Warning: Permanently added '10.128.0.102' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   51.064152][ T8444] ==================================================================
[   51.072492][ T8444] BUG: KASAN: use-after-free in inc_rlimit_ucounts+0x7a/0x1f0
[   51.079963][ T8444] Read of size 8 at addr ffff888016f76f10 by task syz-executor031/8444
[   51.088283][ T8444] 
[   51.090596][ T8444] CPU: 1 PID: 8444 Comm: syz-executor031 Not tainted 5.13.0-syzkaller #0
[   51.099077][ T8444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.109127][ T8444] Call Trace:
[   51.112406][ T8444]  dump_stack_lvl+0x1ae/0x29f
[   51.117088][ T8444]  ? show_regs_print_info+0x12/0x12
[   51.122450][ T8444]  ? printk+0xc0/0x108
[   51.126677][ T8444]  ? wake_up_klogd+0xb2/0xf0
[   51.131428][ T8444]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[   51.137129][ T8444]  ? _raw_spin_lock_irqsave+0xbf/0x100
[   51.142590][ T8444]  print_address_description+0x66/0x3b0
[   51.148122][ T8444]  kasan_report+0x163/0x210
[   51.152609][ T8444]  ? inc_rlimit_ucounts+0x7a/0x1f0
[   51.157706][ T8444]  inc_rlimit_ucounts+0x7a/0x1f0
[   51.162982][ T8444]  __sigqueue_alloc+0x24c/0x540
[   51.169833][ T8444]  __send_signal+0x213/0xe50
[   51.174411][ T8444]  force_sig_info_to_task+0x2a4/0x3f0
[   51.179779][ T8444]  force_sig_fault+0x11e/0x1c0
[   51.184529][ T8444]  ? force_sig_fault_to_task+0x1c0/0x1c0
[   51.190465][ T8444]  ? page_fault_oops+0xa20/0xa20
[   51.195391][ T8444]  ? __context_tracking_exit+0x7a/0xd0
[   51.200836][ T8444]  ? __bad_area_nosemaphore+0x12b/0x570
[   51.206461][ T8444]  __bad_area_nosemaphore+0x390/0x570
[   51.211878][ T8444]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   51.217843][ T8444]  ? bad_area_nosemaphore+0x30/0x30
[   51.223028][ T8444]  ? vtime_user_enter+0x1ea/0x2d0
[   51.228042][ T8444]  ? __context_tracking_exit+0x7a/0xd0
[   51.233570][ T8444]  ? spurious_kernel_fault+0xb8/0x570
[   51.238936][ T8444]  exc_page_fault+0x153/0x1e0
[   51.243717][ T8444]  ? asm_exc_page_fault+0x8/0x30
[   51.248733][ T8444]  asm_exc_page_fault+0x1e/0x30
[   51.253675][ T8444] RIP: 0033:0x401e38
[   51.257583][ T8444] Code: 4a 00 bf 08 cd 49 00 48 89 e5 e8 b3 d9 07 00 5d e9 5d ff ff ff 0f 1f 44 00 00 e9 53 ff ff ff 0f 1f 00 48 83 ec 08 48 8b 46 10 <64> 8b 14 25 c0 ff ff ff 48 2d 00 00 10 00 48 3d 00 00 30 06 76 1e
[   51.277531][ T8444] RSP: 002b:00007ffec8539b30 EFLAGS: 00010206
[   51.284130][ T8444] RAX: ffffffffffffffc0 RBX: 00000000004ac0f8 RCX: 0000000000000001
[   51.292109][ T8444] RDX: 00007ffec8539b40 RSI: 00007ffec8539c70 RDI: 000000000000000b
[   51.300154][ T8444] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000401e30
[   51.308111][ T8444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   51.316083][ T8444] R13: 0000000000000001 R14: 00000000004ac018 R15: 0000000000400488
[   51.324159][ T8444] 
[   51.326465][ T8444] Allocated by task 8423:
[   51.330769][ T8444]  ____kasan_kmalloc+0xc4/0xf0
[   51.335516][ T8444]  kmem_cache_alloc_trace+0x96/0x340
[   51.341216][ T8444]  alloc_ucounts+0x176/0x420
[   51.345795][ T8444]  copy_creds+0xb3c/0xd70
[   51.350201][ T8444]  copy_process+0xbae/0x5b30
[   51.354860][ T8444]  kernel_clone+0x21a/0x7d0
[   51.359350][ T8444]  __x64_sys_clone+0x236/0x2b0
[   51.364090][ T8444]  do_syscall_64+0x3d/0xb0
[   51.368487][ T8444]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   51.374368][ T8444] 
[   51.376685][ T8444] Freed by task 8444:
[   51.380735][ T8444]  kasan_set_track+0x3d/0x70
[   51.385316][ T8444]  kasan_set_free_info+0x1f/0x40
[   51.390249][ T8444]  ____kasan_slab_free+0x109/0x150
[   51.395428][ T8444]  slab_free_freelist_hook+0x1d8/0x290
[   51.400868][ T8444]  kfree+0xcf/0x2d0
[   51.404652][ T8444]  get_signal+0xadf/0x20d0
[   51.409056][ T8444]  arch_do_signal_or_restart+0x8e/0x6d0
[   51.414665][ T8444]  exit_to_user_mode_prepare+0x191/0x220
[   51.420289][ T8444]  irqentry_exit_to_user_mode+0x6/0x40
[   51.425913][ T8444]  exc_page_fault+0xe0/0x1e0
[   51.430483][ T8444]  asm_exc_page_fault+0x1e/0x30
[   51.435321][ T8444] 
[   51.437635][ T8444] Last potentially related work creation:
[   51.443420][ T8444]  kasan_save_stack+0x27/0x50
[   51.448171][ T8444]  kasan_record_aux_stack+0xee/0x120
[   51.453448][ T8444]  insert_work+0x54/0x400
[   51.457758][ T8444]  __queue_work+0x90e/0xc40
[   51.462283][ T8444]  queue_work_on+0x111/0x200
[   51.466974][ T8444]  call_usermodehelper_exec+0x283/0x470
[   51.472698][ T8444]  kobject_uevent_env+0x1337/0x1700
[   51.477971][ T8444]  kobject_synth_uevent+0x3bf/0x900
[   51.483148][ T8444]  uevent_store+0x20/0x60
[   51.487466][ T8444]  kernfs_fop_write_iter+0x3b6/0x510
[   51.492732][ T8444]  vfs_write+0xa39/0xc90
[   51.497051][ T8444]  ksys_write+0x171/0x2a0
[   51.501356][ T8444]  do_syscall_64+0x3d/0xb0
[   51.505761][ T8444]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   51.511634][ T8444] 
[   51.513950][ T8444] Second to last potentially related work creation:
[   51.520693][ T8444]  kasan_save_stack+0x27/0x50
[   51.525363][ T8444]  kasan_record_aux_stack+0xee/0x120
[   51.530806][ T8444]  insert_work+0x54/0x400
[   51.535118][ T8444]  __queue_work+0x90e/0xc40
[   51.539690][ T8444]  queue_work_on+0x111/0x200
[   51.544350][ T8444]  call_usermodehelper_exec+0x283/0x470
[   51.549887][ T8444]  kobject_uevent_env+0x1337/0x1700
[   51.555188][ T8444]  kobject_synth_uevent+0x3bf/0x900
[   51.560459][ T8444]  uevent_store+0x47/0x70
[   51.564868][ T8444]  kernfs_fop_write_iter+0x3b6/0x510
[   51.570346][ T8444]  vfs_write+0xa39/0xc90
[   51.574599][ T8444]  ksys_write+0x171/0x2a0
[   51.578916][ T8444]  do_syscall_64+0x3d/0xb0
[   51.583320][ T8444]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   51.589198][ T8444] 
[   51.591690][ T8444] The buggy address belongs to the object at ffff888016f76f00
[   51.591690][ T8444]  which belongs to the cache kmalloc-192 of size 192
[   51.605895][ T8444] The buggy address is located 16 bytes inside of
[   51.605895][ T8444]  192-byte region [ffff888016f76f00, ffff888016f76fc0)
[   51.619062][ T8444] The buggy address belongs to the page:
[   51.624674][ T8444] page:ffffea00005bdd80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16f76
[   51.634894][ T8444] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   51.642554][ T8444] raw: 00fff00000000200 ffffea00005c6340 0000000a0000000a ffff888011841a00
[   51.651324][ T8444] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   51.659973][ T8444] page dumped because: kasan: bad access detected
[   51.666448][ T8444] page_owner tracks the page as allocated
[   51.672295][ T8444] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 2541399091, free_ts 2456137529
[   51.688186][ T8444]  get_page_from_freelist+0x779/0xa30
[   51.693564][ T8444]  __alloc_pages+0x26c/0x5f0
[   51.698138][ T8444]  alloc_page_interleave+0x22/0x1c0
[   51.703403][ T8444]  allocate_slab+0xf1/0x540
[   51.707992][ T8444]  ___slab_alloc+0x1cf/0x350
[   51.712580][ T8444]  kmem_cache_alloc_trace+0x29d/0x340
[   51.718079][ T8444]  call_usermodehelper_setup+0x8a/0x260
[   51.723991][ T8444]  kobject_uevent_env+0x1311/0x1700
[   51.729379][ T8444]  kernel_add_sysfs_param+0x106/0x126
[   51.734857][ T8444]  param_sysfs_builtin+0x145/0x1b9
[   51.740152][ T8444]  param_sysfs_init+0x68/0x6c
[   51.744947][ T8444]  do_one_initcall+0x1a7/0x400
[   51.749751][ T8444]  do_initcall_level+0x14a/0x1f5
[   51.754678][ T8444]  do_initcalls+0x4b/0x8c
[   51.758990][ T8444]  kernel_init_freeable+0x3f1/0x57e
[   51.764170][ T8444]  kernel_init+0x19/0x2a0
[   51.768572][ T8444] page last free stack trace:
[   51.773233][ T8444]  free_pcp_prepare+0xc29/0xd20
[   51.778234][ T8444]  free_unref_page_list+0x118/0xad0
[   51.783451][ T8444]  release_pages+0x18bb/0x1af0
[   51.788315][ T8444]  tlb_flush_mmu+0x780/0x910
[   51.792901][ T8444]  tlb_finish_mmu+0xcb/0x200
[   51.797836][ T8444]  exit_mmap+0x404/0x7a0
[   51.802085][ T8444]  __mmput+0x111/0x370
[   51.806236][ T8444]  free_bprm+0x136/0x2f0
[   51.810461][ T8444]  kernel_execve+0x740/0x9a0
[   51.815033][ T8444]  call_usermodehelper_exec_async+0x262/0x3b0
[   51.821170][ T8444]  ret_from_fork+0x1f/0x30
[   51.826529][ T8444] 
[   51.828845][ T8444] Memory state around the buggy address:
[   51.834667][ T8444]  ffff888016f76e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   51.843059][ T8444]  ffff888016f76e80: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[   51.851099][ T8444] >ffff888016f76f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   51.859420][ T8444]                          ^
[   51.864077][ T8444]  ffff888016f76f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   51.872312][ T8444]  ffff888016f77000: 00 00 00 00 00 00 00 00 fc fc fc fc 00 00 00 00
[   51.880475][ T8444] ==================================================================
[   51.888520][ T8444] Disabling lock debugging due to kernel taint
[   51.894644][ T8444] Kernel panic - not syncing: panic_on_warn set ...
[   51.901207][ T8444] CPU: 1 PID: 8444 Comm: syz-executor031 Tainted: G    B             5.13.0-syzkaller #0
[   51.910991][ T8444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.921087][ T8444] Call Trace:
[   51.924523][ T8444]  dump_stack_lvl+0x1ae/0x29f
[   51.929364][ T8444]  ? show_regs_print_info+0x12/0x12
[   51.934538][ T8444]  ? log_buf_vmcoreinfo_setup+0x498/0x498
[   51.940235][ T8444]  ? snprintf+0xc0/0x110
[   51.944475][ T8444]  panic+0x2e1/0x850
[   51.948556][ T8444]  ? nmi_panic+0x90/0x90
[   51.952861][ T8444]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[   51.958731][ T8444]  ? print_memory_metadata+0xa7/0x100
[   51.964272][ T8444]  kasan_report+0x206/0x210
[   51.969115][ T8444]  ? inc_rlimit_ucounts+0x7a/0x1f0
[   51.974237][ T8444]  inc_rlimit_ucounts+0x7a/0x1f0
[   51.979376][ T8444]  __sigqueue_alloc+0x24c/0x540
[   51.984498][ T8444]  __send_signal+0x213/0xe50
[   51.989268][ T8444]  force_sig_info_to_task+0x2a4/0x3f0
[   51.994707][ T8444]  force_sig_fault+0x11e/0x1c0
[   51.999623][ T8444]  ? force_sig_fault_to_task+0x1c0/0x1c0
[   52.005239][ T8444]  ? page_fault_oops+0xa20/0xa20
[   52.010163][ T8444]  ? __context_tracking_exit+0x7a/0xd0
[   52.015621][ T8444]  ? __bad_area_nosemaphore+0x12b/0x570
[   52.021164][ T8444]  __bad_area_nosemaphore+0x390/0x570
[   52.026684][ T8444]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   52.033021][ T8444]  ? bad_area_nosemaphore+0x30/0x30
[   52.038502][ T8444]  ? vtime_user_enter+0x1ea/0x2d0
[   52.043657][ T8444]  ? __context_tracking_exit+0x7a/0xd0
[   52.049532][ T8444]  ? spurious_kernel_fault+0xb8/0x570
[   52.054883][ T8444]  exc_page_fault+0x153/0x1e0
[   52.059640][ T8444]  ? asm_exc_page_fault+0x8/0x30
[   52.064568][ T8444]  asm_exc_page_fault+0x1e/0x30
[   52.069413][ T8444] RIP: 0033:0x401e38
[   52.073288][ T8444] Code: 4a 00 bf 08 cd 49 00 48 89 e5 e8 b3 d9 07 00 5d e9 5d ff ff ff 0f 1f 44 00 00 e9 53 ff ff ff 0f 1f 00 48 83 ec 08 48 8b 46 10 <64> 8b 14 25 c0 ff ff ff 48 2d 00 00 10 00 48 3d 00 00 30 06 76 1e
[   52.093161][ T8444] RSP: 002b:00007ffec8539b30 EFLAGS: 00010206
[   52.099224][ T8444] RAX: ffffffffffffffc0 RBX: 00000000004ac0f8 RCX: 0000000000000001
[   52.107261][ T8444] RDX: 00007ffec8539b40 RSI: 00007ffec8539c70 RDI: 000000000000000b
[   52.115384][ T8444] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000401e30
[   52.123355][ T8444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   52.131390][ T8444] R13: 0000000000000001 R14: 00000000004ac018 R15: 0000000000400488
[   52.140999][ T8444] Kernel Offset: disabled
[   52.145548][ T8444] Rebooting in 86400 seconds..