Warning: Permanently added '10.128.1.32' (ED25519) to the list of known hosts. 2024/04/05 12:00:08 ignoring optional flag "sandboxArg"="0" 2024/04/05 12:00:08 parsed 1 programs 2024/04/05 12:00:08 executed programs: 0 [ 44.050019][ T3048] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 44.479298][ T3054] lapbether: lapb_disconnect_request err: 4 [ 44.546859][ T3054] lapbether: lapb_disconnect_request err: 4 [ 44.586004][ T3054] lapbether: lapb_disconnect_request err: 4 [ 44.635911][ T3054] lapbether: lapb_disconnect_request err: 4 [ 46.592149][ T492] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.600242][ T492] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.606352][ T223] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.608231][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 46.615370][ T223] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.630355][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 46.758965][ T3830] jffs2: notice: (3830) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 46.834693][ T3848] ================================================================== [ 46.842961][ T3848] BUG: KASAN: use-after-free in __lock_acquire.isra.16+0x13ae/0x1820 [ 46.851205][ T3848] Read of size 8 at addr ffff8881e495d628 by task jffs2_gcd_mtd0/3848 [ 46.859594][ T3848] [ 46.862025][ T3848] CPU: 0 PID: 3848 Comm: jffs2_gcd_mtd0 Not tainted 5.1.0-syzkaller #0 [ 46.870342][ T3848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 46.880759][ T3848] Call Trace: [ 46.884226][ T3848] dump_stack+0x62/0x9a [ 46.888475][ T3848] print_address_description.cold.3+0x9/0x244 [ 46.894714][ T3848] ? __lock_acquire.isra.16+0x13ae/0x1820 [ 46.900636][ T3848] __kasan_report.cold.4+0x1b/0x35 [ 46.905762][ T3848] ? __lock_acquire.isra.16+0x13ae/0x1820 [ 46.911484][ T3848] ? __lock_acquire.isra.16+0x13ae/0x1820 [ 46.917203][ T3848] kasan_report+0x12/0x20 [ 46.921531][ T3848] __asan_report_load8_noabort+0x14/0x20 [ 46.927248][ T3848] __lock_acquire.isra.16+0x13ae/0x1820 [ 46.932789][ T3848] lock_acquire+0x101/0x250 [ 46.937306][ T3848] ? jffs2_garbage_collect_pass+0xa7/0x1858 [ 46.943462][ T3848] __mutex_lock+0xd0/0xd80 [ 46.948783][ T3848] ? jffs2_garbage_collect_pass+0xa7/0x1858 [ 46.954786][ T3848] ? kasan_check_write+0x14/0x20 [ 46.960414][ T3848] ? jffs2_garbage_collect_pass+0xa7/0x1858 [ 46.966316][ T3848] ? __mutex_add_waiter+0x170/0x170 [ 46.971790][ T3848] ? __free_object+0xe1/0x1f0 [ 46.977270][ T3848] ? lock_downgrade+0x5f0/0x5f0 [ 46.982213][ T3848] ? do_raw_spin_unlock+0x172/0x260 [ 46.987551][ T3848] mutex_lock_interruptible_nested+0x16/0x20 [ 46.993868][ T3848] ? mutex_lock_interruptible_nested+0x16/0x20 [ 47.000293][ T3848] jffs2_garbage_collect_pass+0xa7/0x1858 [ 47.006585][ T3848] ? __set_current_blocked+0xc1/0x100 [ 47.011954][ T3848] ? lock_downgrade+0x5f0/0x5f0 [ 47.017218][ T3848] ? jffs2_garbage_collect_live+0x2fb0/0x2fb0 [ 47.023364][ T3848] ? do_raw_spin_unlock+0x172/0x260 [ 47.028567][ T3848] ? _raw_spin_unlock_irq+0x22/0x30 [ 47.033872][ T3848] ? __set_current_blocked+0xc1/0x100 [ 47.039858][ T3848] ? sigprocmask+0x157/0x2b0 [ 47.044723][ T3848] ? __se_sys_rt_sigsuspend+0xc0/0xc0 [ 47.050609][ T3848] jffs2_garbage_collect_thread+0x429/0x600 [ 47.056683][ T3848] ? jffs2_erase_pending_blocks.cold.2+0x668/0x668 [ 47.064251][ T3848] ? __kthread_parkme+0x82/0xf0 [ 47.069370][ T3848] ? lock_downgrade+0x5f0/0x5f0 [ 47.074318][ T3848] ? do_raw_spin_unlock+0x172/0x260 [ 47.079602][ T3848] ? __kthread_parkme+0x82/0xf0 [ 47.084632][ T3848] kthread+0x2f2/0x3b0 [ 47.088787][ T3848] ? jffs2_erase_pending_blocks.cold.2+0x668/0x668 [ 47.095372][ T3848] ? kthread_park+0xf0/0xf0 [ 47.099893][ T3848] ret_from_fork+0x35/0x40 [ 47.104304][ T3848] [ 47.106621][ T3848] Allocated by task 3830: [ 47.110948][ T3848] __kasan_kmalloc.part.0+0x44/0xc0 [ 47.116322][ T3848] __kasan_kmalloc.constprop.1+0xb1/0xc0 [ 47.121997][ T3848] kasan_kmalloc+0x9/0x10 [ 47.126318][ T3848] kmem_cache_alloc_trace+0x10c/0x200 [ 47.131701][ T3848] jffs2_fill_super+0x4e/0x2e0 [ 47.136578][ T3848] mount_mtd_aux.isra.1+0xd4/0x270 [ 47.141887][ T3848] mount_mtd_nr.isra.2+0x84/0xa0 [ 47.146820][ T3848] mount_mtd+0x2fc/0x42b [ 47.151059][ T3848] jffs2_mount+0x10/0x20 [ 47.155385][ T3848] legacy_get_tree+0x103/0x1f0 [ 47.160143][ T3848] vfs_get_tree+0x8b/0x250 [ 47.164734][ T3848] do_mount+0x10b5/0x1b30 [ 47.169056][ T3848] ksys_mount+0xb1/0xd0 [ 47.173203][ T3848] __x64_sys_mount+0xb9/0x150 [ 47.178048][ T3848] do_syscall_64+0x9a/0x310 [ 47.182549][ T3848] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.188520][ T3848] [ 47.190838][ T3848] Freed by task 3054: [ 47.194810][ T3848] __kasan_slab_free+0x145/0x210 [ 47.199741][ T3848] kasan_slab_free+0xe/0x10 [ 47.204243][ T3848] kfree+0xce/0x240 [ 47.208044][ T3848] jffs2_kill_sb+0x65/0x90 [ 47.212455][ T3848] deactivate_locked_super+0x7c/0xd0 [ 47.217735][ T3848] deactivate_super+0x13f/0x160 [ 47.222691][ T3848] cleanup_mnt+0x97/0x120 [ 47.227016][ T3848] __cleanup_mnt+0xd/0x10 [ 47.231381][ T3848] task_work_run+0x10e/0x180 [ 47.235966][ T3848] exit_to_usermode_loop+0x11f/0x150 [ 47.241243][ T3848] do_syscall_64+0x294/0x310 [ 47.245857][ T3848] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.251738][ T3848] [ 47.254065][ T3848] The buggy address belongs to the object at ffff8881e495d500 [ 47.254065][ T3848] which belongs to the cache kmalloc-4k of size 4096 [ 47.268189][ T3848] The buggy address is located 296 bytes inside of [ 47.268189][ T3848] 4096-byte region [ffff8881e495d500, ffff8881e495e500) [ 47.281701][ T3848] The buggy address belongs to the page: [ 47.287321][ T3848] page:ffffea0007925600 count:1 mapcount:0 mapping:ffff8881f6c02600 index:0x0 compound_mapcount: 0 [ 47.298050][ T3848] flags: 0x200000000010200(slab|head) [ 47.303391][ T3848] raw: 0200000000010200 ffffea0007917c00 0000000200000002 ffff8881f6c02600 [ 47.312042][ T3848] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 47.320926][ T3848] page dumped because: kasan: bad access detected [ 47.327405][ T3848] page allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC) [ 47.342053][ T3848] prep_new_page+0x235/0x300 [ 47.346703][ T3848] get_page_from_freelist+0xf3f/0x33d0 [ 47.352136][ T3848] __alloc_pages_nodemask+0x2eb/0x22e0 [ 47.357710][ T3848] alloc_pages_current+0xfd/0x290 [ 47.362708][ T3848] new_slab+0x3df/0x660 [ 47.366846][ T3848] ___slab_alloc+0x5cf/0x7e0 [ 47.371519][ T3848] __slab_alloc+0xd/0x20 [ 47.375748][ T3848] kmem_cache_alloc_trace+0x1bf/0x200 [ 47.381199][ T3848] uevent_show+0x134/0x300 [ 47.385735][ T3848] dev_attr_show+0x42/0x80 [ 47.390309][ T3848] sysfs_kf_seq_show+0x200/0x3d0 [ 47.395228][ T3848] kernfs_seq_show+0x150/0x1b0 [ 47.399967][ T3848] seq_read+0x3f4/0x1000 [ 47.404177][ T3848] kernfs_fop_read+0xcc/0x5d0 [ 47.408836][ T3848] __vfs_read+0x61/0x110 [ 47.413066][ T3848] vfs_read+0xf1/0x2f0 [ 47.417105][ T3848] [ 47.419406][ T3848] Memory state around the buggy address: [ 47.425101][ T3848] ffff8881e495d500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.433323][ T3848] ffff8881e495d580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.441626][ T3848] >ffff8881e495d600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.449783][ T3848] ^ [ 47.455149][ T3848] ffff8881e495d680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.463389][ T3848] ffff8881e495d700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.471430][ T3848] ================================================================== [ 47.479555][ T3848] Disabling lock debugging due to kernel taint [ 47.485694][ T3848] Kernel panic - not syncing: panic_on_warn set ... [ 47.492520][ T3848] Kernel Offset: disabled [ 47.496827][ T3848] Rebooting in 86400 seconds..