Warning: Permanently added '10.128.0.141' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   38.535626][ T3649] ==================================================================
[   38.543695][ T3649] BUG: KASAN: use-after-free in add_wait_queue+0x1c0/0x260
[   38.550906][ T3649] Read of size 4 at addr ffff88807ec70f18 by task syz-executor133/3649
[   38.559147][ T3649] 
[   38.561469][ T3649] CPU: 1 PID: 3649 Comm: syz-executor133 Tainted: G        W         5.17.0-syzkaller-01442-gb47d5a4f6b8d #0
[   38.573023][ T3649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   38.583079][ T3649] Call Trace:
[   38.586362][ T3649]  <TASK>
[   38.589296][ T3649]  dump_stack_lvl+0xcd/0x134
[   38.593907][ T3649]  print_address_description.constprop.0.cold+0x8d/0x336
[   38.600948][ T3649]  ? add_wait_queue+0x1c0/0x260
[   38.605812][ T3649]  ? add_wait_queue+0x1c0/0x260
[   38.610683][ T3649]  kasan_report.cold+0x83/0xdf
[   38.615464][ T3649]  ? add_wait_queue+0x1c0/0x260
[   38.620332][ T3649]  add_wait_queue+0x1c0/0x260
[   38.625024][ T3649]  __io_queue_proc+0x18c/0x6f0
[   38.629800][ T3649]  ? io_poll_queue_proc+0x50/0x50
[   38.634840][ T3649]  n_tty_poll+0x76/0x8a0
[   38.639116][ T3649]  ? n_tty_read+0x1230/0x1230
[   38.643811][ T3649]  tty_poll+0x139/0x1b0
[   38.647987][ T3649]  ? tty_release+0x1200/0x1200
[   38.653365][ T3649]  __io_arm_poll_handler+0x397/0xc00
[   38.658679][ T3649]  ? kmem_cache_alloc_trace+0x1da/0x3d0
[   38.664246][ T3649]  io_arm_poll_handler+0x42c/0x940
[   38.669385][ T3649]  ? io_cqring_wait+0x18d0/0x18d0
[   38.674417][ T3649]  ? io_poll_queue_proc+0x50/0x50
[   38.679453][ T3649]  ? __sanitizer_cov_trace_const_cmp2+0x22/0x80
[   38.685887][ T3649]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   38.692150][ T3649]  io_queue_sqe_arm_apoll+0x6d/0x430
[   38.697462][ T3649]  io_submit_sqes+0x7dda/0x9310
[   38.702332][ T3649]  ? rcu_read_lock_sched_held+0xd/0x70
[   38.707806][ T3649]  ? io_apoll_task_func+0x230/0x230
[   38.713024][ T3649]  ? lock_release+0x522/0x720
[   38.717709][ T3649]  ? __do_sys_io_uring_enter+0x9f1/0x1520
[   38.723411][ T3649]  __do_sys_io_uring_enter+0x9f1/0x1520
[   38.728937][ T3649]  ? rcu_read_lock_sched_held+0xd/0x70
[   38.734389][ T3649]  ? lock_release+0x522/0x720
[   38.739052][ T3649]  ? lock_downgrade+0x6e0/0x6e0
[   38.743893][ T3649]  ? io_submit_sqes+0x9310/0x9310
[   38.748914][ T3649]  ? vtime_user_exit+0x218/0x6c0
[   38.753835][ T3649]  ? syscall_enter_from_user_mode+0x21/0x70
[   38.759730][ T3649]  do_syscall_64+0x35/0xb0
[   38.764149][ T3649]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   38.770026][ T3649] RIP: 0033:0x7f9692ff4fd9
[   38.774420][ T3649] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   38.794002][ T3649] RSP: 002b:00007ffee24ecca8 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[   38.802395][ T3649] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f9692ff4fd9
[   38.810345][ T3649] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000004
[   38.818414][ T3649] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   38.826378][ T3649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000009668
[   38.834345][ T3649] R13: 00007ffee24ecccc R14: 00007ffee24ecce0 R15: 00007ffee24eccd0
[   38.842308][ T3649]  </TASK>
[   38.845308][ T3649] 
[   38.847610][ T3649] Allocated by task 3631:
[   38.851910][ T3649]  kasan_save_stack+0x1e/0x40
[   38.856572][ T3649]  __kasan_kmalloc+0xa9/0xd0
[   38.861140][ T3649]  io_arm_poll_handler+0x39d/0x940
[   38.866234][ T3649]  io_queue_sqe_arm_apoll+0x6d/0x430
[   38.871508][ T3649]  io_submit_sqes+0x7dda/0x9310
[   38.876337][ T3649]  __do_sys_io_uring_enter+0x9f1/0x1520
[   38.881860][ T3649]  do_syscall_64+0x35/0xb0
[   38.886255][ T3649]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   38.892123][ T3649] 
[   38.894426][ T3649] Freed by task 3615:
[   38.898384][ T3649]  kasan_save_stack+0x1e/0x40
[   38.903041][ T3649]  kasan_set_track+0x21/0x30
[   38.907624][ T3649]  kasan_set_free_info+0x20/0x30
[   38.912551][ T3649]  ____kasan_slab_free+0x126/0x160
[   38.917655][ T3649]  slab_free_freelist_hook+0x8b/0x1c0
[   38.923017][ T3649]  kfree+0xd0/0x390
[   38.926810][ T3649]  io_ring_exit_work+0x7f7/0x1053
[   38.931826][ T3649]  process_one_work+0x9ac/0x1650
[   38.936746][ T3649]  worker_thread+0x657/0x1110
[   38.941416][ T3649]  kthread+0x2e9/0x3a0
[   38.945503][ T3649]  ret_from_fork+0x1f/0x30
[   38.949901][ T3649] 
[   38.952212][ T3649] The buggy address belongs to the object at ffff88807ec70f00
[   38.952212][ T3649]  which belongs to the cache kmalloc-96 of size 96
[   38.966083][ T3649] The buggy address is located 24 bytes inside of
[   38.966083][ T3649]  96-byte region [ffff88807ec70f00, ffff88807ec70f60)
[   38.979245][ T3649] The buggy address belongs to the page:
[   38.984847][ T3649] page:ffffea0001fb1c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ec70
[   38.994994][ T3649] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   39.002529][ T3649] raw: 00fff00000000200 ffffea00051d7980 dead000000000006 ffff888010c41780
[   39.011099][ T3649] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000
[   39.019662][ T3649] page dumped because: kasan: bad access detected
[   39.026053][ T3649] page_owner tracks the page as allocated
[   39.031742][ T3649] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 2955, ts 13260642360, free_ts 13233642928
[   39.047726][ T3649]  get_page_from_freelist+0xa72/0x2f50
[   39.053193][ T3649]  __alloc_pages+0x1b2/0x500
[   39.057780][ T3649]  alloc_pages+0x1aa/0x310
[   39.062182][ T3649]  allocate_slab+0x27f/0x3c0
[   39.066763][ T3649]  ___slab_alloc+0xbe1/0x12b0
[   39.071426][ T3649]  __slab_alloc.constprop.0+0x4d/0xa0
[   39.076780][ T3649]  __kmalloc+0x372/0x450
[   39.081001][ T3649]  tomoyo_commit_ok+0x1e/0x90
[   39.085657][ T3649]  tomoyo_update_domain+0x5de/0x850
[   39.090832][ T3649]  tomoyo_write_file+0x68b/0x7f0
[   39.095748][ T3649]  tomoyo_write_domain2+0x116/0x1d0
[   39.100925][ T3649]  tomoyo_supervisor+0xbc7/0xf00
[   39.105843][ T3649]  tomoyo_path_number_perm+0x419/0x590
[   39.111280][ T3649]  security_file_ioctl+0x50/0xb0
[   39.116199][ T3649]  __x64_sys_ioctl+0xb3/0x200
[   39.120855][ T3649]  do_syscall_64+0x35/0xb0
[   39.125251][ T3649] page last free stack trace:
[   39.129898][ T3649]  free_pcp_prepare+0x374/0x870
[   39.134755][ T3649]  free_unref_page_list+0x1a9/0xfa0
[   39.139949][ T3649]  release_pages+0x317/0x1220
[   39.144623][ T3649]  tlb_finish_mmu+0x165/0x8c0
[   39.149280][ T3649]  exit_mmap+0x21a/0x6a0
[   39.153505][ T3649]  __mmput+0x122/0x4b0
[   39.157573][ T3649]  mmput+0x56/0x60
[   39.161270][ T3649]  do_exit+0xa12/0x29d0
[   39.165414][ T3649]  do_group_exit+0xd2/0x2f0
[   39.169896][ T3649]  __x64_sys_exit_group+0x3a/0x50
[   39.174903][ T3649]  do_syscall_64+0x35/0xb0
[   39.179309][ T3649]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   39.185182][ T3649] 
[   39.187492][ T3649] Memory state around the buggy address:
[   39.193100][ T3649]  ffff88807ec70e00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   39.201136][ T3649]  ffff88807ec70e80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   39.209169][ T3649] >ffff88807ec70f00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   39.217202][ T3649]                             ^
[   39.222026][ T3649]  ffff88807ec70f80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   39.230085][ T3649]  ffff88807ec71000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[   39.238147][ T3649] ==================================================================
[   39.246195][ T3649] Kernel panic - not syncing: panic_on_warn set ...
[   39.252764][ T3649] CPU: 1 PID: 3649 Comm: syz-executor133 Tainted: G    B   W         5.17.0-syzkaller-01442-gb47d5a4f6b8d #0
[   39.264287][ T3649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.274343][ T3649] Call Trace:
[   39.277607][ T3649]  <TASK>
[   39.280519][ T3649]  dump_stack_lvl+0xcd/0x134
[   39.285104][ T3649]  panic+0x2b0/0x6dd
[   39.288989][ T3649]  ? __warn_printk+0xf3/0xf3
[   39.293657][ T3649]  ? add_wait_queue+0x1c0/0x260
[   39.298489][ T3649]  ? add_wait_queue+0x1c0/0x260
[   39.303316][ T3649]  ? add_wait_queue+0x1c0/0x260
[   39.308144][ T3649]  end_report.cold+0x63/0x6f
[   39.312717][ T3649]  kasan_report.cold+0x71/0xdf
[   39.317471][ T3649]  ? add_wait_queue+0x1c0/0x260
[   39.322302][ T3649]  add_wait_queue+0x1c0/0x260
[   39.326967][ T3649]  __io_queue_proc+0x18c/0x6f0
[   39.331722][ T3649]  ? io_poll_queue_proc+0x50/0x50
[   39.336741][ T3649]  n_tty_poll+0x76/0x8a0
[   39.340974][ T3649]  ? n_tty_read+0x1230/0x1230
[   39.345640][ T3649]  tty_poll+0x139/0x1b0
[   39.349783][ T3649]  ? tty_release+0x1200/0x1200
[   39.354530][ T3649]  __io_arm_poll_handler+0x397/0xc00
[   39.359799][ T3649]  ? kmem_cache_alloc_trace+0x1da/0x3d0
[   39.365334][ T3649]  io_arm_poll_handler+0x42c/0x940
[   39.370429][ T3649]  ? io_cqring_wait+0x18d0/0x18d0
[   39.375449][ T3649]  ? io_poll_queue_proc+0x50/0x50
[   39.380467][ T3649]  ? __sanitizer_cov_trace_const_cmp2+0x22/0x80
[   39.386711][ T3649]  ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70
[   39.392946][ T3649]  io_queue_sqe_arm_apoll+0x6d/0x430
[   39.398230][ T3649]  io_submit_sqes+0x7dda/0x9310
[   39.403077][ T3649]  ? rcu_read_lock_sched_held+0xd/0x70
[   39.408536][ T3649]  ? io_apoll_task_func+0x230/0x230
[   39.413728][ T3649]  ? lock_release+0x522/0x720
[   39.418397][ T3649]  ? __do_sys_io_uring_enter+0x9f1/0x1520
[   39.425749][ T3649]  __do_sys_io_uring_enter+0x9f1/0x1520
[   39.431280][ T3649]  ? rcu_read_lock_sched_held+0xd/0x70
[   39.436720][ T3649]  ? lock_release+0x522/0x720
[   39.441379][ T3649]  ? lock_downgrade+0x6e0/0x6e0
[   39.446219][ T3649]  ? io_submit_sqes+0x9310/0x9310
[   39.451231][ T3649]  ? vtime_user_exit+0x218/0x6c0
[   39.456158][ T3649]  ? syscall_enter_from_user_mode+0x21/0x70
[   39.462047][ T3649]  do_syscall_64+0x35/0xb0
[   39.466446][ T3649]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[   39.472319][ T3649] RIP: 0033:0x7f9692ff4fd9
[   39.476715][ T3649] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[   39.496415][ T3649] RSP: 002b:00007ffee24ecca8 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[   39.504814][ T3649] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f9692ff4fd9
[   39.512767][ T3649] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000004
[   39.520719][ T3649] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   39.528669][ T3649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000009668
[   39.536621][ T3649] R13: 00007ffee24ecccc R14: 00007ffee24ecce0 R15: 00007ffee24eccd0
[   39.544578][ T3649]  </TASK>
[   40.623314][ T3649] Shutting down cpus with NMI
[   40.628187][ T3649] Kernel Offset: disabled
[   40.632495][ T3649] Rebooting in 86400 seconds..