Warning: Permanently added '10.128.1.38' (ED25519) to the list of known hosts.
executing program
[   76.745450][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.753807][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.779055][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.787050][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.067915][ T5835] ubi0: attaching mtd0
[   77.073782][ T5835] ubi0: scanning is finished
[   77.078541][ T5835] ubi0: empty MTD device detected
[   77.286512][ T5835] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4
executing program
[   77.694175][ T5840] ubi0: attaching mtd0
[   77.699635][ T5840] ubi0: scanning is finished
[   77.705094][ T5840] ==================================================================
[   77.713182][ T5840] BUG: KASAN: slab-use-after-free in notifier_chain_register+0x141/0x3f0
[   77.721629][ T5840] Read of size 4 at addr ffff888079fb98d8 by task syz-executor352/5840
[   77.729889][ T5840] 
[   77.732250][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor352 Not tainted 6.13.0-rc3-next-20241220-syzkaller #0
[   77.732281][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   77.732299][ T5840] Call Trace:
[   77.732309][ T5840]  <TASK>
[   77.732319][ T5840]  dump_stack_lvl+0x241/0x360
[   77.732358][ T5840]  ? __pfx_dump_stack_lvl+0x10/0x10
[   77.732381][ T5840]  ? __pfx__printk+0x10/0x10
[   77.732415][ T5840]  ? _printk+0xd5/0x120
[   77.732446][ T5840]  ? __virt_addr_valid+0x183/0x530
[   77.732478][ T5840]  ? __virt_addr_valid+0x183/0x530
[   77.732510][ T5840]  print_report+0x169/0x550
[   77.732542][ T5840]  ? __virt_addr_valid+0x183/0x530
[   77.732572][ T5840]  ? __virt_addr_valid+0x183/0x530
[   77.732609][ T5840]  ? __virt_addr_valid+0x45f/0x530
[   77.732639][ T5840]  ? __phys_addr+0xba/0x170
[   77.732670][ T5840]  ? notifier_chain_register+0x141/0x3f0
[   77.732696][ T5840]  kasan_report+0x143/0x180
[   77.732729][ T5840]  ? notifier_chain_register+0x141/0x3f0
[   77.732758][ T5840]  notifier_chain_register+0x141/0x3f0
[   77.732788][ T5840]  blocking_notifier_chain_register+0x61/0xc0
[   77.732816][ T5840]  ubi_wl_init+0x3396/0x3720
[   77.732849][ T5840]  ubi_attach+0x3e01/0x5b80
[   77.732887][ T5840]  ? __pfx_ubi_attach+0x10/0x10
[   77.732914][ T5840]  ? ubi_attach_mtd_dev+0x19fa/0x3540
[   77.732941][ T5840]  ubi_attach_mtd_dev+0x1a3a/0x3540
[   77.732977][ T5840]  ctrl_cdev_ioctl+0x346/0x570
[   77.733005][ T5840]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[   77.733035][ T5840]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[   77.733063][ T5840]  __se_sys_ioctl+0xf5/0x170
[   77.733092][ T5840]  do_syscall_64+0xf3/0x230
[   77.733118][ T5840]  ? clear_bhb_loop+0x35/0x90
[   77.733150][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.733180][ T5840] RIP: 0033:0x7f57e4d008e9
[   77.733202][ T5840] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   77.733220][ T5840] RSP: 002b:00007f57e4c6f218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   77.733249][ T5840] RAX: ffffffffffffffda RBX: 00007f57e4d88128 RCX: 00007f57e4d008e9
[   77.733265][ T5840] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000005
[   77.733279][ T5840] RBP: 00007f57e4d88120 R08: 0000000000000000 R09: 0000000000000000
[   77.733294][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f57e4d4f4d4
[   77.733308][ T5840] R13: b635773f06ebbeee R14: 006c7274635f6962 R15: 6962752f7665642f
[   77.733331][ T5840]  </TASK>
[   77.733339][ T5840] 
[   77.978193][ T5840] Allocated by task 5835:
[   77.982536][ T5840]  kasan_save_track+0x3f/0x80
[   77.987269][ T5840]  __kasan_kmalloc+0x98/0xb0
[   77.991883][ T5840]  __kmalloc_cache_noprof+0x243/0x390
[   77.997289][ T5840]  ubi_attach_mtd_dev+0x552/0x3540
[   78.002425][ T5840]  ctrl_cdev_ioctl+0x346/0x570
[   78.007214][ T5840]  __se_sys_ioctl+0xf5/0x170
[   78.011826][ T5840]  do_syscall_64+0xf3/0x230
[   78.016350][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.022266][ T5840] 
[   78.024602][ T5840] Freed by task 5835:
[   78.028597][ T5840]  kasan_save_track+0x3f/0x80
[   78.033290][ T5840]  kasan_save_free_info+0x40/0x50
[   78.038319][ T5840]  __kasan_slab_free+0x59/0x70
[   78.043091][ T5840]  kfree+0x196/0x430
[   78.047001][ T5840]  device_release+0x99/0x1c0
[   78.051593][ T5840]  kobject_put+0x22f/0x480
[   78.056011][ T5840]  ubi_attach_mtd_dev+0x8f5/0x3540
[   78.061130][ T5840]  ctrl_cdev_ioctl+0x346/0x570
[   78.065916][ T5840]  __se_sys_ioctl+0xf5/0x170
[   78.070527][ T5840]  do_syscall_64+0xf3/0x230
[   78.075035][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.080935][ T5840] 
[   78.083278][ T5840] The buggy address belongs to the object at ffff888079fb8000
[   78.083278][ T5840]  which belongs to the cache kmalloc-8k of size 8192
[   78.097331][ T5840] The buggy address is located 6360 bytes inside of
[   78.097331][ T5840]  freed 8192-byte region [ffff888079fb8000, ffff888079fba000)
[   78.111307][ T5840] 
[   78.113632][ T5840] The buggy address belongs to the physical page:
[   78.120060][ T5840] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79fb8
[   78.128858][ T5840] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   78.137446][ T5840] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   78.144999][ T5840] page_type: f5(slab)
[   78.148987][ T5840] raw: 00fff00000000040 ffff88801ac42280 dead000000000122 0000000000000000
[   78.157581][ T5840] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   78.166178][ T5840] head: 00fff00000000040 ffff88801ac42280 dead000000000122 0000000000000000
[   78.174861][ T5840] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   78.183542][ T5840] head: 00fff00000000003 ffffea0001e7ee01 ffffffffffffffff 0000000000000000
[   78.192222][ T5840] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   78.200895][ T5840] page dumped because: kasan: bad access detected
[   78.207318][ T5840] page_owner tracks the page as allocated
[   78.213032][ T5840] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5835, tgid 5832 (syz-executor352), ts 77067816939, free_ts 76742798438
[   78.234658][ T5840]  post_alloc_hook+0x1f4/0x240
[   78.239436][ T5840]  get_page_from_freelist+0x365c/0x37a0
[   78.244994][ T5840]  __alloc_frozen_pages_noprof+0x292/0x710
[   78.250814][ T5840]  alloc_pages_mpol+0x30e/0x550
[   78.255674][ T5840]  allocate_slab+0x8f/0x3a0
[   78.260215][ T5840]  ___slab_alloc+0xc27/0x14a0
[   78.264895][ T5840]  __slab_alloc+0x58/0xa0
[   78.269228][ T5840]  __kmalloc_cache_noprof+0x27b/0x390
[   78.274602][ T5840]  ubi_attach_mtd_dev+0x552/0x3540
[   78.279723][ T5840]  ctrl_cdev_ioctl+0x346/0x570
[   78.284499][ T5840]  __se_sys_ioctl+0xf5/0x170
[   78.289101][ T5840]  do_syscall_64+0xf3/0x230
[   78.293606][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.299507][ T5840] page last free pid 5828 tgid 5828 stack trace:
[   78.305832][ T5840]  free_frozen_pages+0xe0d/0x10e0
[   78.310858][ T5840]  __put_partials+0x160/0x1c0
[   78.315544][ T5840]  put_cpu_partial+0x17c/0x250
[   78.320311][ T5840]  __slab_free+0x290/0x380
[   78.324731][ T5840]  qlist_free_all+0x9a/0x140
[   78.329331][ T5840]  kasan_quarantine_reduce+0x14f/0x170
[   78.334801][ T5840]  __kasan_slab_alloc+0x23/0x80
[   78.339673][ T5840]  kmem_cache_alloc_node_noprof+0x1d9/0x380
[   78.345568][ T5840]  __alloc_skb+0x1c3/0x440
[   78.349996][ T5840]  netlink_ack+0x145/0xa50
[   78.354421][ T5840]  netlink_rcv_skb+0x262/0x430
[   78.359200][ T5840]  genl_rcv+0x28/0x40
[   78.363186][ T5840]  netlink_unicast+0x7f6/0x990
[   78.367958][ T5840]  netlink_sendmsg+0x8e4/0xcb0
[   78.372811][ T5840]  __sock_sendmsg+0x221/0x270
[   78.377502][ T5840]  __sys_sendto+0x363/0x4c0
[   78.382027][ T5840] 
[   78.384350][ T5840] Memory state around the buggy address:
[   78.389979][ T5840]  ffff888079fb9780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.398060][ T5840]  ffff888079fb9800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.406133][ T5840] >ffff888079fb9880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.414222][ T5840]                                                     ^
[   78.421159][ T5840]  ffff888079fb9900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.429251][ T5840]  ffff888079fb9980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   78.437316][ T5840] ==================================================================
[   78.445696][ T5840] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   78.452919][ T5840] CPU: 0 UID: 0 PID: 5840 Comm: syz-executor352 Not tainted 6.13.0-rc3-next-20241220-syzkaller #0
[   78.463527][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   78.473606][ T5840] Call Trace:
[   78.476895][ T5840]  <TASK>
[   78.479834][ T5840]  dump_stack_lvl+0x241/0x360
[   78.484530][ T5840]  ? __pfx_dump_stack_lvl+0x10/0x10
[   78.489737][ T5840]  ? __pfx__printk+0x10/0x10
[   78.494341][ T5840]  ? lock_release+0xbf/0xa30
[   78.498945][ T5840]  ? vscnprintf+0x5d/0x90
[   78.503286][ T5840]  panic+0x349/0x880
[   78.507195][ T5840]  ? check_panic_on_warn+0x21/0xb0
[   78.512317][ T5840]  ? __pfx_panic+0x10/0x10
[   78.516747][ T5840]  ? mark_lock+0x9a/0x360
[   78.521092][ T5840]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[   78.526998][ T5840]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   78.532905][ T5840]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   78.539286][ T5840]  ? print_report+0x502/0x550
[   78.543996][ T5840]  check_panic_on_warn+0x86/0xb0
[   78.548968][ T5840]  ? notifier_chain_register+0x141/0x3f0
[   78.554702][ T5840]  end_report+0x77/0x160
[   78.558958][ T5840]  kasan_report+0x154/0x180
[   78.563477][ T5840]  ? notifier_chain_register+0x141/0x3f0
[   78.569167][ T5840]  notifier_chain_register+0x141/0x3f0
[   78.574635][ T5840]  blocking_notifier_chain_register+0x61/0xc0
[   78.580720][ T5840]  ubi_wl_init+0x3396/0x3720
[   78.585338][ T5840]  ubi_attach+0x3e01/0x5b80
[   78.589868][ T5840]  ? __pfx_ubi_attach+0x10/0x10
[   78.594902][ T5840]  ? ubi_attach_mtd_dev+0x19fa/0x3540
[   78.600284][ T5840]  ubi_attach_mtd_dev+0x1a3a/0x3540
[   78.605497][ T5840]  ctrl_cdev_ioctl+0x346/0x570
[   78.610279][ T5840]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[   78.615605][ T5840]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[   78.620901][ T5840]  __se_sys_ioctl+0xf5/0x170
[   78.625510][ T5840]  do_syscall_64+0xf3/0x230
[   78.630021][ T5840]  ? clear_bhb_loop+0x35/0x90
[   78.634708][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.640611][ T5840] RIP: 0033:0x7f57e4d008e9
[   78.645032][ T5840] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   78.664647][ T5840] RSP: 002b:00007f57e4c6f218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   78.673073][ T5840] RAX: ffffffffffffffda RBX: 00007f57e4d88128 RCX: 00007f57e4d008e9
[   78.681053][ T5840] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000005
[   78.689033][ T5840] RBP: 00007f57e4d88120 R08: 0000000000000000 R09: 0000000000000000
[   78.697013][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f57e4d4f4d4
[   78.704993][ T5840] R13: b635773f06ebbeee R14: 006c7274635f6962 R15: 6962752f7665642f
[   78.712991][ T5840]  </TASK>
[   78.716411][ T5840] Kernel Offset: disabled
[   78.720775][ T5840] Rebooting in 86400 seconds..