Warning: Permanently added '10.128.0.14' (ED25519) to the list of known hosts. 2024/06/06 10:04:54 ignoring optional flag "sandboxArg"="0" 2024/06/06 10:04:55 parsed 1 programs 2024/06/06 10:04:57 executed programs: 0 [ 58.420457][ T2589] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 59.984533][ T2594] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.996573][ T2594] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 60.006966][ T2594] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 60.020651][ T2594] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 66.152872][ T1084] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.161044][ T1084] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.177630][ T1644] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.185717][ T1644] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.269494][ T3315] loop0: detected capacity change from 0 to 2048 2024/06/06 10:05:05 executed programs: 1 [ 66.375122][ T3315] jffs2: notice: (3315) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 66.417988][ T3319] loop0: detected capacity change from 0 to 2048 [ 66.448286][ T3317] ================================================================== [ 66.456379][ T3317] BUG: KASAN: slab-use-after-free in __mutex_lock+0x11b/0x1990 [ 66.463925][ T3317] Read of size 8 at addr ffff888105f9e130 by task jffs2_gcd_mtd0/3317 [ 66.472057][ T3317] [ 66.474367][ T3317] CPU: 1 PID: 3317 Comm: jffs2_gcd_mtd0 Not tainted 6.10.0-rc2-syzkaller #0 [ 66.483100][ T3317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 66.493142][ T3317] Call Trace: [ 66.496431][ T3317] [ 66.499340][ T3317] dump_stack_lvl+0x231/0x330 [ 66.504086][ T3317] ? __pfx_dump_stack_lvl+0x10/0x10 [ 66.509260][ T3317] ? __pfx__printk+0x10/0x10 [ 66.513836][ T3317] ? lock_acquire+0xc2/0x3a0 [ 66.518416][ T3317] ? __pfx_lock_acquire+0x10/0x10 [ 66.523430][ T3317] ? _printk+0xd5/0x120 [ 66.527573][ T3317] ? __virt_addr_valid+0x169/0x370 [ 66.532669][ T3317] print_report+0x169/0x550 [ 66.537173][ T3317] ? __virt_addr_valid+0x169/0x370 [ 66.542268][ T3317] ? __virt_addr_valid+0x2b4/0x370 [ 66.547387][ T3317] ? __phys_addr+0x90/0x130 [ 66.551872][ T3317] ? __mutex_lock+0x11b/0x1990 [ 66.556621][ T3317] kasan_report+0x143/0x180 [ 66.561108][ T3317] ? __mutex_lock+0x11b/0x1990 [ 66.565953][ T3317] ? jffs2_garbage_collect_pass+0xae/0x2080 [ 66.571831][ T3317] __mutex_lock+0x11b/0x1990 [ 66.576416][ T3317] ? __lock_acquire+0x5cd/0xc10 [ 66.581250][ T3317] ? __pfx___mutex_lock+0x10/0x10 [ 66.586270][ T3317] ? __lock_acquire+0x5cd/0xc10 [ 66.591110][ T3317] ? __set_current_blocked+0x310/0x380 [ 66.596555][ T3317] jffs2_garbage_collect_pass+0xae/0x2080 [ 66.602260][ T3317] ? _raw_spin_unlock_irq+0x29/0x50 [ 66.607448][ T3317] ? __set_current_blocked+0x310/0x380 [ 66.612976][ T3317] ? __pfx___set_current_blocked+0x10/0x10 [ 66.618766][ T3317] ? __pfx_jffs2_garbage_collect_pass+0x10/0x10 [ 66.624991][ T3317] ? schedule_timeout+0x21a/0x2e0 [ 66.630085][ T3317] ? sigprocmask+0x228/0x280 [ 66.634661][ T3317] ? __pfx_sigprocmask+0x10/0x10 [ 66.639584][ T3317] ? do_raw_spin_unlock+0x13c/0x8b0 [ 66.644770][ T3317] jffs2_garbage_collect_thread+0x5c0/0x650 [ 66.650652][ T3317] ? __pfx_jffs2_garbage_collect_thread+0x10/0x10 [ 66.657047][ T3317] ? _raw_spin_unlock_irqrestore+0xcf/0x130 [ 66.662925][ T3317] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 66.669234][ T3317] ? _raw_spin_unlock_irqrestore+0xcf/0x130 [ 66.675107][ T3317] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 66.681448][ T3317] ? __kthread_parkme+0x126/0x170 [ 66.686481][ T3317] ? __pfx_jffs2_garbage_collect_thread+0x10/0x10 [ 66.692900][ T3317] kthread+0x290/0x300 [ 66.696965][ T3317] ? __pfx_jffs2_garbage_collect_thread+0x10/0x10 [ 66.703366][ T3317] ? __pfx_kthread+0x10/0x10 [ 66.707951][ T3317] ret_from_fork+0x4b/0x80 [ 66.712363][ T3317] ? __pfx_kthread+0x10/0x10 [ 66.716943][ T3317] ret_from_fork_asm+0x1a/0x30 [ 66.721706][ T3317] [ 66.724715][ T3317] [ 66.727020][ T3317] Allocated by task 3315: [ 66.731380][ T3317] kasan_save_track+0x3f/0x80 [ 66.736045][ T3317] __kasan_kmalloc+0x98/0xb0 [ 66.740642][ T3317] kmalloc_trace_noprof+0x19e/0x360 [ 66.745828][ T3317] jffs2_init_fs_context+0x4f/0xc0 [ 66.750934][ T3317] alloc_fs_context+0x685/0x800 [ 66.755768][ T3317] do_new_mount+0x160/0xb40 [ 66.760251][ T3317] __se_sys_mount+0x2c8/0x3b0 [ 66.764922][ T3317] do_syscall_64+0x8d/0x1a0 [ 66.769404][ T3317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.775281][ T3317] [ 66.777606][ T3317] Freed by task 2594: [ 66.781563][ T3317] kasan_save_track+0x3f/0x80 [ 66.786311][ T3317] kasan_save_free_info+0x40/0x50 [ 66.791330][ T3317] poison_slab_object+0xe0/0x150 [ 66.796340][ T3317] __kasan_slab_free+0x37/0x60 [ 66.801096][ T3317] kfree+0x12f/0x310 [ 66.804971][ T3317] deactivate_locked_super+0xca/0x450 [ 66.810431][ T3317] cleanup_mnt+0x352/0x3e0 [ 66.814847][ T3317] task_work_run+0x24f/0x300 [ 66.819420][ T3317] syscall_exit_to_user_mode+0xc5/0x1f0 [ 66.824961][ T3317] do_syscall_64+0x9a/0x1a0 [ 66.829450][ T3317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.835330][ T3317] [ 66.837646][ T3317] The buggy address belongs to the object at ffff888105f9e000 [ 66.837646][ T3317] which belongs to the cache kmalloc-4k of size 4096 [ 66.851680][ T3317] The buggy address is located 304 bytes inside of [ 66.851680][ T3317] freed 4096-byte region [ffff888105f9e000, ffff888105f9f000) [ 66.865544][ T3317] [ 66.867850][ T3317] The buggy address belongs to the physical page: [ 66.874253][ T3317] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f98 [ 66.883089][ T3317] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 66.891566][ T3317] flags: 0x200000000000040(head|node=0|zone=2) [ 66.897705][ T3317] page_type: 0xffffefff(slab) [ 66.902370][ T3317] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 66.910933][ T3317] raw: 0000000000000000 0000000000040004 00000001ffffefff 0000000000000000 [ 66.919499][ T3317] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 66.928147][ T3317] head: 0000000000000000 0000000000040004 00000001ffffefff 0000000000000000 [ 66.936816][ T3317] head: 0200000000000003 ffffea000417e601 ffffffffffffffff 0000000000000000 [ 66.945484][ T3317] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 66.954140][ T3317] page dumped because: kasan: bad access detected [ 66.960547][ T3317] page_owner tracks the page as allocated [ 66.966240][ T3317] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 1644, tgid 1644 (kworker/1:2), ts 66369220897, free_ts 66286902405 [ 66.988277][ T3317] post_alloc_hook+0x10f/0x130 [ 66.993026][ T3317] get_page_from_freelist+0x37f4/0x3920 [ 66.998647][ T3317] __alloc_pages_noprof+0x256/0x670 [ 67.003830][ T3317] alloc_slab_page+0x5f/0x120 [ 67.008496][ T3317] allocate_slab+0x5d/0x290 [ 67.012981][ T3317] ___slab_alloc+0xa7f/0x11d0 [ 67.017638][ T3317] kmalloc_node_track_caller_noprof+0x27d/0x460 [ 67.023862][ T3317] kmalloc_reserve+0x111/0x2a0 [ 67.028617][ T3317] __alloc_skb+0x2d4/0x600 [ 67.033021][ T3317] nsim_dev_trap_report_work+0x254/0xaa0 [ 67.038635][ T3317] process_scheduled_works+0x9a7/0x15f0 [ 67.044170][ T3317] worker_thread+0xa60/0xf60 [ 67.048743][ T3317] kthread+0x290/0x300 [ 67.052796][ T3317] ret_from_fork+0x4b/0x80 [ 67.057280][ T3317] ret_from_fork_asm+0x1a/0x30 [ 67.062029][ T3317] page last free pid 3316 tgid 3316 stack trace: [ 67.068337][ T3317] free_unref_page+0xbae/0xcf0 [ 67.073080][ T3317] __put_partials+0x18e/0x1d0 [ 67.077741][ T3317] put_cpu_partial+0x151/0x1b0 [ 67.082487][ T3317] __slab_free+0x2b8/0x3a0 [ 67.086886][ T3317] qlist_free_all+0x9e/0x140 [ 67.091463][ T3317] kasan_quarantine_reduce+0x14f/0x170 [ 67.096906][ T3317] __kasan_slab_alloc+0x23/0x80 [ 67.101831][ T3317] kmem_cache_alloc_noprof+0x12b/0x350 [ 67.107273][ T3317] vm_area_dup+0x60/0x150 [ 67.111673][ T3317] __split_vma+0x12b/0xaf0 [ 67.116068][ T3317] do_vmi_align_munmap+0x43b/0x1660 [ 67.121281][ T3317] do_vmi_munmap+0x261/0x2f0 [ 67.125854][ T3317] mmap_region+0x726/0x1f20 [ 67.130345][ T3317] do_mmap+0x8a3/0xf80 [ 67.134417][ T3317] vm_mmap_pgoff+0x1d7/0x3a0 [ 67.139019][ T3317] ksys_mmap_pgoff+0x36d/0x4b0 [ 67.143784][ T3317] [ 67.146112][ T3317] Memory state around the buggy address: [ 67.151719][ T3317] ffff888105f9e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.159759][ T3317] ffff888105f9e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.167885][ T3317] >ffff888105f9e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.175927][ T3317] ^ [ 67.181621][ T3317] ffff888105f9e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.189662][ T3317] ffff888105f9e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.197701][ T3317] ================================================================== [ 67.206588][ T3317] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 67.214009][ T3317] Kernel Offset: disabled [ 67.218328][ T3317] Rebooting in 86400 seconds..