[ 31.746458][ T1931] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 31.758332][ T1931] syz-executor (1931) used greatest stack depth: 20376 bytes left [ 33.096641][ T1938] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 33.106326][ T1938] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 33.116601][ T1938] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 33.125926][ T1938] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 37.032972][ T1211] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.041213][ T1211] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 37.057014][ T1211] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 37.065303][ T1211] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 Warning: Permanently added '10.128.1.75' (ED25519) to the list of known hosts. 2024/08/31 15:54:07 ignoring optional flag "sandboxArg"="0" 2024/08/31 15:54:07 parsed 1 programs 2024/08/31 15:54:09 executed programs: 0 [ 59.395746][ T2591] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 61.031170][ T2596] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 61.043214][ T2596] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 61.053655][ T2596] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 61.065430][ T2596] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 67.518367][ T1247] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.527524][ T1247] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.556940][ T1247] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.565138][ T1247] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2024/08/31 15:54:17 executed programs: 1 [ 67.674964][ T3311] loop0: detected capacity change from 0 to 2048 [ 67.688733][ T3311] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 67.705386][ T3311] jffs2: notice: (3311) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 67.762793][ T3314] loop0: detected capacity change from 0 to 2048 [ 67.771526][ T3314] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 67.784966][ T3312] ================================================================== [ 67.793083][ T3312] BUG: KASAN: slab-use-after-free in __mutex_lock+0x11b/0x1990 [ 67.794609][ T3314] jffs2: notice: (3314) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 67.800759][ T3312] Read of size 8 at addr ffff88811f99e130 by task jffs2_gcd_mtd0/3312 [ 67.800788][ T3312] [ 67.800817][ T3312] CPU: 0 UID: 0 PID: 3312 Comm: jffs2_gcd_mtd0 Not tainted 6.11.0-rc5-syzkaller #0 [ 67.837256][ T3312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 67.847691][ T3312] Call Trace: [ 67.850975][ T3312] [ 67.853916][ T3312] dump_stack_lvl+0x231/0x330 [ 67.858696][ T3312] ? __pfx_dump_stack_lvl+0x10/0x10 [ 67.864201][ T3312] ? __pfx__printk+0x10/0x10 [ 67.868793][ T3312] ? lock_acquire+0xc2/0x3a0 [ 67.873747][ T3312] ? __pfx_lock_acquire+0x10/0x10 [ 67.878783][ T3312] ? _printk+0xd5/0x120 [ 67.882959][ T3312] ? __virt_addr_valid+0x169/0x380 [ 67.888112][ T3312] print_report+0x169/0x550 [ 67.892629][ T3312] ? __virt_addr_valid+0x169/0x380 [ 67.897789][ T3312] ? __virt_addr_valid+0x2c1/0x380 [ 67.902886][ T3312] ? __phys_addr+0x90/0x130 [ 67.907372][ T3312] ? __mutex_lock+0x11b/0x1990 [ 67.912218][ T3312] kasan_report+0x143/0x180 [ 67.916716][ T3312] ? __mutex_lock+0x11b/0x1990 [ 67.921572][ T3312] ? jffs2_garbage_collect_pass+0xae/0x2080 [ 67.927735][ T3312] __mutex_lock+0x11b/0x1990 [ 67.932329][ T3312] ? __lock_acquire+0x61d/0xc60 [ 67.937165][ T3312] ? __pfx___mutex_lock+0x10/0x10 [ 67.942205][ T3312] ? __lock_acquire+0x61d/0xc60 [ 67.947126][ T3312] ? __set_current_blocked+0x310/0x380 [ 67.952569][ T3312] jffs2_garbage_collect_pass+0xae/0x2080 [ 67.958288][ T3312] ? _raw_spin_unlock_irq+0x29/0x50 [ 67.963570][ T3312] ? __set_current_blocked+0x310/0x380 [ 67.969022][ T3312] ? __pfx___set_current_blocked+0x10/0x10 [ 67.975108][ T3312] ? __pfx_jffs2_garbage_collect_pass+0x10/0x10 [ 67.981515][ T3312] ? schedule_timeout+0x21a/0x2e0 [ 67.986698][ T3312] ? sigprocmask+0x228/0x280 [ 67.991273][ T3312] ? __pfx_sigprocmask+0x10/0x10 [ 67.996286][ T3312] ? do_raw_spin_unlock+0x13c/0x8b0 [ 68.001468][ T3312] jffs2_garbage_collect_thread+0x5c0/0x650 [ 68.007871][ T3312] ? __pfx_jffs2_garbage_collect_thread+0x10/0x10 [ 68.014717][ T3312] ? _raw_spin_unlock_irqrestore+0xcf/0x130 [ 68.020596][ T3312] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 68.026962][ T3312] ? _raw_spin_unlock_irqrestore+0xcf/0x130 [ 68.033097][ T3312] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 68.039612][ T3312] ? __kthread_parkme+0x126/0x170 [ 68.044647][ T3312] ? __pfx_jffs2_garbage_collect_thread+0x10/0x10 [ 68.051228][ T3312] kthread+0x290/0x300 [ 68.055283][ T3312] ? __pfx_jffs2_garbage_collect_thread+0x10/0x10 [ 68.061768][ T3312] ? __pfx_kthread+0x10/0x10 [ 68.066436][ T3312] ret_from_fork+0x4b/0x80 [ 68.070853][ T3312] ? __pfx_kthread+0x10/0x10 [ 68.075657][ T3312] ret_from_fork_asm+0x1a/0x30 [ 68.080531][ T3312] [ 68.083597][ T3312] [ 68.085935][ T3312] Allocated by task 3311: [ 68.090273][ T3312] kasan_save_track+0x3f/0x80 [ 68.094963][ T3312] __kasan_kmalloc+0x98/0xb0 [ 68.099599][ T3312] __kmalloc_cache_noprof+0x19e/0x360 [ 68.104977][ T3312] jffs2_init_fs_context+0x4f/0xc0 [ 68.110110][ T3312] alloc_fs_context+0x685/0x800 [ 68.114948][ T3312] do_new_mount+0x160/0xb40 [ 68.119729][ T3312] __se_sys_mount+0x2c5/0x3b0 [ 68.124674][ T3312] do_syscall_64+0x8d/0x190 [ 68.129645][ T3312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.135630][ T3312] [ 68.138042][ T3312] Freed by task 2596: [ 68.142108][ T3312] kasan_save_track+0x3f/0x80 [ 68.146801][ T3312] kasan_save_free_info+0x40/0x50 [ 68.151869][ T3312] poison_slab_object+0xe0/0x150 [ 68.156893][ T3312] __kasan_slab_free+0x37/0x60 [ 68.161663][ T3312] kfree+0x12f/0x310 [ 68.165626][ T3312] deactivate_locked_super+0xca/0x450 [ 68.171040][ T3312] cleanup_mnt+0x352/0x3e0 [ 68.175568][ T3312] task_work_run+0x24f/0x300 [ 68.180200][ T3312] syscall_exit_to_user_mode+0xc5/0x200 [ 68.185979][ T3312] do_syscall_64+0x9a/0x190 [ 68.190492][ T3312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.196551][ T3312] [ 68.198877][ T3312] The buggy address belongs to the object at ffff88811f99e000 [ 68.198877][ T3312] which belongs to the cache kmalloc-4k of size 4096 [ 68.213151][ T3312] The buggy address is located 304 bytes inside of [ 68.213151][ T3312] freed 4096-byte region [ffff88811f99e000, ffff88811f99f000) [ 68.227233][ T3312] [ 68.229569][ T3312] The buggy address belongs to the physical page: [ 68.236003][ T3312] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f998 [ 68.244902][ T3312] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 68.253543][ T3312] flags: 0x200000000000040(head|node=0|zone=2) [ 68.259995][ T3312] page_type: 0xfdffffff(slab) [ 68.264835][ T3312] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 68.273407][ T3312] raw: 0000000000000000 0000000000040004 00000001fdffffff 0000000000000000 [ 68.281970][ T3312] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 68.290639][ T3312] head: 0000000000000000 0000000000040004 00000001fdffffff 0000000000000000 [ 68.299312][ T3312] head: 0200000000000003 ffffea00047e6601 ffffffffffffffff 0000000000000000 [ 68.308258][ T3312] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 68.316923][ T3312] page dumped because: kasan: bad access detected [ 68.323372][ T3312] page_owner tracks the page as allocated [ 68.329094][ T3312] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3311, tgid 3310 (syz-executor.0), ts 67704353898, free_ts 67606581028 [ 68.352188][ T3312] post_alloc_hook+0x10f/0x130 [ 68.357224][ T3312] get_page_from_freelist+0x37f4/0x3920 [ 68.362845][ T3312] __alloc_pages_noprof+0x256/0x670 [ 68.368394][ T3312] alloc_slab_page+0x5f/0x120 [ 68.373151][ T3312] allocate_slab+0x5d/0x290 [ 68.377920][ T3312] ___slab_alloc+0xa7f/0x11d0 [ 68.382815][ T3312] __kmalloc_noprof+0x25a/0x440 [ 68.387887][ T3312] tomoyo_realpath_from_path+0xcf/0x5e0 [ 68.393569][ T3312] tomoyo_check_open_permission+0x25d/0xa10 [ 68.399747][ T3312] security_file_open+0x65/0x90 [ 68.404606][ T3312] do_dentry_open+0x3a3/0x1300 [ 68.409563][ T3312] vfs_open+0x3e/0x330 [ 68.413984][ T3312] path_openat+0x2acf/0x3410 [ 68.419151][ T3312] do_filp_open+0x235/0x490 [ 68.423936][ T3312] do_sys_openat2+0x13e/0x1d0 [ 68.428742][ T3312] __x64_sys_openat+0x247/0x2a0 [ 68.433696][ T3312] page last free pid 3306 tgid 3306 stack trace: [ 68.440209][ T3312] free_unref_page+0xbae/0xcf0 [ 68.445349][ T3312] __put_partials+0x18e/0x1d0 [ 68.450088][ T3312] put_cpu_partial+0x151/0x1b0 [ 68.454923][ T3312] __slab_free+0x2b8/0x3a0 [ 68.459535][ T3312] qlist_free_all+0x9e/0x140 [ 68.464156][ T3312] kasan_quarantine_reduce+0x14f/0x170 [ 68.469788][ T3312] __kasan_slab_alloc+0x23/0x80 [ 68.474874][ T3312] kmem_cache_alloc_noprof+0x12b/0x350 [ 68.481315][ T3312] getname_flags+0xb7/0x540 [ 68.486007][ T3312] do_sys_openat2+0xd2/0x1d0 [ 68.490993][ T3312] __x64_sys_openat+0x247/0x2a0 [ 68.496050][ T3312] do_syscall_64+0x8d/0x190 [ 68.500594][ T3312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.506671][ T3312] [ 68.509007][ T3312] Memory state around the buggy address: [ 68.514740][ T3312] ffff88811f99e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.522981][ T3312] ffff88811f99e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.531670][ T3312] >ffff88811f99e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.540716][ T3312] ^ [ 68.546535][ T3312] ffff88811f99e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.555409][ T3312] ffff88811f99e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.565034][ T3312] ================================================================== [ 68.574238][ T3312] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 68.582297][ T3312] Kernel Offset: disabled [ 68.587171][ T3312] Rebooting in 86400 seconds..