Warning: Permanently added '10.128.0.207' (ED25519) to the list of known hosts.
[   33.939025][   T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   33.942404][   T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   33.944834][   T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   33.947462][   T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   33.950323][   T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   33.952453][   T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
executing program
[   33.998835][ T6163] loop0: detected capacity change from 0 to 2048
[   34.004274][ T6163] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[   34.017534][ T6163] jffs2: notice: (6163) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[   34.079368][ T6169] ==================================================================
[   34.081505][ T6169] BUG: KASAN: slab-use-after-free in __mutex_lock_common+0x100/0x21a0
[   34.083756][ T6169] Read of size 8 at addr ffff0000d63d8130 by task jffs2_gcd_mtd0/6169
[   34.085909][ T6169] 
[   34.086513][ T6169] CPU: 1 PID: 6169 Comm: jffs2_gcd_mtd0 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0
[   34.089119][ T6169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   34.091788][ T6169] Call trace:
[   34.092631][ T6169]  dump_backtrace+0x1b8/0x1e4
[   34.093849][ T6169]  show_stack+0x2c/0x3c
[   34.094963][ T6169]  dump_stack_lvl+0xd0/0x124
[   34.096237][ T6169]  print_report+0x178/0x518
[   34.097429][ T6169]  kasan_report+0xd8/0x138
[   34.098634][ T6169]  __asan_report_load8_noabort+0x20/0x2c
[   34.100152][ T6169]  __mutex_lock_common+0x100/0x21a0
[   34.101598][ T6169]  mutex_lock_interruptible_nested+0x2c/0x38
[   34.103136][ T6169]  jffs2_garbage_collect_pass+0xa4/0x1a50
[   34.104662][ T6169]  jffs2_garbage_collect_thread+0x414/0x48c
[   34.106190][ T6169]  kthread+0x288/0x310
[   34.107249][ T6169]  ret_from_fork+0x10/0x20
[   34.108393][ T6169] 
[   34.109032][ T6169] Allocated by task 6163:
[   34.110188][ T6169]  kasan_save_track+0x40/0x78
[   34.111421][ T6169]  kasan_save_alloc_info+0x40/0x50
[   34.112813][ T6169]  __kasan_kmalloc+0xac/0xc4
[   34.114006][ T6169]  kmalloc_trace+0x26c/0x49c
[   34.115261][ T6169]  jffs2_init_fs_context+0x58/0xc8
[   34.116616][ T6169]  alloc_fs_context+0x514/0x7a4
[   34.117877][ T6169]  fs_context_for_mount+0x34/0x44
[   34.119216][ T6169]  do_new_mount+0x14c/0x900
[   34.120428][ T6169]  path_mount+0x590/0xe04
[   34.121586][ T6169]  __arm64_sys_mount+0x45c/0x594
[   34.122860][ T6169]  invoke_syscall+0x98/0x2b8
[   34.124061][ T6169]  el0_svc_common+0x130/0x23c
[   34.125267][ T6169]  do_el0_svc+0x48/0x58
[   34.126405][ T6169]  el0_svc+0x54/0x168
[   34.127481][ T6169]  el0t_64_sync_handler+0x84/0xfc
[   34.128801][ T6169]  el0t_64_sync+0x190/0x194
[   34.130031][ T6169] 
[   34.130634][ T6169] Freed by task 6163:
[   34.131676][ T6169]  kasan_save_track+0x40/0x78
[   34.132943][ T6169]  kasan_save_free_info+0x54/0x6c
[   34.134306][ T6169]  poison_slab_object+0x124/0x18c
[   34.135636][ T6169]  __kasan_slab_free+0x3c/0x70
[   34.136908][ T6169]  kfree+0x144/0x3cc
[   34.137952][ T6169]  jffs2_kill_sb+0x9c/0xb0
[   34.139085][ T6169]  deactivate_locked_super+0xc4/0x12c
[   34.140588][ T6169]  deactivate_super+0xe0/0x100
[   34.141839][ T6169]  cleanup_mnt+0x34c/0x3dc
[   34.143060][ T6169]  __cleanup_mnt+0x20/0x30
[   34.144227][ T6169]  task_work_run+0x230/0x2e0
[   34.145400][ T6169]  do_exit+0x618/0x1f64
[   34.146491][ T6169]  do_group_exit+0x194/0x22c
[   34.147694][ T6169]  pid_child_should_wake+0x0/0x1dc
[   34.149108][ T6169]  invoke_syscall+0x98/0x2b8
[   34.150296][ T6169]  el0_svc_common+0x130/0x23c
[   34.151529][ T6169]  do_el0_svc+0x48/0x58
[   34.152675][ T6169]  el0_svc+0x54/0x168
[   34.153704][ T6169]  el0t_64_sync_handler+0x84/0xfc
[   34.155025][ T6169]  el0t_64_sync+0x190/0x194
[   34.156262][ T6169] 
[   34.156907][ T6169] The buggy address belongs to the object at ffff0000d63d8000
[   34.156907][ T6169]  which belongs to the cache kmalloc-4k of size 4096
[   34.160561][ T6169] The buggy address is located 304 bytes inside of
[   34.160561][ T6169]  freed 4096-byte region [ffff0000d63d8000, ffff0000d63d9000)
[   34.164224][ T6169] 
[   34.164802][ T6169] The buggy address belongs to the physical page:
[   34.166571][ T6169] page:0000000090c7b243 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1163d8
[   34.169317][ T6169] head:0000000090c7b243 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   34.171635][ T6169] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   34.173804][ T6169] page_type: 0xffffffff()
[   34.174939][ T6169] raw: 05ffc00000000840 ffff0000c0002140 fffffdffc35b8600 dead000000000002
[   34.177197][ T6169] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[   34.179463][ T6169] page dumped because: kasan: bad access detected
[   34.181163][ T6169] 
[   34.181766][ T6169] Memory state around the buggy address:
[   34.183235][ T6169]  ffff0000d63d8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.185352][ T6169]  ffff0000d63d8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.187445][ T6169] >ffff0000d63d8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.189591][ T6169]                                      ^
[   34.191085][ T6169]  ffff0000d63d8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.193233][ T6169]  ffff0000d63d8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   34.195347][ T6169] ==================================================================
[   34.201579][ T6169] Disabling lock debugging due to kernel taint
[   34.203261][ T6169] Unable to handle kernel paging request at virtual address dfff800009a6e488
[   34.205540][ T6169] KASAN: probably user-memory-access in range [0x000000004d372440-0x000000004d372447]
[   34.208089][ T6169] Mem abort info:
[   34.209064][ T6169]   ESR = 0x0000000096000005
[   34.210352][ T6169]   EC = 0x25: DABT (current EL), IL = 32 bits
[   34.212043][ T6169]   SET = 0, FnV = 0
[   34.213147][ T6169]   EA = 0, S1PTW = 0
[   34.214162][ T6169]   FSC = 0x05: level 1 translation fault
[   34.215710][ T6169] Data abort info:
[   34.216659][ T6169]   ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[   34.218320][ T6169]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[   34.219921][ T6169]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[   34.221514][ T6169] [dfff800009a6e488] address between user and kernel address ranges
[   34.223608][ T6169] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[   34.225574][ T6169] Modules linked in:
[   34.226622][ T6169] CPU: 0 PID: 6169 Comm: jffs2_gcd_mtd0 Tainted: G    B              6.8.0-rc7-syzkaller-g707081b61156 #0
[   34.229660][ T6169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   34.232379][ T6169] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   34.234483][ T6169] pc : mtd_erase+0x98/0x5cc
[   34.235638][ T6169] lr : mtd_erase+0xb4/0x5cc
[   34.236877][ T6169] sp : ffff800097867740
[   34.238017][ T6169] x29: ffff800097867840 x28: dfff800000000000 x27: ffff700012f0cef8
[   34.240164][ T6169] x26: ffff8000978677e0 x25: dfff800000000000 x24: ffff0000ce86a640
[   34.242355][ T6169] x23: ffff0000c9a24b00 x22: 1fffe0001adc3910 x21: 000000004d372444
[   34.244470][ T6169] x20: 000000004d371dfc x19: 000000004d371dfc x18: 1fffe000367fff96
[   34.246571][ T6169] x17: ffff800080255c0c x16: ffff800080276f8c x15: 0000000000000001
[   34.248752][ T6169] x14: 1ffff00011ea7bfa x13: 0000000000000000 x12: ffff800084f9ea54
[   34.250882][ T6169] x11: ffff80008e48b7f0 x10: 0000000000ff0100 x9 : 0000000000000000
[   34.253134][ T6169] x8 : 0000000009a6e488 x7 : ffff8000809fd024 x6 : ffff8000809f9f7c
[   34.255304][ T6169] x5 : ffff0000d5968458 x4 : ffff8000978675e8 x3 : ffff80008184d698
[   34.257452][ T6169] x2 : 0000000000000000 x1 : ffff0000ce86a640 x0 : ffff0000c9a24b00
[   34.259589][ T6169] Call trace:
[   34.260423][ T6169]  mtd_erase+0x98/0x5cc
[   34.261506][ T6169]  jffs2_erase_pending_blocks+0xa94/0x1fcc
[   34.263055][ T6169]  jffs2_garbage_collect_pass+0x554/0x1a50
[   34.264594][ T6169]  jffs2_garbage_collect_thread+0x414/0x48c
[   34.266211][ T6169]  kthread+0x288/0x310
[   34.267376][ T6169]  ret_from_fork+0x10/0x20
[   34.268547][ T6169] Code: 96d62acf aa1703f3 91192275 d343fea8 (387c6908) 
[   34.270324][ T6169] ---[ end trace 0000000000000000 ]---
[   34.639292][ T6169] Kernel panic - not syncing: Oops: Fatal exception
[   34.641037][ T6169] SMP: stopping secondary CPUs
[   34.642334][ T6169] Kernel Offset: disabled
[   34.643481][ T6169] CPU features: 0x0,00000081,c0080094,42017203
[   34.645057][ T6169] Memory Limit: none
[   34.972086][ T6169] Rebooting in 86400 seconds..