Warning: Permanently added '10.128.1.186' (ED25519) to the list of known hosts. 2024/04/08 00:26:59 ignoring optional flag "sandboxArg"="0" 2024/04/08 00:26:59 parsed 1 programs 2024/04/08 00:26:59 executed programs: 0 [ 45.030986][ T3054] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.450079][ T3060] lapbether: lapb_disconnect_request err: 4 [ 45.504580][ T3060] lapbether: lapb_disconnect_request err: 4 [ 45.564982][ T3060] lapbether: lapb_disconnect_request err: 4 [ 45.624989][ T3060] lapbether: lapb_disconnect_request err: 4 [ 47.613802][ T423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.621649][ T423] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.630231][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 47.638860][ T423] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.646863][ T423] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.655428][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 47.701371][ T3837] jffs2: notice: (3837) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 47.729989][ T3845] jffs2: notice: (3845) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 47.759085][ T3852] jffs2: notice: (3852) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 47.776375][ T3841] ================================================================== [ 47.784707][ T3841] BUG: KASAN: use-after-free in __lock_acquire.isra.16+0x13ae/0x1820 [ 47.793323][ T3841] Read of size 8 at addr ffff8881e4872328 by task jffs2_gcd_mtd0/3841 [ 47.801545][ T3841] [ 47.804077][ T3841] CPU: 1 PID: 3841 Comm: jffs2_gcd_mtd0 Not tainted 5.1.0-syzkaller #0 [ 47.812838][ T3841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 47.823035][ T3841] Call Trace: [ 47.826395][ T3841] dump_stack+0x62/0x9a [ 47.830963][ T3841] print_address_description.cold.3+0x9/0x244 [ 47.837101][ T3841] ? __lock_acquire.isra.16+0x13ae/0x1820 [ 47.843222][ T3841] __kasan_report.cold.4+0x1b/0x35 [ 47.848559][ T3841] ? __lock_acquire.isra.16+0x13ae/0x1820 [ 47.854508][ T3841] ? __lock_acquire.isra.16+0x13ae/0x1820 [ 47.860190][ T3841] kasan_report+0x12/0x20 [ 47.864481][ T3841] __asan_report_load8_noabort+0x14/0x20 [ 47.870167][ T3841] __lock_acquire.isra.16+0x13ae/0x1820 [ 47.875810][ T3841] lock_acquire+0x101/0x250 [ 47.880479][ T3841] ? jffs2_garbage_collect_pass+0xa7/0x1858 [ 47.886694][ T3841] __mutex_lock+0xd0/0xd80 [ 47.891250][ T3841] ? jffs2_garbage_collect_pass+0xa7/0x1858 [ 47.897110][ T3841] ? kasan_check_write+0x14/0x20 [ 47.902362][ T3841] ? jffs2_garbage_collect_pass+0xa7/0x1858 [ 47.908597][ T3841] ? __mutex_add_waiter+0x170/0x170 [ 47.913761][ T3841] ? __free_object+0xe1/0x1f0 [ 47.918402][ T3841] ? lock_downgrade+0x5f0/0x5f0 [ 47.923227][ T3841] ? do_raw_spin_unlock+0x172/0x260 [ 47.928389][ T3841] mutex_lock_interruptible_nested+0x16/0x20 [ 47.934330][ T3841] ? mutex_lock_interruptible_nested+0x16/0x20 [ 47.940621][ T3841] jffs2_garbage_collect_pass+0xa7/0x1858 [ 47.946312][ T3841] ? __set_current_blocked+0xc1/0x100 [ 47.951740][ T3841] ? lock_downgrade+0x5f0/0x5f0 [ 47.956642][ T3841] ? jffs2_garbage_collect_live+0x2fb0/0x2fb0 [ 47.962674][ T3841] ? do_raw_spin_unlock+0x172/0x260 [ 47.968018][ T3841] ? _raw_spin_unlock_irq+0x22/0x30 [ 47.973355][ T3841] ? __set_current_blocked+0xc1/0x100 [ 47.978949][ T3841] ? sigprocmask+0x157/0x2b0 [ 47.983687][ T3841] ? __se_sys_rt_sigsuspend+0xc0/0xc0 [ 47.989288][ T3841] jffs2_garbage_collect_thread+0x429/0x600 [ 47.995323][ T3841] ? jffs2_erase_pending_blocks.cold.2+0x668/0x668 [ 48.001965][ T3841] ? __kthread_parkme+0x82/0xf0 [ 48.007047][ T3841] ? lock_downgrade+0x5f0/0x5f0 [ 48.012139][ T3841] ? do_raw_spin_unlock+0x172/0x260 [ 48.017297][ T3841] ? __kthread_parkme+0x82/0xf0 [ 48.022113][ T3841] kthread+0x2f2/0x3b0 [ 48.026151][ T3841] ? jffs2_erase_pending_blocks.cold.2+0x668/0x668 [ 48.032884][ T3841] ? kthread_park+0xf0/0xf0 [ 48.037617][ T3841] ret_from_fork+0x35/0x40 [ 48.041999][ T3841] [ 48.044562][ T3841] Allocated by task 3837: [ 48.049772][ T3841] __kasan_kmalloc.part.0+0x44/0xc0 [ 48.055116][ T3841] __kasan_kmalloc.constprop.1+0xb1/0xc0 [ 48.060804][ T3841] kasan_kmalloc+0x9/0x10 [ 48.065126][ T3841] kmem_cache_alloc_trace+0x10c/0x200 [ 48.070463][ T3841] jffs2_fill_super+0x4e/0x2e0 [ 48.075457][ T3841] mount_mtd_aux.isra.1+0xd4/0x270 [ 48.080792][ T3841] mount_mtd_nr.isra.2+0x84/0xa0 [ 48.085875][ T3841] mount_mtd+0x2fc/0x42b [ 48.090313][ T3841] jffs2_mount+0x10/0x20 [ 48.094521][ T3841] legacy_get_tree+0x103/0x1f0 [ 48.099345][ T3841] vfs_get_tree+0x8b/0x250 [ 48.103728][ T3841] do_mount+0x10b5/0x1b30 [ 48.108022][ T3841] ksys_mount+0xb1/0xd0 [ 48.112232][ T3841] __x64_sys_mount+0xb9/0x150 [ 48.117222][ T3841] do_syscall_64+0x9a/0x310 [ 48.121953][ T3841] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 48.127897][ T3841] [ 48.130305][ T3841] Freed by task 3060: [ 48.134255][ T3841] __kasan_slab_free+0x145/0x210 [ 48.139172][ T3841] kasan_slab_free+0xe/0x10 [ 48.143645][ T3841] kfree+0xce/0x240 [ 48.147516][ T3841] jffs2_kill_sb+0x65/0x90 [ 48.152172][ T3841] deactivate_locked_super+0x7c/0xd0 [ 48.157526][ T3841] deactivate_super+0x13f/0x160 [ 48.162342][ T3841] cleanup_mnt+0x97/0x120 [ 48.166725][ T3841] __cleanup_mnt+0xd/0x10 [ 48.171194][ T3841] task_work_run+0x10e/0x180 [ 48.175751][ T3841] exit_to_usermode_loop+0x11f/0x150 [ 48.181089][ T3841] do_syscall_64+0x294/0x310 [ 48.185657][ T3841] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 48.191771][ T3841] [ 48.194078][ T3841] The buggy address belongs to the object at ffff8881e4872200 [ 48.194078][ T3841] which belongs to the cache kmalloc-4k of size 4096 [ 48.208190][ T3841] The buggy address is located 296 bytes inside of [ 48.208190][ T3841] 4096-byte region [ffff8881e4872200, ffff8881e4873200) [ 48.221771][ T3841] The buggy address belongs to the page: [ 48.227543][ T3841] page:ffffea0007921c00 count:1 mapcount:0 mapping:ffff8881f6c02600 index:0x0 compound_mapcount: 0 [ 48.238663][ T3841] flags: 0x200000000010200(slab|head) [ 48.244036][ T3841] raw: 0200000000010200 ffffea000792c000 0000000200000002 ffff8881f6c02600 [ 48.252688][ T3841] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 48.261245][ T3841] page dumped because: kasan: bad access detected [ 48.268096][ T3841] page allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC) [ 48.282747][ T3841] prep_new_page+0x235/0x300 [ 48.287485][ T3841] get_page_from_freelist+0xf3f/0x33d0 [ 48.293001][ T3841] __alloc_pages_nodemask+0x2eb/0x22e0 [ 48.298628][ T3841] alloc_pages_current+0xfd/0x290 [ 48.303628][ T3841] new_slab+0x3df/0x660 [ 48.307749][ T3841] ___slab_alloc+0x5cf/0x7e0 [ 48.312392][ T3841] __slab_alloc+0xd/0x20 [ 48.316597][ T3841] kmem_cache_alloc_trace+0x1bf/0x200 [ 48.321936][ T3841] kobject_uevent_env+0x1d3/0x1090 [ 48.327732][ T3841] kobject_synth_uevent+0x5d9/0x833 [ 48.333689][ T3841] uevent_store+0x1c/0x30 [ 48.338156][ T3841] dev_attr_store+0x39/0x70 [ 48.342736][ T3841] sysfs_kf_write+0xff/0x150 [ 48.347376][ T3841] kernfs_fop_write+0x2e6/0x4c0 [ 48.352191][ T3841] __vfs_write+0x61/0x110 [ 48.356572][ T3841] vfs_write+0x13e/0x4c0 [ 48.360784][ T3841] [ 48.363184][ T3841] Memory state around the buggy address: [ 48.368960][ T3841] ffff8881e4872200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.377084][ T3841] ffff8881e4872280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.385119][ T3841] >ffff8881e4872300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.393605][ T3841] ^ [ 48.398942][ T3841] ffff8881e4872380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.407068][ T3841] ffff8881e4872400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.415166][ T3841] ================================================================== [ 48.423372][ T3841] Disabling lock debugging due to kernel taint [ 48.429490][ T3841] Kernel panic - not syncing: panic_on_warn set ... [ 48.436737][ T3841] Kernel Offset: disabled [ 48.441148][ T3841] Rebooting in 86400 seconds..