Warning: Permanently added '10.128.0.244' (ED25519) to the list of known hosts. [ 40.776497][ T6162] chnl_net:caif_netlink_parms(): no params data found [ 40.803393][ T6162] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.805266][ T6162] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.806958][ T6162] bridge_slave_0: entered allmulticast mode [ 40.808809][ T6162] bridge_slave_0: entered promiscuous mode [ 40.811819][ T6162] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.813500][ T6162] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.815421][ T6162] bridge_slave_1: entered allmulticast mode [ 40.817154][ T6162] bridge_slave_1: entered promiscuous mode [ 40.829443][ T6162] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.832759][ T6162] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.843005][ T6162] team0: Port device team_slave_0 added [ 40.845429][ T6162] team0: Port device team_slave_1 added [ 40.855349][ T6162] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.856987][ T6162] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.862484][ T6162] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.866382][ T6162] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.868005][ T6162] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.873714][ T6162] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.946091][ T6162] hsr_slave_0: entered promiscuous mode [ 40.994563][ T6162] hsr_slave_1: entered promiscuous mode [ 41.095712][ T6162] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 41.136379][ T6162] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 41.205700][ T6162] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 41.245835][ T6162] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 41.307267][ T6162] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.308903][ T6162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.310801][ T6162] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.312410][ T6162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.337287][ T6162] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.343947][ T1392] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.357134][ T1392] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.363241][ T6162] 8021q: adding VLAN 0 to HW filter on device team0 [ 41.368668][ T1693] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.370284][ T1693] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.375440][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.377043][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.407298][ T6162] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.426649][ T6162] veth0_vlan: entered promiscuous mode [ 41.430811][ T6162] veth1_vlan: entered promiscuous mode [ 41.442507][ T6162] veth0_macvtap: entered promiscuous mode [ 41.446209][ T6162] veth1_macvtap: entered promiscuous mode [ 41.453907][ T6162] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 41.459948][ T6162] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 41.463492][ T6162] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.466853][ T6162] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.468742][ T6162] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.470608][ T6162] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.507387][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.510125][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 41.522651][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 41.524516][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 executing program [ 41.531481][ T6162] jffs2: notice: (6162) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 41.539076][ T6162] jffs2: warning: (6162) save_xattr_datum: jffs2_flash_writev()=-22, req=65574, wrote=32, at 0x01d00c [ 41.542332][ T6173] ================================================================== [ 41.544150][ T6173] BUG: KASAN: slab-out-of-bounds in jffs2_sum_add_kvec+0x99c/0x11e4 [ 41.546047][ T6173] Read of size 4 at addr ffff0000d8ccacbc by task jffs2_gcd_mtd0/6173 [ 41.547868][ T6173] [ 41.548415][ T6173] CPU: 1 PID: 6173 Comm: jffs2_gcd_mtd0 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 [ 41.550703][ T6173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 41.553009][ T6173] Call trace: [ 41.553756][ T6173] dump_backtrace+0x1b8/0x1e4 [ 41.554832][ T6173] show_stack+0x2c/0x3c [ 41.555817][ T6173] dump_stack_lvl+0xd0/0x124 [ 41.556938][ T6173] print_report+0x178/0x518 [ 41.558035][ T6173] kasan_report+0xd8/0x138 [ 41.559048][ T6173] __asan_report_load4_noabort+0x20/0x2c [ 41.560266][ T6173] jffs2_sum_add_kvec+0x99c/0x11e4 [ 41.561419][ T6173] jffs2_flash_direct_writev+0xa8/0xe8 [ 41.562704][ T6173] jffs2_flash_writev+0x13c/0x11ac [ 41.563903][ T6173] jffs2_write_dnode+0x3cc/0xb80 [ 41.565046][ T6173] jffs2_garbage_collect_live+0x1098/0x3640 [ 41.566443][ T6173] jffs2_garbage_collect_pass+0x1470/0x1a50 [ 41.567746][ T6173] jffs2_garbage_collect_thread+0x414/0x48c [ 41.569113][ T6173] kthread+0x288/0x310 [ 41.570065][ T6173] ret_from_fork+0x10/0x20 [ 41.571166][ T6173] [ 41.571770][ T6173] Allocated by task 6162: [ 41.572771][ T6173] kasan_save_track+0x40/0x78 [ 41.573891][ T6173] kasan_save_alloc_info+0x40/0x50 [ 41.575050][ T6173] __kasan_kmalloc+0xac/0xc4 [ 41.576177][ T6173] __kmalloc+0x2bc/0x5d4 [ 41.577204][ T6173] jffs2_do_mount_fs+0x120/0x1d00 [ 41.578268][ T6173] jffs2_do_fill_super+0x480/0x9f8 [ 41.579469][ T6173] jffs2_fill_super+0x248/0x280 [ 41.580559][ T6173] mtd_get_sb+0x174/0x398 [ 41.581511][ T6173] mtd_get_sb_by_nr+0x94/0xb0 [ 41.582577][ T6173] get_tree_mtd+0x4e4/0x680 [ 41.583619][ T6173] jffs2_get_tree+0x28/0x38 [ 41.584662][ T6173] vfs_get_tree+0x90/0x288 [ 41.585776][ T6173] do_new_mount+0x278/0x900 [ 41.586759][ T6173] path_mount+0x590/0xe04 [ 41.587798][ T6173] __arm64_sys_mount+0x45c/0x594 [ 41.588908][ T6173] invoke_syscall+0x98/0x2b8 [ 41.589960][ T6173] el0_svc_common+0x130/0x23c [ 41.591022][ T6173] do_el0_svc+0x48/0x58 [ 41.591859][ T6173] el0_svc+0x54/0x168 [ 41.592784][ T6173] el0t_64_sync_handler+0x84/0xfc [ 41.594014][ T6173] el0t_64_sync+0x190/0x194 [ 41.595096][ T6173] [ 41.595650][ T6173] The buggy address belongs to the object at ffff0000d8cca000 [ 41.595650][ T6173] which belongs to the cache kmalloc-4k of size 4096 [ 41.598940][ T6173] The buggy address is located 956 bytes to the right of [ 41.598940][ T6173] allocated 2304-byte region [ffff0000d8cca000, ffff0000d8cca900) [ 41.602302][ T6173] [ 41.602904][ T6173] The buggy address belongs to the physical page: [ 41.604361][ T6173] page:00000000c4bc55ea refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118cc8 [ 41.606722][ T6173] head:00000000c4bc55ea order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 41.608755][ T6173] anon flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 41.610759][ T6173] page_type: 0xffffffff() [ 41.611676][ T6173] raw: 05ffc00000000840 ffff0000c0002140 0000000000000000 dead000000000001 [ 41.613602][ T6173] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 41.615660][ T6173] page dumped because: kasan: bad access detected [ 41.617176][ T6173] [ 41.617730][ T6173] Memory state around the buggy address: [ 41.619075][ T6173] ffff0000d8ccab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.620863][ T6173] ffff0000d8ccac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.622692][ T6173] >ffff0000d8ccac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.624427][ T6173] ^ [ 41.625770][ T6173] ffff0000d8ccad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.627750][ T6173] ffff0000d8ccad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.629641][ T6173] ================================================================== [ 41.635493][ T6173] Disabling lock debugging due to kernel taint [ 41.636991][ T6173] jffs2: Write of 68 bytes at 0x0002d034 failed. returned -22, retlen 0 [ 41.638806][ T6173] jffs2: Not marking the space at 0x0002d034 as dirty because the flash driver returned retlen zero [ 41.641302][ T6173] jffs2: error: (6173) __jffs2_dbg_acct_sanity_check_nolock: eeep, space accounting for block at 0x00000000 is screwed. [ 41.644086][ T6173] jffs2: error: (6173) __jffs2_dbg_acct_sanity_check_nolock: free 0x000000 + dirty 0x000000 + used 0x000000 + wasted 0x000000 + unchecked 0x000000 != total 0x001000. [ 41.648106][ T6173] ------------[ cut here ]------------ [ 41.649333][ T6173] kernel BUG at fs/jffs2/debug.c:38! [ 41.650417][ T6173] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 41.652078][ T6173] Modules linked in: [ 41.652914][ T6173] CPU: 1 PID: 6173 Comm: jffs2_gcd_mtd0 Tainted: G B 6.8.0-rc7-syzkaller-g707081b61156 #0 [ 41.655418][ T6173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 41.657845][ T6173] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 41.659711][ T6173] pc : __jffs2_dbg_acct_sanity_check_nolock+0x57c/0x76c [ 41.661393][ T6173] lr : __jffs2_dbg_acct_sanity_check_nolock+0x57c/0x76c [ 41.662984][ T6173] sp : ffff800097947440 [ 41.663918][ T6173] x29: ffff8000979474b0 x28: ffff0000d8ccaccc x27: 0000000000000000 [ 41.665814][ T6173] x26: 0000000000000000 x25: 0000000000000000 x24: ffff0000d8f68180 [ 41.667722][ T6173] x23: 0000000000000000 x22: 0000000000000000 x21: ffff0000d8ccacc4 [ 41.669554][ T6173] x20: dfff800000000000 x19: 000000000000181d x18: 1fffe00036804396 [ 41.671432][ T6173] x17: 0000000000000000 x16: ffff80008aca6b80 x15: 0000000000000001 [ 41.673428][ T6173] x14: 1ffff00012f28da8 x13: 0000000000000000 x12: 0000000000000000 [ 41.675279][ T6173] x11: 0000000000000002 x10: 0000000000ff0100 x9 : a157a05fb2900e00 [ 41.677196][ T6173] x8 : a157a05fb2900e00 x7 : 0000000000000001 x6 : 0000000000000001 [ 41.679076][ T6173] x5 : ffff800097946d58 x4 : ffff80008ed822c0 x3 : ffff80008036f0d8 [ 41.680891][ T6173] x2 : 0000000000000001 x1 : 0000000100000001 x0 : 00000000000000a3 [ 41.682831][ T6173] Call trace: [ 41.683556][ T6173] __jffs2_dbg_acct_sanity_check_nolock+0x57c/0x76c [ 41.685156][ T6173] __jffs2_dbg_acct_sanity_check+0x38/0x54 [ 41.686498][ T6173] jffs2_write_dnode+0x4ec/0xb80 [ 41.687690][ T6173] jffs2_garbage_collect_live+0x1098/0x3640 [ 41.689170][ T6173] jffs2_garbage_collect_pass+0x1470/0x1a50 [ 41.690567][ T6173] jffs2_garbage_collect_thread+0x414/0x48c [ 41.691895][ T6173] kthread+0x288/0x310 [ 41.692786][ T6173] ret_from_fork+0x10/0x20 [ 41.693728][ T6173] Code: 2a1703e6 2a1603e7 b90003e8 959b3174 (d4210000) [ 41.695319][ T6173] ---[ end trace 0000000000000000 ]--- [ 41.999357][ T6173] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 42.000976][ T6173] SMP: stopping secondary CPUs [ 42.002087][ T6173] Kernel Offset: disabled [ 42.003163][ T6173] CPU features: 0x0,00000081,c0080094,42017203 [ 42.004543][ T6173] Memory Limit: none [ 42.303708][ T6173] Rebooting in 86400 seconds..