[ 53.048954][ T90] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.063833][ T90] device veth1_macvtap left promiscuous mode
[ 53.070231][ T90] device veth0_macvtap left promiscuous mode
[ 53.077616][ T90] device veth1_vlan left promiscuous mode
[ 53.083877][ T90] device veth0_vlan left promiscuous mode
[ 53.208183][ T90] team0 (unregistering): Port device team_slave_1 removed
[ 53.225862][ T90] team0 (unregistering): Port device team_slave_0 removed
[ 53.238034][ T90] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 53.252288][ T90] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 53.299231][ T90] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.15.204' (ECDSA) to the list of known hosts.
[ 67.556008][ T4099] ==================================================================
[ 67.569532][ T4099] BUG: KASAN: use-after-free in __wake_up_common+0x637/0x650
[ 67.577310][ T4099] Read of size 8 at addr ffff88807e940db0 by task syz-executor202/4099
[ 67.585726][ T4099]
[ 67.588217][ T4099] CPU: 0 PID: 4099 Comm: syz-executor202 Not tainted 5.17.0-rc7-syzkaller #0
[ 67.597307][ T4099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 67.607637][ T4099] Call Trace:
[ 67.610952][ T4099]
[ 67.613863][ T4099] dump_stack_lvl+0x57/0x7d
[ 67.618432][ T4099] print_address_description.constprop.0.cold+0x8d/0x336
[ 67.625610][ T4099] ? __wake_up_common+0x637/0x650
[ 67.630629][ T4099] ? __wake_up_common+0x637/0x650
[ 67.635886][ T4099] kasan_report.cold+0x83/0xdf
[ 67.640892][ T4099] ? __wake_up_common+0x637/0x650
[ 67.647219][ T4099] __wake_up_common+0x637/0x650
[ 67.652052][ T4099] __wake_up_common_lock+0xd0/0x130
[ 67.657225][ T4099] ? __wake_up_common+0x650/0x650
[ 67.662498][ T4099] ? lockdep_hardirqs_on_prepare+0x17b/0x400
[ 67.668811][ T4099] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 67.674594][ T4099] tty_release+0x504/0xf80
[ 67.678993][ T4099] __fput+0x204/0x8d0
[ 67.682957][ T4099] task_work_run+0xc0/0x160
[ 67.688499][ T4099] do_exit+0x9ab/0x2500
[ 67.692632][ T4099] ? mm_update_next_owner+0x6d0/0x6d0
[ 67.697982][ T4099] do_group_exit+0xb2/0x2a0
[ 67.702458][ T4099] __x64_sys_exit_group+0x35/0x40
[ 67.707457][ T4099] do_syscall_64+0x35/0xb0
[ 67.711852][ T4099] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 67.717902][ T4099] RIP: 0033:0x7f6689f25c59
[ 67.723104][ T4099] Code: Unable to access opcode bytes at RIP 0x7f6689f25c2f.
[ 67.730508][ T4099] RSP: 002b:00007ffcf4776288 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 67.738908][ T4099] RAX: ffffffffffffffda RBX: 00007f6689f9a330 RCX: 00007f6689f25c59
[ 67.746960][ T4099] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[ 67.755026][ T4099] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000
[ 67.763084][ T4099] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6689f9a330
[ 67.771220][ T4099] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 67.779706][ T4099]
[ 67.782710][ T4099]
[ 67.785013][ T4099] Allocated by task 4098:
[ 67.789604][ T4099] kasan_save_stack+0x1e/0x40
[ 67.794255][ T4099] __kasan_kmalloc+0xa9/0xd0
[ 67.798995][ T4099] io_arm_poll_handler+0x30e/0x880
[ 67.804076][ T4099] io_queue_sqe_arm_apoll+0x52/0x350
[ 67.809455][ T4099] io_submit_sqes+0x632e/0x80c0
[ 67.814274][ T4099] __do_sys_io_uring_enter+0x6d3/0x1030
[ 67.820104][ T4099] do_syscall_64+0x35/0xb0
[ 67.824512][ T4099] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 67.830486][ T4099]
[ 67.832794][ T4099] Freed by task 4098:
[ 67.836883][ T4099] kasan_save_stack+0x1e/0x40
[ 67.841573][ T4099] kasan_set_track+0x21/0x30
[ 67.846158][ T4099] kasan_set_free_info+0x20/0x30
[ 67.851163][ T4099] ____kasan_slab_free+0x126/0x160
[ 67.856601][ T4099] slab_free_freelist_hook+0x8b/0x1c0
[ 67.862157][ T4099] kfree+0xd0/0x390
[ 67.866070][ T4099] io_clean_op+0x198/0xbc0
[ 67.870477][ T4099] __io_req_complete_post+0x77d/0xaf0
[ 67.875833][ T4099] io_req_complete_post+0x53/0x1f0
[ 67.880934][ T4099] tctx_task_work+0x50f/0xf10
[ 67.885628][ T4099] task_work_run+0xc0/0x160
[ 67.890199][ T4099] do_exit+0x9ab/0x2500
[ 67.894330][ T4099] do_group_exit+0xb2/0x2a0
[ 67.898804][ T4099] __x64_sys_exit_group+0x35/0x40
[ 67.903819][ T4099] do_syscall_64+0x35/0xb0
[ 67.908381][ T4099] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 67.914352][ T4099]
[ 67.916652][ T4099] The buggy address belongs to the object at ffff88807e940d80
[ 67.916652][ T4099] which belongs to the cache kmalloc-96 of size 96
[ 67.930697][ T4099] The buggy address is located 48 bytes inside of
[ 67.930697][ T4099] 96-byte region [ffff88807e940d80, ffff88807e940de0)
[ 67.943863][ T4099] The buggy address belongs to the page:
[ 67.949983][ T4099] page:ffffea0001fa5000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e940
[ 67.960274][ T4099] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 67.967880][ T4099] raw: 00fff00000000200 dead000000000100 dead000000000122 ffff88800fc41780
[ 67.976450][ T4099] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 67.985483][ T4099] page dumped because: kasan: bad access detected
[ 67.992096][ T4099] page_owner tracks the page as allocated
[ 67.997890][ T4099] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 2950, ts 10696564408, free_ts 10534418381
[ 68.013866][ T4099] get_page_from_freelist+0xa6f/0x2f10
[ 68.019324][ T4099] __alloc_pages+0x1b2/0x500
[ 68.024063][ T4099] allocate_slab+0x27f/0x3c0
[ 68.028645][ T4099] ___slab_alloc+0xbe3/0x12a0
[ 68.033318][ T4099] __slab_alloc.constprop.0+0x4d/0xa0
[ 68.038678][ T4099] __kmalloc+0x372/0x450
[ 68.043310][ T4099] tomoyo_commit_ok+0x18/0x60
[ 68.048061][ T4099] tomoyo_update_domain+0x50c/0x7b0
[ 68.053418][ T4099] tomoyo_write_file+0x513/0x690
[ 68.058515][ T4099] tomoyo_write_domain2+0xe8/0x180
[ 68.063635][ T4099] tomoyo_supervisor+0x46f/0xef0
[ 68.068549][ T4099] tomoyo_path_number_perm+0x37d/0x4e0
[ 68.074000][ T4099] security_file_ioctl+0x44/0x80
[ 68.079015][ T4099] __x64_sys_ioctl+0x99/0x190
[ 68.083678][ T4099] do_syscall_64+0x35/0xb0
[ 68.088284][ T4099] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 68.094178][ T4099] page last free stack trace:
[ 68.099062][ T4099] free_pcp_prepare+0x374/0x870
[ 68.104048][ T4099] free_unref_page_list+0x1a9/0xfa0
[ 68.109674][ T4099] release_pages+0x223/0xee0
[ 68.114351][ T4099] tlb_finish_mmu+0x127/0x790
[ 68.119269][ T4099] exit_mmap+0x1d1/0x5b0
[ 68.123710][ T4099] __mmput+0xed/0x430
[ 68.127704][ T4099] do_exit+0x90e/0x2500
[ 68.131850][ T4099] do_group_exit+0xb2/0x2a0
[ 68.136415][ T4099] __x64_sys_exit_group+0x35/0x40
[ 68.141863][ T4099] do_syscall_64+0x35/0xb0
[ 68.146254][ T4099] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 68.152288][ T4099]
[ 68.154588][ T4099] Memory state around the buggy address:
[ 68.160197][ T4099] ffff88807e940c80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[ 68.168429][ T4099] ffff88807e940d00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 68.176573][ T4099] >ffff88807e940d80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 68.184846][ T4099] ^
[ 68.190473][ T4099] ffff88807e940e00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 68.198513][ T4099] ffff88807e940e80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 68.206557][ T4099] ==================================================================
[ 68.214898][ T4099] Disabling lock debugging due to kernel taint
[ 68.221127][ T4099] Kernel panic - not syncing: panic_on_warn set ...
[ 68.227691][ T4099] CPU: 0 PID: 4099 Comm: syz-executor202 Tainted: G B 5.17.0-rc7-syzkaller #0
[ 68.237813][ T4099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 68.247845][ T4099] Call Trace:
[ 68.251099][ T4099]
[ 68.254004][ T4099] dump_stack_lvl+0x57/0x7d
[ 68.258504][ T4099] panic+0x214/0x49f
[ 68.262759][ T4099] ? __warn_printk+0xee/0xee
[ 68.267520][ T4099] ? __wake_up_common+0x637/0x650
[ 68.272616][ T4099] ? __wake_up_common+0x637/0x650
[ 68.277611][ T4099] end_report.cold+0x63/0x6f
[ 68.282419][ T4099] kasan_report.cold+0x71/0xdf
[ 68.287168][ T4099] ? __wake_up_common+0x637/0x650
[ 68.292262][ T4099] __wake_up_common+0x637/0x650
[ 68.297101][ T4099] __wake_up_common_lock+0xd0/0x130
[ 68.302964][ T4099] ? __wake_up_common+0x650/0x650
[ 68.308048][ T4099] ? lockdep_hardirqs_on_prepare+0x17b/0x400
[ 68.314192][ T4099] ? _raw_spin_unlock_irqrestore+0x50/0x70
[ 68.319989][ T4099] tty_release+0x504/0xf80
[ 68.324400][ T4099] __fput+0x204/0x8d0
[ 68.328447][ T4099] task_work_run+0xc0/0x160
[ 68.333445][ T4099] do_exit+0x9ab/0x2500
[ 68.337594][ T4099] ? mm_update_next_owner+0x6d0/0x6d0
[ 68.342933][ T4099] do_group_exit+0xb2/0x2a0
[ 68.347494][ T4099] __x64_sys_exit_group+0x35/0x40
[ 68.352489][ T4099] do_syscall_64+0x35/0xb0
[ 68.357454][ T4099] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 68.363532][ T4099] RIP: 0033:0x7f6689f25c59
[ 68.368187][ T4099] Code: Unable to access opcode bytes at RIP 0x7f6689f25c2f.
[ 68.375909][ T4099] RSP: 002b:00007ffcf4776288 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 68.384296][ T4099] RAX: ffffffffffffffda RBX: 00007f6689f9a330 RCX: 00007f6689f25c59
[ 68.392500][ T4099] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[ 68.400460][ T4099] RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000
[ 68.408570][ T4099] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6689f9a330
[ 68.416509][ T4099] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 68.424549][ T4099]
[ 68.427722][ T4099] Kernel Offset: disabled
[ 68.432035][ T4099] Rebooting in 86400 seconds..