null_skcipher_crypt+0xa8/0x120
[ 40.394574][ T3589] kasan_check_range+0x13d/0x180
[ 40.399492][ T3589] memcpy+0x39/0x60
[ 40.403279][ T3589] null_skcipher_crypt+0xa8/0x120
[ 40.408289][ T3589] ? null_crypt+0x30/0x30
[ 40.412604][ T3589] ? find_held_lock+0x2d/0x110
[ 40.417352][ T3589] ? memset+0x20/0x40
[ 40.421311][ T3589] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 40.427540][ T3589] ? sg_next+0x73/0xb0
[ 40.431594][ T3589] crypto_skcipher_encrypt+0xaa/0xf0
[ 40.436879][ T3589] crypto_authenc_encrypt+0x3b4/0x510
[ 40.442237][ T3589] crypto_aead_encrypt+0xaa/0xf0
[ 40.447158][ T3589] esp6_output_tail+0x777/0x1a90
[ 40.452089][ T3589] esp6_output+0x4af/0x8a0
[ 40.456495][ T3589] ? esp6_output_head+0x1b70/0x1b70
[ 40.461691][ T3589] ? __local_bh_enable_ip+0xa0/0x120
[ 40.466962][ T3589] xfrm_output_resume+0x2a92/0x5ca0
[ 40.472164][ T3589] ? xfrm_inner_extract_output+0x2ab0/0x2ab0
[ 40.478128][ T3589] ? __sanitizer_cov_trace_switch+0x63/0xf0
[ 40.484005][ T3589] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80
[ 40.490231][ T3589] ? __xfrm_state_mtu+0x27c/0x370
[ 40.495236][ T3589] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80
[ 40.501461][ T3589] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 40.507684][ T3589] ? xfrm_state_mtu+0x89/0xa0
[ 40.512341][ T3589] ? __sanitizer_cov_trace_const_cmp2+0x22/0x80
[ 40.518564][ T3589] ? xfrm_output+0x2cd/0x1290
[ 40.523227][ T3589] xfrm_output+0x2eb/0x1290
[ 40.527713][ T3589] __xfrm6_output+0x4bf/0x1080
[ 40.532457][ T3589] xfrm6_output+0x117/0x550
[ 40.537123][ T3589] ? xfrm6_local_error+0x2e0/0x2e0
[ 40.542384][ T3589] ? ip6_output+0x530/0x530
[ 40.546869][ T3589] ? xfrm6_local_rxpmtu+0x230/0x230
[ 40.552045][ T3589] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 40.558284][ T3589] ? ip6_setup_cork+0xfee/0x1780
[ 40.563205][ T3589] ip6_local_out+0xaf/0x1a0
[ 40.567691][ T3589] ip6_send_skb+0xb7/0x340
[ 40.572089][ T3589] ip6_push_pending_frames+0xdd/0x100
[ 40.577446][ T3589] rawv6_sendmsg+0x2b89/0x3b30
[ 40.582193][ T3589] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 40.588426][ T3589] ? mark_lock.part.0+0x836/0x1910
[ 40.593519][ T3589] ? rawv6_bind+0xa10/0xa10
[ 40.598006][ T3589] ? find_held_lock+0x2d/0x110
[ 40.602857][ T3589] ? __might_fault+0xd1/0x170
[ 40.607558][ T3589] ? lock_downgrade+0x6e0/0x6e0
[ 40.612403][ T3589] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 40.618718][ T3589] ? inet_sendmsg+0x4a/0xe0
[ 40.623228][ T3589] inet_sendmsg+0x99/0xe0
[ 40.627543][ T3589] ? inet_send_prepare+0x4e0/0x4e0
[ 40.632649][ T3589] sock_sendmsg+0xcf/0x120
[ 40.637052][ T3589] ____sys_sendmsg+0x6e8/0x810
[ 40.641796][ T3589] ? kernel_sendmsg+0x50/0x50
[ 40.646454][ T3589] ? do_recvmmsg+0x6d0/0x6d0
[ 40.651022][ T3589] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 40.656985][ T3589] ? release_sock+0x1b/0x1b0
[ 40.661553][ T3589] ? reacquire_held_locks+0x214/0x4e0
[ 40.666904][ T3589] ___sys_sendmsg+0xf3/0x170
[ 40.671473][ T3589] ? sendmsg_copy_msghdr+0x160/0x160
[ 40.676743][ T3589] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 40.682716][ T3589] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 40.688676][ T3589] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[ 40.694900][ T3589] ? __fget_light+0x215/0x280
[ 40.699559][ T3589] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70
[ 40.705781][ T3589] __sys_sendmsg+0xe5/0x1b0
[ 40.710261][ T3589] ? __sys_sendmsg_sock+0x30/0x30
[ 40.715266][ T3589] ? syscall_enter_from_user_mode+0x21/0x70
[ 40.721144][ T3589] do_syscall_64+0x35/0xb0
[ 40.725545][ T3589] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 40.731442][ T3589] RIP: 0033:0x7f255dfc6559
[ 40.735835][ T3589] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 40.755424][ T3589] RSP: 002b:00007ffe53f07168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 40.763814][ T3589] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f255dfc6559
[ 40.771761][ T3589] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000004
[ 40.779711][ T3589] RBP: 00007f255df8a540 R08: 0000000000000000 R09: 0000000000000000
[ 40.787665][ T3589] R10: 00000000000000e8 R11: 0000000000000246 R12: 00007f255df8a5d0
[ 40.795616][ T3589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 40.803576][ T3589]
[ 40.807051][ T3589] Kernel Offset: disabled
[ 40.811351][ T3589] Rebooting in 86400 seconds..