Warning: Permanently added '10.128.0.222' (ED25519) to the list of known hosts. 1970/01/01 00:01:03 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:04 parsed 1 programs [ 64.333849][ T6595] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS 1970/01/01 00:01:04 executed programs: 0 [ 64.373925][ T5817] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.376896][ T5817] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.379349][ T5817] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.382021][ T5817] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.384292][ T5817] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 64.386606][ T5817] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 64.455897][ T6603] chnl_net:caif_netlink_parms(): no params data found [ 64.481742][ T6603] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.483845][ T6603] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.486102][ T6603] bridge_slave_0: entered allmulticast mode [ 64.488165][ T6603] bridge_slave_0: entered promiscuous mode [ 64.491097][ T6603] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.493061][ T6603] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.495032][ T6603] bridge_slave_1: entered allmulticast mode [ 64.498093][ T6603] bridge_slave_1: entered promiscuous mode [ 64.507292][ T2282] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.509086][ T2282] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.513041][ T6603] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.516988][ T6603] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.530276][ T6603] team0: Port device team_slave_0 added [ 64.533604][ T6603] team0: Port device team_slave_1 added [ 64.543341][ T6603] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.545247][ T6603] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.552631][ T6603] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.557177][ T6603] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.559063][ T6603] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.565914][ T6603] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.627590][ T6603] hsr_slave_0: entered promiscuous mode [ 64.666411][ T6603] hsr_slave_1: entered promiscuous mode [ 65.312493][ T6603] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.316264][ T6603] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.319960][ T6603] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.323001][ T6603] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.334845][ T6603] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.336825][ T6603] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.338795][ T6603] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.340671][ T6603] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.367412][ T6603] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.373314][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.376348][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.384351][ T6603] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.391612][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.393563][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.400131][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.402114][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.485341][ T6603] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.508509][ T6603] veth0_vlan: entered promiscuous mode [ 65.513368][ T6603] veth1_vlan: entered promiscuous mode [ 65.530845][ T6603] veth0_macvtap: entered promiscuous mode [ 65.534111][ T6603] veth1_macvtap: entered promiscuous mode [ 65.542766][ T6603] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.549275][ T6603] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.553540][ T6603] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.558477][ T6603] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.560868][ T6603] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.563106][ T6603] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.605289][ T7] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.609676][ T7] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.632914][ T4140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.635008][ T4140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.714859][ T6691] loop0: detected capacity change from 0 to 2048 [ 65.750173][ T6691] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 65.765500][ T6691] jffs2: notice: (6691) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 65.826100][ T6697] ================================================================== [ 65.828473][ T6697] BUG: KASAN: slab-use-after-free in __mutex_lock_common+0x100/0x21a0 [ 65.830597][ T6697] Read of size 8 at addr ffff0000cbd82130 by task jffs2_gcd_mtd0/6697 [ 65.832240][ T6702] loop0: detected capacity change from 0 to 2048 [ 65.832755][ T6697] [ 65.832764][ T6697] CPU: 1 PID: 6697 Comm: jffs2_gcd_mtd0 Not tainted 6.9.0-rc6-syzkaller-00066-g78186bd77b47 #0 [ 65.837835][ T6697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 65.840625][ T6697] Call trace: [ 65.841484][ T6697] dump_backtrace+0x1b8/0x1e4 [ 65.842718][ T6697] show_stack+0x2c/0x3c [ 65.843810][ T6697] dump_stack_lvl+0xe4/0x150 [ 65.845059][ T6697] print_report+0x198/0x538 [ 65.846267][ T6697] kasan_report+0xd8/0x138 [ 65.847502][ T6697] __asan_report_load8_noabort+0x20/0x2c [ 65.848967][ T6697] __mutex_lock_common+0x100/0x21a0 [ 65.850347][ T6697] mutex_lock_interruptible_nested+0x2c/0x38 [ 65.851924][ T6697] jffs2_garbage_collect_pass+0xa4/0x1a50 [ 65.852391][ T6702] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 65.853408][ T6697] jffs2_garbage_collect_thread+0x414/0x48c [ 65.857456][ T6697] kthread+0x288/0x310 [ 65.858544][ T6697] ret_from_fork+0x10/0x20 [ 65.859697][ T6697] [ 65.860299][ T6697] Allocated by task 6691: [ 65.861427][ T6697] kasan_save_track+0x40/0x78 [ 65.862674][ T6697] kasan_save_alloc_info+0x40/0x50 [ 65.864057][ T6697] __kasan_kmalloc+0xac/0xc4 [ 65.865281][ T6697] kmalloc_trace+0x264/0x3f0 [ 65.866477][ T6697] jffs2_init_fs_context+0x58/0xc8 [ 65.867789][ T6697] alloc_fs_context+0x514/0x7a4 [ 65.869036][ T6697] fs_context_for_mount+0x34/0x44 [ 65.870376][ T6697] do_new_mount+0x14c/0x900 [ 65.871560][ T6697] path_mount+0x590/0xe04 [ 65.872686][ T6697] __arm64_sys_mount+0x45c/0x594 [ 65.874008][ T6697] invoke_syscall+0x98/0x2b8 [ 65.875268][ T6697] el0_svc_common+0x130/0x23c [ 65.876544][ T6697] do_el0_svc+0x48/0x58 [ 65.877623][ T6697] el0_svc+0x54/0x168 [ 65.878667][ T6697] el0t_64_sync_handler+0x84/0xfc [ 65.879985][ T6697] el0t_64_sync+0x190/0x194 [ 65.881195][ T6697] [ 65.881817][ T6697] Freed by task 6603: [ 65.882874][ T6697] kasan_save_track+0x40/0x78 [ 65.884114][ T6697] kasan_save_free_info+0x54/0x6c [ 65.885481][ T6697] poison_slab_object+0x124/0x18c [ 65.886806][ T6697] __kasan_slab_free+0x3c/0x70 [ 65.888048][ T6697] kfree+0x150/0x3e8 [ 65.889084][ T6697] jffs2_kill_sb+0x9c/0xb0 [ 65.890228][ T6697] deactivate_locked_super+0xc4/0x12c [ 65.891721][ T6697] deactivate_super+0xe0/0x100 [ 65.892981][ T6697] cleanup_mnt+0x34c/0x3dc [ 65.894141][ T6697] __cleanup_mnt+0x20/0x30 [ 65.895294][ T6697] task_work_run+0x230/0x2e0 [ 65.896510][ T6697] do_notify_resume+0x178/0x1f4 [ 65.897814][ T6697] el0_svc+0xac/0x168 [ 65.898887][ T6697] el0t_64_sync_handler+0x84/0xfc [ 65.900216][ T6697] el0t_64_sync+0x190/0x194 [ 65.901429][ T6697] [ 65.902043][ T6697] The buggy address belongs to the object at ffff0000cbd82000 [ 65.902043][ T6697] which belongs to the cache kmalloc-4k of size 4096 [ 65.905811][ T6697] The buggy address is located 304 bytes inside of [ 65.905811][ T6697] freed 4096-byte region [ffff0000cbd82000, ffff0000cbd83000) [ 65.909569][ T6697] [ 65.910202][ T6697] The buggy address belongs to the physical page: [ 65.911930][ T6697] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10bd80 [ 65.914267][ T6697] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 65.916335][ T6697] flags: 0x5ffe00000000840(slab|head|node=0|zone=2|lastcpupid=0xfff) [ 65.918596][ T6697] page_type: 0xffffffff() [ 65.919777][ T6697] raw: 05ffe00000000840 ffff0000c0002140 dead000000000100 dead000000000122 [ 65.922086][ T6697] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 65.924359][ T6697] head: 05ffe00000000840 ffff0000c0002140 dead000000000100 dead000000000122 [ 65.926756][ T6697] head: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 65.929063][ T6697] head: 05ffe00000000003 fffffdffc32f6001 fffffdffc32f6048 00000000ffffffff [ 65.931441][ T6697] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000 [ 65.933728][ T6697] page dumped because: kasan: bad access detected [ 65.935470][ T6697] [ 65.936045][ T6697] Memory state around the buggy address: [ 65.937513][ T6697] ffff0000cbd82000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.939647][ T6697] ffff0000cbd82080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.941813][ T6697] >ffff0000cbd82100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.943953][ T6697] ^ [ 65.945416][ T6697] ffff0000cbd82180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.947653][ T6697] ffff0000cbd82200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.949768][ T6697] ================================================================== [ 65.954941][ T6697] Disabling lock debugging due to kernel taint [ 65.955205][ T6702] jffs2: notice: (6702) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 65.956719][ T6697] jffs2: Erase at 0x0001e000 failed immediately: errno -524 [ 65.962957][ T6697] jffs2: Erase at 0x0001d000 failed immediately: errno -524 [ 65.965452][ T6697] jffs2: Erase at 0x0001c000 failed immediately: errno -524 [ 65.971301][ T6697] jffs2: Erase at 0x0001b000 failed immediately: errno -524 [ 65.973189][ T6697] jffs2: Erase at 0x0001a000 failed immediately: errno -524 [ 65.975088][ T6697] jffs2: Erase at 0x00019000 failed immediately: errno -524 [ 65.978794][ T6697] jffs2: Erase at 0x00018000 failed immediately: errno -524 [ 65.980707][ T6697] jffs2: Erase at 0x00017000 failed immediately: errno -524 [ 65.982748][ T6697] jffs2: Erase at 0x00016000 failed immediately: errno -524 [ 65.984711][ T6697] jffs2: Erase at 0x00015000 failed immediately: errno -524 [ 65.987233][ T6697] jffs2: Erase at 0x00014000 failed immediately: errno -524 [ 65.989140][ T6697] jffs2: Erase at 0x00013000 failed immediately: errno -524 [ 65.990993][ T6697] jffs2: Erase at 0x00012000 failed immediately: errno -524 [ 65.992899][ T6697] jffs2: Erase at 0x00011000 failed immediately: errno -524 [ 65.994810][ T6697] jffs2: Erase at 0x00010000 failed immediately: errno -524 [ 65.997501][ T6697] jffs2: Erase at 0x0000f000 failed immediately: errno -524 [ 65.999413][ T6697] jffs2: Erase at 0x0000e000 failed immediately: errno -524 [ 66.001355][ T6697] jffs2: Erase at 0x0000d000 failed immediately: errno -524 [ 66.003361][ T6697] jffs2: Erase at 0x0000c000 failed immediately: errno -524 [ 66.005239][ T6697] jffs2: Erase at 0x0000b000 failed immediately: errno -524 [ 66.016536][ T6711] Unable to handle kernel paging request at virtual address 001e9f1f1f1f1fe8 [ 66.023976][ T6718] loop0: detected capacity change from 0 to 2048 [ 66.025663][ T6697] jffs2: Erase at 0x0000a000 failed immediately: errno -524 [ 66.035304][ T6697] jffs2: Erase at 0x00009000 failed immediately: errno -524 [ 66.037682][ T6711] Mem abort info: [ 66.038637][ T6711] ESR = 0x0000000096000004 [ 66.039853][ T6711] EC = 0x25: DABT (current EL), IL = 32 bits [ 66.041288][ T6718] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 66.041483][ T6711] SET = 0, FnV = 0 [ 66.044988][ T6711] EA = 0, S1PTW = 0 [ 66.051950][ T6697] jffs2: Erase at 0x00008000 failed immediately: errno -524 [ 66.053983][ T6711] FSC = 0x04: level 0 translation fault [ 66.054887][ T6697] jffs2: Erase at 0x00007000 failed immediately: errno -524 [ 66.057816][ T6718] jffs2: notice: (6718) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 66.058477][ T6711] Data abort info: [ 66.063223][ T6711] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 66.066044][ T6711] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 66.067687][ T6711] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 66.071688][ T6711] [001e9f1f1f1f1fe8] address between user and kernel address ranges [ 66.072706][ T6697] jffs2: Erase at 0x00006000 failed immediately: errno -524 [ 66.073894][ T6711] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 66.075875][ T6697] jffs2: Erase at 0x00005000 failed immediately: errno -524 [ 66.077646][ T6711] Modules linked in: [ 66.079553][ T6697] jffs2: Erase at 0x00004000 failed immediately: errno -524 [ 66.080603][ T6711] [ 66.082459][ T6697] jffs2: Erase at 0x00003000 failed immediately: errno -524 [ 66.083054][ T6711] CPU: 0 PID: 6711 Comm: jffs2_gcd_mtd0 Tainted: G B 6.9.0-rc6-syzkaller-00066-g78186bd77b47 #0 [ 66.085188][ T6697] jffs2: Erase at 0x00002000 failed immediately: errno -524 [ 66.088129][ T6711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 66.088145][ T6711] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 66.090065][ T6697] list_del corruption. next->prev should be ffff0000ca718048, but was 062a03c6000019cb. (next=ffff0000ca718000) [ 66.092753][ T6711] pc : mtd_erase+0x98/0x5cc [ 66.095130][ T6697] ------------[ cut here ]------------ [ 66.097881][ T6711] lr : mtd_erase+0xb4/0x5cc [ 66.099054][ T6697] kernel BUG at lib/list_debug.c:67! [ 66.100576][ T6711] sp : ffff8000a08f7740 [ 66.104312][ T6711] x29: ffff8000a08f7840 x28: dfff800000000000 x27: ffff70001411eef8 [ 66.106562][ T6711] x26: ffff8000a08f77e0 x25: dfff800000000000 x24: ffff0000d969ac00 [ 66.108697][ T6711] x23: ffff0000d3c00b00 x22: 1fffe00019911510 x21: f8f8f8f8f8f8ff40 [ 66.110865][ T6711] x20: f8f8f8f8f8f8f8f8 x19: f8f8f8f8f8f8f8f8 x18: 1fffe000367bd596 [ 66.113011][ T6711] x17: ffff80008ee9d000 x16: ffff80008ae862d0 x15: 0000000000000001 [ 66.115232][ T6711] x14: 00000000ffff8000 x13: 00000000602b3d15 x12: ffff800084fc7ef0 [ 66.117449][ T6711] x11: ffff80008e6929a1 x10: 0000000000ff0100 x9 : 0000000000000000 [ 66.119609][ T6711] x8 : 1f1f1f1f1f1f1fe8 x7 : 0000000000000000 x6 : 000000000000003f [ 66.121766][ T6711] x5 : 0000000000000040 x4 : 0000000000000001 x3 : ffff80008180d904 [ 66.123938][ T6711] x2 : 0000000000000000 x1 : ffff0000d969ac00 x0 : ffff0000d3c00b00 [ 66.126110][ T6711] Call trace: [ 66.127004][ T6711] mtd_erase+0x98/0x5cc [ 66.128092][ T6711] jffs2_erase_pending_blocks+0xa94/0x1fcc [ 66.129696][ T6711] jffs2_garbage_collect_pass+0x554/0x1a50 [ 66.131227][ T6711] jffs2_garbage_collect_thread+0x414/0x48c [ 66.132774][ T6711] kthread+0x288/0x310 [ 66.133908][ T6711] ret_from_fork+0x10/0x20 [ 66.135110][ T6711] Code: 96d62ee4 aa1703f3 91192275 d343fea8 (387c6908) [ 66.137011][ T6711] ---[ end trace 0000000000000000 ]--- [ 66.567048][ T6711] Kernel panic - not syncing: Oops: Fatal exception [ 66.568954][ T6711] SMP: stopping secondary CPUs [ 67.657300][ T6711] SMP: failed to stop secondary CPUs 0-1 [ 67.658872][ T6711] Kernel Offset: disabled [ 67.660017][ T6711] CPU features: 0x0,00000103,80100128,42017203 [ 67.661653][ T6711] Memory Limit: none [ 68.090015][ T6711] Rebooting in 86400 seconds..