Warning: Permanently added '10.128.0.77' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 51.627014][ T3589] ==================================================================
[ 51.635172][ T3589] BUG: KASAN: use-after-free in strcmp+0x9b/0xb0
[ 51.641503][ T3589] Read of size 1 at addr ffff88807d7e1204 by task syz-executor409/3589
[ 51.649726][ T3589]
[ 51.652122][ T3589] CPU: 1 PID: 3589 Comm: syz-executor409 Not tainted 5.17.0-rc3-syzkaller #0
[ 51.660974][ T3589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 51.671029][ T3589] Call Trace:
[ 51.674300][ T3589]
[ 51.677221][ T3589] dump_stack_lvl+0xcd/0x134
[ 51.681814][ T3589] print_address_description.constprop.0.cold+0x8d/0x336
[ 51.688838][ T3589] ? strcmp+0x9b/0xb0
[ 51.692808][ T3589] ? strcmp+0x9b/0xb0
[ 51.696783][ T3589] kasan_report.cold+0x83/0xdf
[ 51.701537][ T3589] ? strcmp+0x9b/0xb0
[ 51.705523][ T3589] strcmp+0x9b/0xb0
[ 51.709317][ T3589] madvise_update_vma+0x4e6/0x7f0
[ 51.714332][ T3589] madvise_vma_behavior+0x116/0x1910
[ 51.719605][ T3589] ? madvise_vma_anon_name+0xc0/0xc0
[ 51.724897][ T3589] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 51.730617][ T3589] ? vmacache_find+0x62/0x330
[ 51.735286][ T3589] ? find_vma+0xbd/0x270
[ 51.739530][ T3589] madvise_walk_vmas+0x1d5/0x2d0
[ 51.744456][ T3589] ? madvise_vma_anon_name+0xc0/0xc0
[ 51.749842][ T3589] ? __remove_memory+0x40/0x40
[ 51.754606][ T3589] ? __down_timeout+0x10/0x10
[ 51.759293][ T3589] ? find_held_lock+0x2d/0x110
[ 51.764056][ T3589] do_madvise+0x249/0x3c0
[ 51.768477][ T3589] ? madvise_set_anon_name+0xe0/0xe0
[ 51.773760][ T3589] __x64_sys_madvise+0xa6/0x110
[ 51.778599][ T3589] ? syscall_enter_from_user_mode+0x21/0x70
[ 51.784481][ T3589] do_syscall_64+0x35/0xb0
[ 51.788884][ T3589] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 51.794765][ T3589] RIP: 0033:0x7f6ad4c54ff9
[ 51.799179][ T3589] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 51.818889][ T3589] RSP: 002b:00007fffe2f63c58 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[ 51.827307][ T3589] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6ad4c54ff9
[ 51.835290][ T3589] RDX: 000000000000000b RSI: 0000000000001000 RDI: 0000000020ffc000
[ 51.843257][ T3589] RBP: 00007f6ad4c18fe0 R08: 0000000000000000 R09: 0000000000000000
[ 51.851302][ T3589] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f6ad4c19070
[ 51.859269][ T3589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 51.867235][ T3589]
[ 51.870242][ T3589]
[ 51.872561][ T3589] Allocated by task 3589:
[ 51.876876][ T3589] kasan_save_stack+0x1e/0x40
[ 51.881538][ T3589] __kasan_kmalloc+0xa9/0xd0
[ 51.886123][ T3589] madvise_update_vma+0x546/0x7f0
[ 51.891133][ T3589] madvise_vma_anon_name+0x7c/0xc0
[ 51.896226][ T3589] madvise_walk_vmas+0x1d5/0x2d0
[ 51.901146][ T3589] madvise_set_anon_name+0xac/0xe0
[ 51.906265][ T3589] __do_sys_prctl+0xeb5/0x12d0
[ 51.911013][ T3589] do_syscall_64+0x35/0xb0
[ 51.915426][ T3589] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 51.921306][ T3589]
[ 51.923619][ T3589] Freed by task 3589:
[ 51.927575][ T3589] kasan_save_stack+0x1e/0x40
[ 51.932231][ T3589] kasan_set_track+0x21/0x30
[ 51.936802][ T3589] kasan_set_free_info+0x20/0x30
[ 51.941745][ T3589] ____kasan_slab_free+0x130/0x160
[ 51.946840][ T3589] slab_free_freelist_hook+0x8b/0x1c0
[ 51.952207][ T3589] kfree+0xcb/0x280
[ 51.955999][ T3589] free_vma_anon_name+0xeb/0x110
[ 51.960924][ T3589] vm_area_free+0x11/0x30
[ 51.965236][ T3589] __vma_adjust+0x836/0x24a0
[ 51.969820][ T3589] vma_merge+0x860/0xeb0
[ 51.974046][ T3589] madvise_update_vma+0x1b6/0x7f0
[ 51.979057][ T3589] madvise_vma_behavior+0x116/0x1910
[ 51.984328][ T3589] madvise_walk_vmas+0x1d5/0x2d0
[ 51.989247][ T3589] do_madvise+0x249/0x3c0
[ 51.993562][ T3589] __x64_sys_madvise+0xa6/0x110
[ 51.998395][ T3589] do_syscall_64+0x35/0xb0
[ 52.002792][ T3589] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 52.008677][ T3589]
[ 52.010997][ T3589] The buggy address belongs to the object at ffff88807d7e1200
[ 52.010997][ T3589] which belongs to the cache kmalloc-32 of size 32
[ 52.024854][ T3589] The buggy address is located 4 bytes inside of
[ 52.024854][ T3589] 32-byte region [ffff88807d7e1200, ffff88807d7e1220)
[ 52.037850][ T3589] The buggy address belongs to the page:
[ 52.043582][ T3589] page:ffffea0001f5f840 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d7e1
[ 52.053723][ T3589] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 52.061268][ T3589] raw: 00fff00000000200 0000000000000000 dead000000000001 ffff888010c41500
[ 52.069841][ T3589] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000
[ 52.078438][ T3589] page dumped because: kasan: bad access detected
[ 52.084832][ T3589] page_owner tracks the page as allocated
[ 52.090525][ T3589] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 2960, ts 17604831601, free_ts 17602658668
[ 52.106390][ T3589] get_page_from_freelist+0xa72/0x2f50
[ 52.111840][ T3589] __alloc_pages+0x1b2/0x500
[ 52.116413][ T3589] alloc_pages+0x1aa/0x310
[ 52.120813][ T3589] new_slab+0x28a/0x3b0
[ 52.124950][ T3589] ___slab_alloc+0x87c/0xe90
[ 52.129524][ T3589] __slab_alloc.constprop.0+0x4d/0xa0
[ 52.134973][ T3589] __kmalloc+0x2fb/0x340
[ 52.139220][ T3589] tomoyo_encode2.part.0+0xe9/0x3a0
[ 52.144409][ T3589] tomoyo_encode2+0x23/0x40
[ 52.148896][ T3589] tomoyo_unix_entry+0x31f/0x5e0
[ 52.153816][ T3589] tomoyo_socket_connect_permission+0x300/0x340
[ 52.160039][ T3589] security_socket_connect+0x50/0xb0
[ 52.165309][ T3589] __sys_connect_file+0xa2/0x1a0
[ 52.170233][ T3589] __sys_connect+0x161/0x190
[ 52.174820][ T3589] __x64_sys_connect+0x6f/0xb0
[ 52.179566][ T3589] do_syscall_64+0x35/0xb0
[ 52.183969][ T3589] page last free stack trace:
[ 52.188624][ T3589] free_pcp_prepare+0x374/0x870
[ 52.193460][ T3589] free_unref_page+0x19/0x690
[ 52.198119][ T3589] __mmdrop+0xcb/0x3f0
[ 52.202172][ T3589] finish_task_switch.isra.0+0x7cd/0xb80
[ 52.207790][ T3589] __schedule+0xaba/0x4db0
[ 52.212195][ T3589] schedule+0xd2/0x260
[ 52.216262][ T3589] do_wait+0x5f4/0xce0
[ 52.220934][ T3589] kernel_wait4+0x14c/0x260
[ 52.225436][ T3589] __do_sys_wait4+0x13f/0x150
[ 52.230106][ T3589] do_syscall_64+0x35/0xb0
[ 52.234511][ T3589] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 52.240419][ T3589]
[ 52.242725][ T3589] Memory state around the buggy address:
[ 52.248399][ T3589] ffff88807d7e1100: 00 00 00 05 fc fc fc fc fa fb fb fb fc fc fc fc
[ 52.256466][ T3589] ffff88807d7e1180: 00 00 01 fc fc fc fc fc fa fb fb fb fc fc fc fc
[ 52.264587][ T3589] >ffff88807d7e1200: fa fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[ 52.272719][ T3589] ^
[ 52.276874][ T3589] ffff88807d7e1280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[ 52.284916][ T3589] ffff88807d7e1300: 00 00 00 02 fc fc fc fc fb fb fb fb fc fc fc fc
[ 52.293310][ T3589] ==================================================================
[ 52.301371][ T3589] Disabling lock debugging due to kernel taint
[ 52.310618][ T3589] Kernel panic - not syncing: panic_on_warn set ...
[ 52.317230][ T3589] CPU: 0 PID: 3589 Comm: syz-executor409 Tainted: G B 5.17.0-rc3-syzkaller #0
[ 52.327398][ T3589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 52.337447][ T3589] Call Trace:
[ 52.340713][ T3589]
[ 52.343720][ T3589] dump_stack_lvl+0xcd/0x134
[ 52.348308][ T3589] panic+0x2b0/0x6dd
[ 52.352197][ T3589] ? __warn_printk+0xf3/0xf3
[ 52.356778][ T3589] ? preempt_schedule_common+0x59/0xc0
[ 52.362230][ T3589] ? strcmp+0x9b/0xb0
[ 52.366202][ T3589] ? preempt_schedule_thunk+0x16/0x18
[ 52.371566][ T3589] ? trace_hardirqs_on+0x38/0x1c0
[ 52.376750][ T3589] ? trace_hardirqs_on+0x51/0x1c0
[ 52.381763][ T3589] ? strcmp+0x9b/0xb0
[ 52.385734][ T3589] ? strcmp+0x9b/0xb0
[ 52.389702][ T3589] end_report.cold+0x63/0x6f
[ 52.394292][ T3589] kasan_report.cold+0x71/0xdf
[ 52.399044][ T3589] ? strcmp+0x9b/0xb0
[ 52.403013][ T3589] strcmp+0x9b/0xb0
[ 52.406808][ T3589] madvise_update_vma+0x4e6/0x7f0
[ 52.411825][ T3589] madvise_vma_behavior+0x116/0x1910
[ 52.417102][ T3589] ? madvise_vma_anon_name+0xc0/0xc0
[ 52.422382][ T3589] ? __sanitizer_cov_trace_cmp8+0x1d/0x70
[ 52.428092][ T3589] ? vmacache_find+0x62/0x330
[ 52.432757][ T3589] ? find_vma+0xbd/0x270
[ 52.436999][ T3589] madvise_walk_vmas+0x1d5/0x2d0
[ 52.441943][ T3589] ? madvise_vma_anon_name+0xc0/0xc0
[ 52.447230][ T3589] ? __remove_memory+0x40/0x40
[ 52.451994][ T3589] ? __down_timeout+0x10/0x10
[ 52.456669][ T3589] ? find_held_lock+0x2d/0x110
[ 52.461436][ T3589] do_madvise+0x249/0x3c0
[ 52.465757][ T3589] ? madvise_set_anon_name+0xe0/0xe0
[ 52.471044][ T3589] __x64_sys_madvise+0xa6/0x110
[ 52.475898][ T3589] ? syscall_enter_from_user_mode+0x21/0x70
[ 52.481804][ T3589] do_syscall_64+0x35/0xb0
[ 52.486212][ T3589] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 52.492100][ T3589] RIP: 0033:0x7f6ad4c54ff9
[ 52.496505][ T3589] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 52.516108][ T3589] RSP: 002b:00007fffe2f63c58 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[ 52.524524][ T3589] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6ad4c54ff9
[ 52.532481][ T3589] RDX: 000000000000000b RSI: 0000000000001000 RDI: 0000000020ffc000
[ 52.540441][ T3589] RBP: 00007f6ad4c18fe0 R08: 0000000000000000 R09: 0000000000000000
[ 52.548400][ T3589] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f6ad4c19070
[ 52.556360][ T3589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 52.564326][ T3589]
[ 52.567560][ T3589] Kernel Offset: disabled
[ 52.571868][ T3589] Rebooting in 86400 seconds..