Warning: Permanently added '10.128.0.233' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   37.651593][   T26] audit: type=1400 audit(1647942623.123:75): avc:  denied  { execmem } for  pid=3596 comm="syz-executor206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   37.678723][   T26] audit: type=1400 audit(1647942623.133:76): avc:  denied  { create } for  pid=3604 comm="syz-executor206" dev="anon_inodefs" ino=28105 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   37.701345][   T26] audit: type=1400 audit(1647942623.133:77): avc:  denied  { map } for  pid=3604 comm="syz-executor206" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=28105 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
executing program
executing program
executing program
executing program
executing program
[   37.745268][   T26] audit: type=1400 audit(1647942623.133:78): avc:  denied  { read write } for  pid=3604 comm="syz-executor206" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=28105 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   37.748449][ T3625] ==================================================================
[   37.778328][ T3625] BUG: KASAN: use-after-free in __wake_up_common+0x637/0x650
[   37.785695][ T3625] Read of size 8 at addr ffff8880145a55b0 by task syz-executor206/3625
[   37.793918][ T3625] 
[   37.796237][ T3625] CPU: 0 PID: 3625 Comm: syz-executor206 Tainted: G        W         5.17.0-syzkaller-01402-g8565d64430f8 #0
[   37.807769][ T3625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.817802][ T3625] Call Trace:
[   37.821065][ T3625]  <TASK>
[   37.823983][ T3625]  dump_stack_lvl+0xcd/0x134
[   37.828573][ T3625]  print_address_description.constprop.0.cold+0x8d/0x303
[   37.835595][ T3625]  ? __wake_up_common+0x637/0x650
[   37.840613][ T3625]  ? __wake_up_common+0x637/0x650
[   37.845630][ T3625]  kasan_report.cold+0x83/0xdf
[   37.850393][ T3625]  ? spin_bug+0x100/0x100
[   37.854721][ T3625]  ? __wake_up_common+0x637/0x650
[   37.859737][ T3625]  __wake_up_common+0x637/0x650
[   37.864592][ T3625]  __wake_up_common_lock+0xd0/0x130
[   37.869785][ T3625]  ? __wake_up_common+0x650/0x650
[   37.874805][ T3625]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[   37.880608][ T3625]  ? trace_hardirqs_on+0x5b/0x1c0
[   37.885623][ T3625]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[   37.891421][ T3625]  ? tty_port_close+0x120/0x170
[   37.896272][ T3625]  tty_release+0x657/0x1200
[   37.900769][ T3625]  __fput+0x286/0x9f0
[   37.904829][ T3625]  ? tty_release_struct+0xe0/0xe0
[   37.909847][ T3625]  task_work_run+0xdd/0x1a0
[   37.914345][ T3625]  do_exit+0xaff/0x29d0
[   37.918494][ T3625]  ? lock_downgrade+0x6e0/0x6e0
[   37.923338][ T3625]  ? mm_update_next_owner+0x7a0/0x7a0
[   37.928708][ T3625]  do_group_exit+0xd2/0x2f0
[   37.933204][ T3625]  __x64_sys_exit_group+0x3a/0x50
[   37.938226][ T3625]  do_syscall_64+0x35/0xb0
[   37.942641][ T3625]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   37.948528][ T3625] RIP: 0033:0x7f4b2dd54c69
[   37.952931][ T3625] Code: Unable to access opcode bytes at RIP 0x7f4b2dd54c3f.
[   37.960543][ T3625] RSP: 002b:00007ffe94d10d48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   37.968947][ T3625] RAX: ffffffffffffffda RBX: 00007f4b2ddc9330 RCX: 00007f4b2dd54c69
[   37.976911][ T3625] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[   37.984872][ T3625] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000030000000
[   37.992834][ T3625] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4b2ddc9330
[   38.000801][ T3625] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   38.008762][ T3625]  </TASK>
[   38.011772][ T3625] 
[   38.014078][ T3625] Allocated by task 3623:
[   38.018387][ T3625]  kasan_save_stack+0x1e/0x40
[   38.023061][ T3625]  __kasan_kmalloc+0xa6/0xd0
[   38.027647][ T3625]  kmem_cache_alloc_trace+0x1ea/0x4a0
[   38.033010][ T3625]  io_arm_poll_handler+0x39d/0x940
[   38.038110][ T3625]  io_queue_sqe_arm_apoll+0x6d/0x430
[   38.043391][ T3625]  io_submit_sqes+0x7dda/0x9310
[   38.048238][ T3625]  __do_sys_io_uring_enter+0x9f1/0x1520
[   38.053781][ T3625]  do_syscall_64+0x35/0xb0
[   38.058192][ T3625]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   38.064079][ T3625] 
[   38.066384][ T3625] Freed by task 3623:
[   38.070343][ T3625]  kasan_save_stack+0x1e/0x40
[   38.075013][ T3625]  kasan_set_track+0x21/0x30
[   38.079592][ T3625]  kasan_set_free_info+0x20/0x30
[   38.084526][ T3625]  ____kasan_slab_free+0xff/0x140
[   38.089544][ T3625]  kfree+0xf8/0x2b0
[   38.093340][ T3625]  io_clean_op+0x20a/0xd90
[   38.097745][ T3625]  __io_req_complete_post+0x88c/0xc90
[   38.103108][ T3625]  io_req_complete_post+0x56/0x1d0
[   38.108206][ T3625]  io_apoll_task_func+0x1df/0x230
[   38.113225][ T3625]  tctx_task_work+0x1a2/0x1380
[   38.117980][ T3625]  task_work_run+0xdd/0x1a0
[   38.122471][ T3625]  do_exit+0xaff/0x29d0
[   38.126618][ T3625]  do_group_exit+0xd2/0x2f0
[   38.131118][ T3625]  __x64_sys_exit_group+0x3a/0x50
[   38.136138][ T3625]  do_syscall_64+0x35/0xb0
[   38.140548][ T3625]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   38.146431][ T3625] 
[   38.148746][ T3625] The buggy address belongs to the object at ffff8880145a5580
[   38.148746][ T3625]  which belongs to the cache kmalloc-96 of size 96
[   38.162609][ T3625] The buggy address is located 48 bytes inside of
[   38.162609][ T3625]  96-byte region [ffff8880145a5580, ffff8880145a55e0)
[   38.175695][ T3625] The buggy address belongs to the page:
[   38.181329][ T3625] page:ffffea0000516940 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880145a5780 pfn:0x145a5
[   38.192769][ T3625] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   38.200313][ T3625] raw: 00fff00000000200 ffffea0001d777c8 ffffea000064cec8 ffff888010c40300
[   38.208886][ T3625] raw: ffff8880145a5780 ffff8880145a5000 000000010000001f 0000000000000000
[   38.217447][ T3625] page dumped because: kasan: bad access detected
[   38.223836][ T3625] page_owner tracks the page as allocated
[   38.229530][ T3625] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x242040(__GFP_IO|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 2974, ts 16549490433, free_ts 16543260159
[   38.246536][ T3625]  get_page_from_freelist+0xa72/0x2f50
[   38.251989][ T3625]  __alloc_pages+0x1b2/0x500
[   38.256566][ T3625]  cache_grow_begin+0x75/0x390
[   38.261322][ T3625]  cache_alloc_refill+0x27f/0x380
[   38.266335][ T3625]  __kmalloc+0x3b3/0x4d0
[   38.270566][ T3625]  tomoyo_encode2.part.0+0xe9/0x3a0
[   38.275757][ T3625]  tomoyo_encode+0x28/0x50
[   38.280166][ T3625]  tomoyo_realpath_from_path+0x186/0x620
[   38.285794][ T3625]  tomoyo_check_open_permission+0x272/0x380
[   38.291687][ T3625]  tomoyo_file_open+0xa3/0xd0
[   38.296371][ T3625]  security_file_open+0x45/0xb0
[   38.301223][ T3625]  do_dentry_open+0x358/0x1250
[   38.305992][ T3625]  path_openat+0x1c9e/0x2940
[   38.310577][ T3625]  do_filp_open+0x1aa/0x400
[   38.315072][ T3625]  do_sys_openat2+0x16d/0x4d0
[   38.319738][ T3625]  __x64_sys_openat+0x13f/0x1f0
[   38.324578][ T3625] page last free stack trace:
[   38.329234][ T3625]  free_pcp_prepare+0x374/0x870
[   38.334079][ T3625]  free_unref_page+0x19/0x690
[   38.338742][ T3625]  slabs_destroy+0x89/0xc0
[   38.343152][ T3625]  ___cache_free+0x303/0x600
[   38.347736][ T3625]  qlist_free_all+0x50/0x1a0
[   38.352319][ T3625]  kasan_quarantine_reduce+0x180/0x200
[   38.357767][ T3625]  __kasan_slab_alloc+0x97/0xb0
[   38.362608][ T3625]  kmem_cache_alloc+0x265/0x560
[   38.367449][ T3625]  getname_flags.part.0+0x50/0x4f0
[   38.372558][ T3625]  getname_flags+0x9a/0xe0
[   38.376967][ T3625]  vfs_fstatat+0x73/0xb0
[   38.381205][ T3625]  __do_sys_newfstatat+0x91/0x110
[   38.386252][ T3625]  do_syscall_64+0x35/0xb0
[   38.390659][ T3625]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   38.396565][ T3625] 
[   38.398876][ T3625] Memory state around the buggy address:
[   38.404488][ T3625]  ffff8880145a5480: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   38.412536][ T3625]  ffff8880145a5500: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   38.420583][ T3625] >ffff8880145a5580: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   38.428624][ T3625]                                      ^
[   38.434241][ T3625]  ffff8880145a5600: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   38.442285][ T3625]  ffff8880145a5680: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   38.450328][ T3625] ==================================================================
[   38.458374][ T3625] Kernel panic - not syncing: panic_on_warn set ...
[   38.464942][ T3625] CPU: 0 PID: 3625 Comm: syz-executor206 Tainted: G    B   W         5.17.0-syzkaller-01402-g8565d64430f8 #0
[   38.476472][ T3625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   38.486521][ T3625] Call Trace:
[   38.489802][ T3625]  <TASK>
[   38.492722][ T3625]  dump_stack_lvl+0xcd/0x134
[   38.497316][ T3625]  panic+0x2b0/0x6dd
[   38.501209][ T3625]  ? __warn_printk+0xf3/0xf3
[   38.505798][ T3625]  ? __wake_up_common+0x637/0x650
[   38.510823][ T3625]  ? __wake_up_common+0x637/0x650
[   38.515843][ T3625]  ? __wake_up_common+0x637/0x650
[   38.520863][ T3625]  end_report.cold+0x63/0x6f
[   38.525452][ T3625]  kasan_report.cold+0x71/0xdf
[   38.530213][ T3625]  ? spin_bug+0x100/0x100
[   38.534537][ T3625]  ? __wake_up_common+0x637/0x650
[   38.539555][ T3625]  __wake_up_common+0x637/0x650
[   38.544403][ T3625]  __wake_up_common_lock+0xd0/0x130
[   38.549599][ T3625]  ? __wake_up_common+0x650/0x650
[   38.554624][ T3625]  ? _raw_spin_unlock_irqrestore+0x50/0x70
[   38.560433][ T3625]  ? trace_hardirqs_on+0x5b/0x1c0
[   38.565458][ T3625]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[   38.571265][ T3625]  ? tty_port_close+0x120/0x170
[   38.576115][ T3625]  tty_release+0x657/0x1200
[   38.580614][ T3625]  __fput+0x286/0x9f0
[   38.584588][ T3625]  ? tty_release_struct+0xe0/0xe0
[   38.589605][ T3625]  task_work_run+0xdd/0x1a0
[   38.594539][ T3625]  do_exit+0xaff/0x29d0
[   38.598691][ T3625]  ? lock_downgrade+0x6e0/0x6e0
[   38.603538][ T3625]  ? mm_update_next_owner+0x7a0/0x7a0
[   38.608904][ T3625]  do_group_exit+0xd2/0x2f0
[   38.613403][ T3625]  __x64_sys_exit_group+0x3a/0x50
[   38.618424][ T3625]  do_syscall_64+0x35/0xb0
[   38.622841][ T3625]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   38.628731][ T3625] RIP: 0033:0x7f4b2dd54c69
[   38.633131][ T3625] Code: Unable to access opcode bytes at RIP 0x7f4b2dd54c3f.
[   38.640478][ T3625] RSP: 002b:00007ffe94d10d48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   38.648880][ T3625] RAX: ffffffffffffffda RBX: 00007f4b2ddc9330 RCX: 00007f4b2dd54c69
[   38.656840][ T3625] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[   38.664800][ T3625] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000030000000
[   38.672762][ T3625] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4b2ddc9330
[   38.680723][ T3625] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[   38.688685][ T3625]  </TASK>
[   38.691849][ T3625] Kernel Offset: disabled
[   38.696160][ T3625] Rebooting in 86400 seconds..