Warning: Permanently added '10.128.1.105' (ED25519) to the list of known hosts.
executing program
[ 68.608539][ T5825] ubi0: attaching mtd0
[ 68.613825][ T5825] ubi0: scanning is finished
[ 68.618428][ T5825] ubi0: empty MTD device detected
[ 68.652220][ T5825] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[ 68.659969][ T5825] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[ 68.667187][ T5825] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[ 68.674205][ T5825] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[ 68.681871][ T5825] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[ 68.688628][ T5825] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
executing program
[ 68.696664][ T5825] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 603826936
[ 68.706697][ T5825] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[ 68.717622][ T5825] ubi0: detaching mtd0
[ 68.719871][ T5826] ubi0: background thread "ubi_bgt0d" started, PID 5826
[ 68.731298][ T5825] ubi0: mtd0 is detached
[ 68.748315][ T5828] ubi0: attaching mtd0
[ 68.753434][ T5828] ubi0: scanning is finished
[ 68.758640][ T5828] ==================================================================
[ 68.766701][ T5828] BUG: KASAN: slab-use-after-free in notifier_chain_register+0x3ac/0x420
[ 68.775156][ T5828] Read of size 4 at addr ffff8880345458d8 by task syz-executor850/5828
[ 68.783391][ T5828]
[ 68.785726][ T5828] CPU: 1 UID: 0 PID: 5828 Comm: syz-executor850 Not tainted 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0
[ 68.796838][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 68.806904][ T5828] Call Trace:
[ 68.810180][ T5828]
[ 68.813109][ T5828] dump_stack_lvl+0x116/0x1f0
[ 68.817799][ T5828] print_report+0xc3/0x620
[ 68.822226][ T5828] ? __virt_addr_valid+0x5e/0x590
[ 68.827255][ T5828] ? __phys_addr+0xc6/0x150
[ 68.831761][ T5828] kasan_report+0xd9/0x110
[ 68.836197][ T5828] ? notifier_chain_register+0x3ac/0x420
[ 68.841842][ T5828] ? notifier_chain_register+0x3ac/0x420
[ 68.847483][ T5828] notifier_chain_register+0x3ac/0x420
[ 68.852951][ T5828] blocking_notifier_chain_register+0x76/0xd0
[ 68.859026][ T5828] ubi_wl_init+0x1018/0x17b0
[ 68.863643][ T5828] ubi_attach+0x1cdd/0x4dc0
[ 68.868150][ T5828] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 68.874485][ T5828] ? lockdep_init_map_type+0x16d/0x7d0
[ 68.879946][ T5828] ? __pfx_ubi_attach+0x10/0x10
[ 68.884794][ T5828] ? ubi_attach_mtd_dev+0x1543/0x3590
[ 68.890171][ T5828] ubi_attach_mtd_dev+0x158f/0x3590
[ 68.895398][ T5828] ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[ 68.900942][ T5828] ? __pfx_get_mtd_device+0x10/0x10
[ 68.906144][ T5828] ctrl_cdev_ioctl+0x339/0x3d0
[ 68.910909][ T5828] ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[ 68.916192][ T5828] ? handle_softirqs+0x5bb/0x8f0
[ 68.921132][ T5828] ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[ 68.926416][ T5828] __x64_sys_ioctl+0x190/0x200
[ 68.931177][ T5828] do_syscall_64+0xcd/0x250
[ 68.935685][ T5828] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.941579][ T5828] RIP: 0033:0x7f834d39dab9
[ 68.945997][ T5828] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 68.965615][ T5828] RSP: 002b:00007fff676bcf78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 68.974035][ T5828] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f834d39dab9
[ 68.982014][ T5828] RDX: 0000000000000000 RSI: 0000000040186f40 RDI: 0000000000000003
[ 68.989985][ T5828] RBP: 0000000000010be0 R08: 0000000000008000 R09: 0000000000000006
[ 68.997955][ T5828] R10: 0000000000008000 R11: 0000000000000246 R12: 00007fff676bcf8c
[ 69.005925][ T5828] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 69.013899][ T5828]
[ 69.016912][ T5828]
[ 69.019235][ T5828] Allocated by task 5825:
[ 69.023553][ T5828] kasan_save_stack+0x33/0x60
[ 69.028234][ T5828] kasan_save_track+0x14/0x30
[ 69.032908][ T5828] __kasan_kmalloc+0xaa/0xb0
[ 69.037496][ T5828] ubi_attach_mtd_dev+0x3ce/0x3590
[ 69.042612][ T5828] ctrl_cdev_ioctl+0x339/0x3d0
[ 69.047372][ T5828] __x64_sys_ioctl+0x190/0x200
[ 69.052145][ T5828] do_syscall_64+0xcd/0x250
[ 69.056647][ T5828] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.062539][ T5828]
[ 69.064851][ T5828] Freed by task 5825:
[ 69.068821][ T5828] kasan_save_stack+0x33/0x60
[ 69.073496][ T5828] kasan_save_track+0x14/0x30
[ 69.078169][ T5828] kasan_save_free_info+0x3b/0x60
[ 69.083188][ T5828] __kasan_slab_free+0x51/0x70
[ 69.087951][ T5828] kfree+0x14f/0x4b0
[ 69.091843][ T5828] device_release+0xa1/0x240
[ 69.096427][ T5828] kobject_put+0x1e4/0x5a0
[ 69.100842][ T5828] put_device+0x1f/0x30
[ 69.104992][ T5828] ubi_detach_mtd_dev+0x3e4/0x530
[ 69.110013][ T5828] ctrl_cdev_ioctl+0x1f5/0x3d0
[ 69.114772][ T5828] __x64_sys_ioctl+0x190/0x200
[ 69.119526][ T5828] do_syscall_64+0xcd/0x250
[ 69.124032][ T5828] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.129924][ T5828]
[ 69.132235][ T5828] The buggy address belongs to the object at ffff888034544000
[ 69.132235][ T5828] which belongs to the cache kmalloc-8k of size 8192
[ 69.146284][ T5828] The buggy address is located 6360 bytes inside of
[ 69.146284][ T5828] freed 8192-byte region [ffff888034544000, ffff888034546000)
[ 69.160251][ T5828]
[ 69.162567][ T5828] The buggy address belongs to the physical page:
[ 69.168971][ T5828] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34540
[ 69.177729][ T5828] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 69.186221][ T5828] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 69.193758][ T5828] page_type: f5(slab)
[ 69.197735][ T5828] raw: 00fff00000000040 ffff88801ac42280 ffffea0000d20800 0000000000000004
[ 69.206311][ T5828] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[ 69.214891][ T5828] head: 00fff00000000040 ffff88801ac42280 ffffea0000d20800 0000000000000004
[ 69.223556][ T5828] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[ 69.232222][ T5828] head: 00fff00000000003 ffffea0000d15001 ffffffffffffffff 0000000000000000
[ 69.240899][ T5828] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 69.249556][ T5828] page dumped because: kasan: bad access detected
[ 69.255971][ T5828] page_owner tracks the page as allocated
[ 69.261675][ T5828] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5497, tgid 5497 (start-stop-daem), ts 42945828766, free_ts 42930385268
[ 69.282512][ T5828] post_alloc_hook+0x2d1/0x350
[ 69.287284][ T5828] get_page_from_freelist+0xfce/0x2f80
[ 69.292749][ T5828] __alloc_pages_noprof+0x223/0x25b0
[ 69.298120][ T5828] alloc_pages_mpol_noprof+0x2c8/0x620
[ 69.303572][ T5828] new_slab+0x2c9/0x410
[ 69.307726][ T5828] ___slab_alloc+0xce2/0x1650
[ 69.312404][ T5828] __slab_alloc.constprop.0+0x56/0xb0
[ 69.317773][ T5828] __kmalloc_cache_noprof+0xf6/0x420
[ 69.323057][ T5828] tomoyo_init_log+0xcd0/0x1f60
[ 69.327906][ T5828] tomoyo_supervisor+0x30c/0x1180
[ 69.332931][ T5828] tomoyo_env_perm+0x193/0x210
[ 69.337700][ T5828] tomoyo_find_next_domain+0xe6c/0x2070
[ 69.343248][ T5828] tomoyo_bprm_check_security+0x12e/0x1d0
[ 69.348974][ T5828] security_bprm_check+0x1b9/0x1e0
[ 69.354088][ T5828] bprm_execve+0x642/0x19b0
[ 69.358586][ T5828] do_execveat_common.isra.0+0x4f1/0x630
[ 69.364216][ T5828] page last free pid 5497 tgid 5497 stack trace:
[ 69.370530][ T5828] free_unref_page+0x661/0x1080
[ 69.375381][ T5828] __put_partials+0x14c/0x170
[ 69.380058][ T5828] qlist_free_all+0x4e/0x120
[ 69.384645][ T5828] kasan_quarantine_reduce+0x195/0x1e0
[ 69.390101][ T5828] __kasan_slab_alloc+0x69/0x90
[ 69.394951][ T5828] kmem_cache_alloc_noprof+0x1c8/0x3b0
[ 69.400423][ T5828] getname_flags.part.0+0x4c/0x550
[ 69.405549][ T5828] getname+0x8d/0xe0
[ 69.409447][ T5828] vfs_fstatat+0xdf/0xf0
[ 69.413698][ T5828] __do_sys_newfstatat+0xa2/0x130
[ 69.418732][ T5828] do_syscall_64+0xcd/0x250
[ 69.423242][ T5828] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.429145][ T5828]
[ 69.431460][ T5828] Memory state around the buggy address:
[ 69.437079][ T5828] ffff888034545780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.445132][ T5828] ffff888034545800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.453181][ T5828] >ffff888034545880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.461230][ T5828] ^
[ 69.468151][ T5828] ffff888034545900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.476205][ T5828] ffff888034545980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.484258][ T5828] ==================================================================
[ 69.492677][ T5828] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 69.499887][ T5828] CPU: 0 UID: 0 PID: 5828 Comm: syz-executor850 Not tainted 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0
[ 69.511001][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 69.521052][ T5828] Call Trace:
[ 69.524324][ T5828]
[ 69.527253][ T5828] dump_stack_lvl+0x3d/0x1f0
[ 69.531851][ T5828] panic+0x71d/0x800
[ 69.535750][ T5828] ? __pfx_panic+0x10/0x10
[ 69.540168][ T5828] ? irqentry_exit+0x3b/0x90
[ 69.544761][ T5828] ? lockdep_hardirqs_on+0x7c/0x110
[ 69.549968][ T5828] ? preempt_schedule_thunk+0x1a/0x30
[ 69.555337][ T5828] ? preempt_schedule_common+0x44/0xc0
[ 69.560795][ T5828] ? check_panic_on_warn+0x1f/0xb0
[ 69.565910][ T5828] check_panic_on_warn+0xab/0xb0
[ 69.570851][ T5828] end_report+0x117/0x180
[ 69.575186][ T5828] kasan_report+0xe9/0x110
[ 69.579609][ T5828] ? notifier_chain_register+0x3ac/0x420
[ 69.585247][ T5828] ? notifier_chain_register+0x3ac/0x420
[ 69.590884][ T5828] notifier_chain_register+0x3ac/0x420
[ 69.596344][ T5828] blocking_notifier_chain_register+0x76/0xd0
[ 69.602414][ T5828] ubi_wl_init+0x1018/0x17b0
[ 69.607017][ T5828] ubi_attach+0x1cdd/0x4dc0
[ 69.611522][ T5828] ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 69.617850][ T5828] ? lockdep_init_map_type+0x16d/0x7d0
[ 69.623308][ T5828] ? __pfx_ubi_attach+0x10/0x10
[ 69.628153][ T5828] ? ubi_attach_mtd_dev+0x1543/0x3590
[ 69.633526][ T5828] ubi_attach_mtd_dev+0x158f/0x3590
[ 69.638731][ T5828] ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[ 69.644274][ T5828] ? __pfx_get_mtd_device+0x10/0x10
[ 69.649474][ T5828] ctrl_cdev_ioctl+0x339/0x3d0
[ 69.654239][ T5828] ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[ 69.659523][ T5828] ? handle_softirqs+0x5bb/0x8f0
[ 69.664473][ T5828] ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[ 69.669772][ T5828] __x64_sys_ioctl+0x190/0x200
[ 69.674552][ T5828] do_syscall_64+0xcd/0x250
[ 69.679066][ T5828] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.684972][ T5828] RIP: 0033:0x7f834d39dab9
[ 69.689382][ T5828] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 69.708990][ T5828] RSP: 002b:00007fff676bcf78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 69.717404][ T5828] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f834d39dab9
[ 69.725369][ T5828] RDX: 0000000000000000 RSI: 0000000040186f40 RDI: 0000000000000003
[ 69.733335][ T5828] RBP: 0000000000010be0 R08: 0000000000008000 R09: 0000000000000006
[ 69.741301][ T5828] R10: 0000000000008000 R11: 0000000000000246 R12: 00007fff676bcf8c
[ 69.749264][ T5828] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
[ 69.757237][ T5828]
[ 69.760503][ T5828] Kernel Offset: disabled
[ 69.764817][ T5828] Rebooting in 86400 seconds..