Warning: Permanently added '10.128.1.15' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
[   70.960754][ T5851] Zero length message leads to an empty skb
[   71.011429][ T5853] ubi0: attaching mtd0
[   71.064739][ T5853] ubi0: scanning is finished
[   71.129861][ T5853] ubi0: empty MTD device detected
[   71.358847][ T5853] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4
[   71.416596][ T5854] ubi0: attaching mtd0
[   71.430534][ T5854] ubi0: scanning is finished
[   71.449887][ T5854] ==================================================================
[   71.458252][ T5854] BUG: KASAN: slab-use-after-free in notifier_chain_register+0x141/0x3f0
[   71.468740][ T5854] Read of size 4 at addr ffff888033d0d8d8 by task syz-executor215/5854
[   71.477907][ T5854] 
[   71.481075][ T5854] CPU: 0 UID: 0 PID: 5854 Comm: syz-executor215 Not tainted 6.12.0-next-20241128-syzkaller #0
[   71.491825][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   71.502579][ T5854] Call Trace:
[   71.505875][ T5854]  <TASK>
[   71.508998][ T5854]  dump_stack_lvl+0x241/0x360
[   71.513817][ T5854]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.519034][ T5854]  ? __pfx__printk+0x10/0x10
[   71.523868][ T5854]  ? _printk+0xd5/0x120
[   71.528155][ T5854]  ? __virt_addr_valid+0x183/0x530
[   71.533297][ T5854]  ? __virt_addr_valid+0x183/0x530
[   71.538562][ T5854]  print_report+0x169/0x550
[   71.543089][ T5854]  ? __virt_addr_valid+0x183/0x530
[   71.548228][ T5854]  ? __virt_addr_valid+0x183/0x530
[   71.553370][ T5854]  ? __virt_addr_valid+0x45f/0x530
[   71.558610][ T5854]  ? __phys_addr+0xba/0x170
[   71.563212][ T5854]  ? notifier_chain_register+0x141/0x3f0
[   71.568904][ T5854]  kasan_report+0x143/0x180
[   71.573406][ T5854]  ? notifier_chain_register+0x141/0x3f0
[   71.579296][ T5854]  notifier_chain_register+0x141/0x3f0
[   71.584778][ T5854]  blocking_notifier_chain_register+0x61/0xc0
[   71.590895][ T5854]  ubi_wl_init+0x3396/0x3720
[   71.595484][ T5854]  ubi_attach+0x3e01/0x5b80
[   71.600002][ T5854]  ? __pfx_ubi_attach+0x10/0x10
[   71.604922][ T5854]  ? ubi_attach_mtd_dev+0x19fa/0x3540
[   71.611209][ T5854]  ubi_attach_mtd_dev+0x1a3a/0x3540
[   71.616569][ T5854]  ctrl_cdev_ioctl+0x346/0x570
[   71.621362][ T5854]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[   71.626897][ T5854]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[   71.632736][ T5854]  __se_sys_ioctl+0xf5/0x170
[   71.637426][ T5854]  do_syscall_64+0xf3/0x230
[   71.642009][ T5854]  ? clear_bhb_loop+0x35/0x90
[   71.646755][ T5854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.653423][ T5854] RIP: 0033:0x7f392b8be889
[   71.657867][ T5854] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 1c 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   71.677580][ T5854] RSP: 002b:00007f392b82f218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   71.686634][ T5854] RAX: ffffffffffffffda RBX: 00007f392b941388 RCX: 00007f392b8be889
[   71.694740][ T5854] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000008
[   71.703015][ T5854] RBP: 00007f392b941380 R08: 0000000000000000 R09: 0000000000000000
[   71.711191][ T5854] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f392b90e1bc
[   71.719160][ T5854] R13: 006c7274635f6962 R14: 6962752f7665642f R15: 006b6e696c766564
[   71.727324][ T5854]  </TASK>
[   71.730454][ T5854] 
[   71.732865][ T5854] Allocated by task 5853:
[   71.737544][ T5854]  kasan_save_track+0x3f/0x80
[   71.742685][ T5854]  __kasan_kmalloc+0x98/0xb0
[   71.747730][ T5854]  __kmalloc_cache_noprof+0x243/0x390
[   71.753474][ T5854]  ubi_attach_mtd_dev+0x552/0x3540
[   71.758880][ T5854]  ctrl_cdev_ioctl+0x346/0x570
[   71.763864][ T5854]  __se_sys_ioctl+0xf5/0x170
[   71.769435][ T5854]  do_syscall_64+0xf3/0x230
[   71.774292][ T5854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.780486][ T5854] 
[   71.783108][ T5854] Freed by task 5853:
[   71.787516][ T5854]  kasan_save_track+0x3f/0x80
[   71.792619][ T5854]  kasan_save_free_info+0x40/0x50
[   71.797657][ T5854]  __kasan_slab_free+0x59/0x70
[   71.802536][ T5854]  kfree+0x196/0x430
[   71.806456][ T5854]  device_release+0x99/0x1c0
[   71.811067][ T5854]  kobject_put+0x22f/0x480
[   71.815524][ T5854]  ubi_attach_mtd_dev+0x8f5/0x3540
[   71.820830][ T5854]  ctrl_cdev_ioctl+0x346/0x570
[   71.825836][ T5854]  __se_sys_ioctl+0xf5/0x170
[   71.830694][ T5854]  do_syscall_64+0xf3/0x230
[   71.835464][ T5854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.841499][ T5854] 
[   71.843815][ T5854] The buggy address belongs to the object at ffff888033d0c000
[   71.843815][ T5854]  which belongs to the cache kmalloc-8k of size 8192
[   71.857946][ T5854] The buggy address is located 6360 bytes inside of
[   71.857946][ T5854]  freed 8192-byte region [ffff888033d0c000, ffff888033d0e000)
[   71.872785][ T5854] 
[   71.875114][ T5854] The buggy address belongs to the physical page:
[   71.881595][ T5854] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33d08
[   71.891103][ T5854] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   71.900232][ T5854] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   71.909007][ T5854] page_type: f5(slab)
[   71.913103][ T5854] raw: 00fff00000000040 ffff88801ac42280 0000000000000000 dead000000000001
[   71.921966][ T5854] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[   71.931537][ T5854] head: 00fff00000000040 ffff88801ac42280 0000000000000000 dead000000000001
[   71.940483][ T5854] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
[   71.951489][ T5854] head: 00fff00000000003 ffffea0000cf4201 ffffffffffffffff 0000000000000000
[   71.962340][ T5854] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   71.972588][ T5854] page dumped because: kasan: bad access detected
[   71.980194][ T5854] page_owner tracks the page as allocated
[   71.986118][ T5854] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5499, tgid 5499 (start-stop-daem), ts 44063768325, free_ts 44013719782
[   72.009516][ T5854]  post_alloc_hook+0x1f3/0x230
[   72.014391][ T5854]  get_page_from_freelist+0x3738/0x3880
[   72.020388][ T5854]  __alloc_pages_noprof+0x292/0x710
[   72.026697][ T5854]  alloc_pages_mpol_noprof+0x3e8/0x680
[   72.033138][ T5854]  alloc_slab_page+0x6a/0x140
[   72.038907][ T5854]  allocate_slab+0x5a/0x2f0
[   72.043901][ T5854]  ___slab_alloc+0xcd1/0x14b0
[   72.049328][ T5854]  __slab_alloc+0x58/0xa0
[   72.053924][ T5854]  __kmalloc_cache_noprof+0x27b/0x390
[   72.059390][ T5854]  tomoyo_init_log+0x11cd/0x2050
[   72.064413][ T5854]  tomoyo_supervisor+0x38a/0x11f0
[   72.069444][ T5854]  tomoyo_env_perm+0x178/0x210
[   72.074238][ T5854]  tomoyo_find_next_domain+0x146e/0x1d40
[   72.079867][ T5854]  tomoyo_bprm_check_security+0x117/0x180
[   72.085762][ T5854]  security_bprm_check+0x86/0x250
[   72.090957][ T5854]  bprm_execve+0x894/0x13a0
[   72.095455][ T5854] page last free pid 5499 tgid 5499 stack trace:
[   72.101900][ T5854]  free_unref_page+0xdef/0x1130
[   72.106916][ T5854]  __put_partials+0xeb/0x130
[   72.111503][ T5854]  put_cpu_partial+0x17c/0x250
[   72.116703][ T5854]  __slab_free+0x2ea/0x3d0
[   72.121223][ T5854]  qlist_free_all+0x9a/0x140
[   72.126022][ T5854]  kasan_quarantine_reduce+0x14f/0x170
[   72.133573][ T5854]  __kasan_slab_alloc+0x23/0x80
[   72.140665][ T5854]  kmem_cache_alloc_noprof+0x1d9/0x380
[   72.147115][ T5854]  getname_flags+0xb7/0x540
[   72.152085][ T5854]  do_sys_openat2+0xd2/0x1d0
[   72.157028][ T5854]  __x64_sys_openat+0x247/0x2a0
[   72.162477][ T5854]  do_syscall_64+0xf3/0x230
[   72.167642][ T5854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.176059][ T5854] 
[   72.178539][ T5854] Memory state around the buggy address:
[   72.185273][ T5854]  ffff888033d0d780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.194353][ T5854]  ffff888033d0d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.203241][ T5854] >ffff888033d0d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.213054][ T5854]                                                     ^
[   72.220600][ T5854]  ffff888033d0d900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.230661][ T5854]  ffff888033d0d980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   72.240657][ T5854] ==================================================================
[   72.468796][ T5854] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   72.476127][ T5854] CPU: 1 UID: 0 PID: 5854 Comm: syz-executor215 Not tainted 6.12.0-next-20241128-syzkaller #0
[   72.486411][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   72.497712][ T5854] Call Trace:
[   72.501093][ T5854]  <TASK>
[   72.504229][ T5854]  dump_stack_lvl+0x241/0x360
[   72.509322][ T5854]  ? __pfx_dump_stack_lvl+0x10/0x10
[   72.514810][ T5854]  ? __pfx__printk+0x10/0x10
[   72.522082][ T5854]  ? preempt_schedule+0xe1/0xf0
[   72.527343][ T5854]  ? vscnprintf+0x5d/0x90
[   72.533540][ T5854]  panic+0x349/0x880
[   72.537716][ T5854]  ? check_panic_on_warn+0x21/0xb0
[   72.544039][ T5854]  ? __pfx_panic+0x10/0x10
[   72.550278][ T5854]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   72.557202][ T5854]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   72.563939][ T5854]  ? print_report+0x502/0x550
[   72.568683][ T5854]  check_panic_on_warn+0x86/0xb0
[   72.573816][ T5854]  ? notifier_chain_register+0x141/0x3f0
[   72.579999][ T5854]  end_report+0x77/0x160
[   72.584400][ T5854]  kasan_report+0x154/0x180
[   72.589493][ T5854]  ? notifier_chain_register+0x141/0x3f0
[   72.595143][ T5854]  notifier_chain_register+0x141/0x3f0
[   72.600993][ T5854]  blocking_notifier_chain_register+0x61/0xc0
[   72.607173][ T5854]  ubi_wl_init+0x3396/0x3720
[   72.611779][ T5854]  ubi_attach+0x3e01/0x5b80
[   72.616576][ T5854]  ? __pfx_ubi_attach+0x10/0x10
[   72.621972][ T5854]  ? ubi_attach_mtd_dev+0x19fa/0x3540
[   72.627745][ T5854]  ubi_attach_mtd_dev+0x1a3a/0x3540
[   72.633438][ T5854]  ctrl_cdev_ioctl+0x346/0x570
[   72.638293][ T5854]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[   72.643577][ T5854]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[   72.649222][ T5854]  __se_sys_ioctl+0xf5/0x170
[   72.654865][ T5854]  do_syscall_64+0xf3/0x230
[   72.659737][ T5854]  ? clear_bhb_loop+0x35/0x90
[   72.664691][ T5854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.670864][ T5854] RIP: 0033:0x7f392b8be889
[   72.675379][ T5854] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 1c 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   72.698309][ T5854] RSP: 002b:00007f392b82f218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   72.707586][ T5854] RAX: ffffffffffffffda RBX: 00007f392b941388 RCX: 00007f392b8be889
[   72.715737][ T5854] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000008
[   72.725577][ T5854] RBP: 00007f392b941380 R08: 0000000000000000 R09: 0000000000000000
[   72.734064][ T5854] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f392b90e1bc
[   72.742879][ T5854] R13: 006c7274635f6962 R14: 6962752f7665642f R15: 006b6e696c766564
[   72.752158][ T5854]  </TASK>
[   72.755544][ T5854] Kernel Offset: disabled
[   72.760422][ T5854] Rebooting in 86400 seconds..