Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   50.553785][ T3618] ==================================================================
[   50.561853][ T3618] BUG: KASAN: use-after-free in __lock_acquire+0x3f2f/0x56c0
[   50.569232][ T3618] Read of size 8 at addr ffff88807bc048a8 by task syz-executor399/3618
[   50.577445][ T3618] 
[   50.579747][ T3618] CPU: 1 PID: 3618 Comm: syz-executor399 Not tainted 5.17.0-rc8-syzkaller-00045-g551acdc3c3d2 #0
[   50.590219][ T3618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.600253][ T3618] Call Trace:
[   50.603523][ T3618]  <TASK>
[   50.606439][ T3618]  dump_stack_lvl+0xcd/0x134
[   50.611053][ T3618]  print_address_description.constprop.0.cold+0x8d/0x336
[   50.618353][ T3618]  ? __lock_acquire+0x3f2f/0x56c0
[   50.623365][ T3618]  ? __lock_acquire+0x3f2f/0x56c0
[   50.628381][ T3618]  kasan_report.cold+0x83/0xdf
[   50.633130][ T3618]  ? __lock_acquire+0x3f2f/0x56c0
[   50.638138][ T3618]  __lock_acquire+0x3f2f/0x56c0
[   50.642988][ T3618]  ? stack_trace_save+0x8c/0xc0
[   50.647824][ T3618]  ? __lock_acquire+0xbc4/0x56c0
[   50.652747][ T3618]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   50.658712][ T3618]  lock_acquire+0x1ab/0x510
[   50.663198][ T3618]  ? post_one_notification.isra.0+0x59/0x830
[   50.669163][ T3618]  ? lock_release+0x720/0x720
[   50.673824][ T3618]  ? _raw_spin_lock_irq+0x41/0x50
[   50.678859][ T3618]  _raw_spin_lock_irq+0x32/0x50
[   50.683694][ T3618]  ? post_one_notification.isra.0+0x59/0x830
[   50.689657][ T3618]  post_one_notification.isra.0+0x59/0x830
[   50.695448][ T3618]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   50.701691][ T3618]  ? security_post_notification+0x83/0xb0
[   50.707394][ T3618]  __post_watch_notification+0x561/0x840
[   50.713033][ T3618]  ? down_write_killable_nested+0x180/0x180
[   50.718911][ T3618]  ? user_update+0x148/0x310
[   50.723482][ T3618]  key_create_or_update+0xdbf/0xde0
[   50.728665][ T3618]  ? key_alloc+0x1210/0x1210
[   50.733240][ T3618]  ? join_session_keyring+0x340/0x340
[   50.738600][ T3618]  __do_sys_add_key+0x215/0x430
[   50.743429][ T3618]  ? __do_sys_request_key+0x3b0/0x3b0
[   50.748781][ T3618]  ? syscall_enter_from_user_mode+0x21/0x70
[   50.754660][ T3618]  do_syscall_64+0x35/0xb0
[   50.759064][ T3618]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.764935][ T3618] RIP: 0033:0x7f53132c8a89
[   50.769342][ T3618] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   50.788937][ T3618] RSP: 002b:00007f531327a2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[   50.797335][ T3618] RAX: ffffffffffffffda RBX: 00007f5313350428 RCX: 00007f53132c8a89
[   50.805287][ T3618] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000020000040
[   50.813238][ T3618] RBP: 0000000000000000 R08: 00000000fffffffc R09: 0000000000000000
[   50.821187][ T3618] R10: 0000000000000048 R11: 0000000000000246 R12: 00007f5313350420
[   50.829137][ T3618] R13: 00007f531335042c R14: 00007f531331e074 R15: 3a74707972637366
[   50.837094][ T3618]  </TASK>
[   50.840090][ T3618] 
[   50.842389][ T3618] Allocated by task 3615:
[   50.846688][ T3618]  kasan_save_stack+0x1e/0x40
[   50.851351][ T3618]  __kasan_kmalloc+0xa9/0xd0
[   50.855931][ T3618]  alloc_pipe_info+0x105/0x590
[   50.860674][ T3618]  create_pipe_files+0x8d/0x880
[   50.865504][ T3618]  do_pipe2+0x96/0x1b0
[   50.869549][ T3618]  __x64_sys_pipe2+0x50/0x70
[   50.874123][ T3618]  do_syscall_64+0x35/0xb0
[   50.878519][ T3618]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.884389][ T3618] 
[   50.886695][ T3618] Freed by task 3616:
[   50.890648][ T3618]  kasan_save_stack+0x1e/0x40
[   50.895316][ T3618]  kasan_set_track+0x21/0x30
[   50.899884][ T3618]  kasan_set_free_info+0x20/0x30
[   50.904802][ T3618]  ____kasan_slab_free+0x126/0x160
[   50.909891][ T3618]  slab_free_freelist_hook+0x8b/0x1c0
[   50.915253][ T3618]  kfree+0xd0/0x390
[   50.919039][ T3618]  pipe_release+0x2bf/0x320
[   50.923526][ T3618]  __fput+0x286/0x9f0
[   50.927496][ T3618]  task_work_run+0xdd/0x1a0
[   50.931984][ T3618]  exit_to_user_mode_prepare+0x27e/0x290
[   50.937594][ T3618]  syscall_exit_to_user_mode+0x19/0x60
[   50.943034][ T3618]  do_syscall_64+0x42/0xb0
[   50.947440][ T3618]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   50.953312][ T3618] 
[   50.955641][ T3618] The buggy address belongs to the object at ffff88807bc04800
[   50.955641][ T3618]  which belongs to the cache kmalloc-cg-512 of size 512
[   50.969933][ T3618] The buggy address is located 168 bytes inside of
[   50.969933][ T3618]  512-byte region [ffff88807bc04800, ffff88807bc04a00)
[   50.983192][ T3618] The buggy address belongs to the page:
[   50.988795][ T3618] page:ffffea0001ef0100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bc04
[   50.998922][ T3618] head:ffffea0001ef0100 order:2 compound_mapcount:0 compound_pincount:0
[   51.007231][ T3618] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   51.015193][ T3618] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888010c42dc0
[   51.023755][ T3618] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   51.032323][ T3618] page dumped because: kasan: bad access detected
[   51.038727][ T3618] page_owner tracks the page as allocated
[   51.044415][ T3618] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3609, ts 50514720858, free_ts 25116018184
[   51.063490][ T3618]  get_page_from_freelist+0xa72/0x2f50
[   51.068931][ T3618]  __alloc_pages+0x1b2/0x500
[   51.073498][ T3618]  alloc_pages+0x1aa/0x310
[   51.077895][ T3618]  allocate_slab+0x27f/0x3c0
[   51.082465][ T3618]  ___slab_alloc+0xbe1/0x12b0
[   51.087137][ T3618]  __slab_alloc.constprop.0+0x4d/0xa0
[   51.092497][ T3618]  kmem_cache_alloc_trace+0x2f8/0x3d0
[   51.097846][ T3618]  alloc_pipe_info+0x105/0x590
[   51.102602][ T3618]  create_pipe_files+0x8d/0x880
[   51.107435][ T3618]  do_pipe2+0x96/0x1b0
[   51.111482][ T3618]  __x64_sys_pipe2+0x50/0x70
[   51.116049][ T3618]  do_syscall_64+0x35/0xb0
[   51.120449][ T3618]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   51.126344][ T3618] page last free stack trace:
[   51.131000][ T3618]  free_pcp_prepare+0x374/0x870
[   51.135847][ T3618]  free_unref_page+0x19/0x690
[   51.140509][ T3618]  __unfreeze_partials+0x320/0x340
[   51.145609][ T3618]  qlist_free_all+0x6d/0x160
[   51.150189][ T3618]  kasan_quarantine_reduce+0x180/0x200
[   51.155629][ T3618]  __kasan_slab_alloc+0xa2/0xc0
[   51.160468][ T3618]  kmem_cache_alloc_trace+0x258/0x3d0
[   51.165835][ T3618]  tomoyo_init_log+0xc6a/0x1ee0
[   51.170682][ T3618]  tomoyo_supervisor+0x34d/0xf00
[   51.175604][ T3618]  tomoyo_env_perm+0x17f/0x1f0
[   51.180358][ T3618]  tomoyo_find_next_domain+0x13ce/0x1f80
[   51.185966][ T3618]  tomoyo_bprm_check_security+0x121/0x1a0
[   51.191692][ T3618]  security_bprm_check+0x45/0xa0
[   51.196618][ T3618]  bprm_execve+0x732/0x19b0
[   51.201102][ T3618]  do_execveat_common+0x5e3/0x780
[   51.206112][ T3618]  __x64_sys_execve+0x8f/0xc0
[   51.210779][ T3618] 
[   51.213085][ T3618] Memory state around the buggy address:
[   51.218695][ T3618]  ffff88807bc04780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   51.226732][ T3618]  ffff88807bc04800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.234770][ T3618] >ffff88807bc04880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.242802][ T3618]                                   ^
[   51.248145][ T3618]  ffff88807bc04900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.256179][ T3618]  ffff88807bc04980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.264211][ T3618] ==================================================================
[   51.272243][ T3618] Disabling lock debugging due to kernel taint
[   51.278364][ T3618] Kernel panic - not syncing: panic_on_warn set ...
[   51.284920][ T3618] CPU: 1 PID: 3618 Comm: syz-executor399 Tainted: G    B             5.17.0-rc8-syzkaller-00045-g551acdc3c3d2 #0
[   51.296780][ T3618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.306811][ T3618] Call Trace:
[   51.310069][ T3618]  <TASK>
[   51.312978][ T3618]  dump_stack_lvl+0xcd/0x134
[   51.317608][ T3618]  panic+0x2b0/0x6dd
[   51.321496][ T3618]  ? __warn_printk+0xf3/0xf3
[   51.326078][ T3618]  ? __lock_acquire+0x3f2f/0x56c0
[   51.331094][ T3618]  ? __lock_acquire+0x3f2f/0x56c0
[   51.336098][ T3618]  ? __lock_acquire+0x3f2f/0x56c0
[   51.341105][ T3618]  end_report.cold+0x63/0x6f
[   51.345708][ T3618]  kasan_report.cold+0x71/0xdf
[   51.350476][ T3618]  ? __lock_acquire+0x3f2f/0x56c0
[   51.355521][ T3618]  __lock_acquire+0x3f2f/0x56c0
[   51.360357][ T3618]  ? stack_trace_save+0x8c/0xc0
[   51.365544][ T3618]  ? __lock_acquire+0xbc4/0x56c0
[   51.370551][ T3618]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[   51.376522][ T3618]  lock_acquire+0x1ab/0x510
[   51.381006][ T3618]  ? post_one_notification.isra.0+0x59/0x830
[   51.386967][ T3618]  ? lock_release+0x720/0x720
[   51.391626][ T3618]  ? _raw_spin_lock_irq+0x41/0x50
[   51.396631][ T3618]  _raw_spin_lock_irq+0x32/0x50
[   51.401474][ T3618]  ? post_one_notification.isra.0+0x59/0x830
[   51.407433][ T3618]  post_one_notification.isra.0+0x59/0x830
[   51.413217][ T3618]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   51.419456][ T3618]  ? security_post_notification+0x83/0xb0
[   51.425155][ T3618]  __post_watch_notification+0x561/0x840
[   51.430768][ T3618]  ? down_write_killable_nested+0x180/0x180
[   51.436643][ T3618]  ? user_update+0x148/0x310
[   51.441214][ T3618]  key_create_or_update+0xdbf/0xde0
[   51.446400][ T3618]  ? key_alloc+0x1210/0x1210
[   51.450971][ T3618]  ? join_session_keyring+0x340/0x340
[   51.456325][ T3618]  __do_sys_add_key+0x215/0x430
[   51.461152][ T3618]  ? __do_sys_request_key+0x3b0/0x3b0
[   51.466501][ T3618]  ? syscall_enter_from_user_mode+0x21/0x70
[   51.472378][ T3618]  do_syscall_64+0x35/0xb0
[   51.476786][ T3618]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   51.482658][ T3618] RIP: 0033:0x7f53132c8a89
[   51.487050][ T3618] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   51.506635][ T3618] RSP: 002b:00007f531327a2f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[   51.515035][ T3618] RAX: ffffffffffffffda RBX: 00007f5313350428 RCX: 00007f53132c8a89
[   51.522984][ T3618] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000020000040
[   51.530948][ T3618] RBP: 0000000000000000 R08: 00000000fffffffc R09: 0000000000000000
[   51.538897][ T3618] R10: 0000000000000048 R11: 0000000000000246 R12: 00007f5313350420
[   51.546847][ T3618] R13: 00007f531335042c R14: 00007f531331e074 R15: 3a74707972637366
[   51.554814][ T3618]  </TASK>
[   51.557993][ T3618] Kernel Offset: disabled
[   51.562299][ T3618] Rebooting in 86400 seconds..