[   86.836345][ T1208] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.15' (ED25519) to the list of known hosts.
2025/05/21 05:17:50 ignoring optional flag "sandboxArg"="0"
2025/05/21 05:17:50 ignoring optional flag "type"="gce"
2025/05/21 05:17:50 parsed 1 programs
2025/05/21 05:17:52 executed programs: 0
[   91.472545][ T6131] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   91.521583][ T5130] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   91.530851][ T5130] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   91.539070][ T5130] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   91.549023][ T5130] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   91.556698][ T5130] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   91.697635][ T6138] chnl_net:caif_netlink_parms(): no params data found
[   91.774438][ T6138] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.781777][ T6138] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.789572][ T6138] bridge_slave_0: entered allmulticast mode
[   91.796564][ T6138] bridge_slave_0: entered promiscuous mode
[   91.804129][ T6138] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.811627][ T6138] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.818958][ T6138] bridge_slave_1: entered allmulticast mode
[   91.825927][ T6138] bridge_slave_1: entered promiscuous mode
[   91.853394][ T6138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   91.864972][ T6138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.895276][ T6138] team0: Port device team_slave_0 added
[   91.903737][ T6138] team0: Port device team_slave_1 added
[   91.930704][ T6138] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.937843][ T6138] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.964312][ T6138] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.976895][ T6138] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.983963][ T6138] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.010082][ T6138] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.051623][ T6138] hsr_slave_0: entered promiscuous mode
[   92.058722][ T6138] hsr_slave_1: entered promiscuous mode
[   92.663162][ T6138] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   92.684556][ T6138] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   92.696195][ T6138] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   92.710654][ T6138] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   92.818484][ T6138] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.846253][ T6138] 8021q: adding VLAN 0 to HW filter on device team0
[   92.862174][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.869396][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.886971][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.894243][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.152948][ T6138] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.221430][ T6138] veth0_vlan: entered promiscuous mode
[   93.235366][ T6138] veth1_vlan: entered promiscuous mode
[   93.279962][ T6138] veth0_macvtap: entered promiscuous mode
[   93.291751][ T6138] veth1_macvtap: entered promiscuous mode
[   93.316910][ T6138] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.336461][ T6138] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.357069][ T6138] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.368884][ T6138] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.378707][ T6138] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.387432][ T6138] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.480815][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.497253][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.532035][ T1041] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.542531][ T1041] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.607018][ T6193] jffs2: notice: (6193) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[   93.630767][ T5830] Bluetooth: hci0: command tx timeout
[   93.696993][ T6198] jffs2: notice: (6198) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[   93.711692][ T6194] ==================================================================
[   93.721455][ T6194] BUG: KASAN: slab-use-after-free in __mutex_lock+0x144/0xe80
[   93.729039][ T6194] Read of size 8 at addr ffff8880351a0130 by task jffs2_gcd_mtd0/6194
[   93.737303][ T6194] 
[   93.739649][ T6194] CPU: 1 UID: 0 PID: 6194 Comm: jffs2_gcd_mtd0 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[   93.739667][ T6194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   93.739681][ T6194] Call Trace:
[   93.739688][ T6194]  <TASK>
[   93.739697][ T6194]  dump_stack_lvl+0x189/0x250
[   93.739718][ T6194]  ? __virt_addr_valid+0x18c/0x540
[   93.739733][ T6194]  ? rcu_is_watching+0x15/0xb0
[   93.739749][ T6194]  ? __kasan_check_byte+0x12/0x40
[   93.739771][ T6194]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.739785][ T6194]  ? rcu_is_watching+0x15/0xb0
[   93.739801][ T6194]  ? lock_release+0x4b/0x3e0
[   93.739818][ T6194]  ? __virt_addr_valid+0x18c/0x540
[   93.739832][ T6194]  ? __virt_addr_valid+0x469/0x540
[   93.739847][ T6194]  print_report+0xb4/0x290
[   93.739860][ T6194]  ? __mutex_lock+0x144/0xe80
[   93.739875][ T6194]  kasan_report+0x118/0x150
[   93.739892][ T6194]  ? __mutex_lock+0x144/0xe80
[   93.739909][ T6194]  __mutex_lock+0x144/0xe80
[   93.739925][ T6194]  ? __lock_acquire+0xaac/0xd20
[   93.739948][ T6194]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[   93.739966][ T6194]  ? __pfx___mutex_lock+0x10/0x10
[   93.739979][ T6194]  ? __free_object+0x4d4/0x6c0
[   93.739990][ T6194]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.740005][ T6194]  ? __lock_acquire+0xaac/0xd20
[   93.740023][ T6194]  jffs2_garbage_collect_pass+0xad/0x20e0
[   93.740039][ T6194]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   93.740055][ T6194]  ? _raw_spin_lock_irq+0xae/0xf0
[   93.740067][ T6194]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[   93.740080][ T6194]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[   93.740098][ T6194]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.740111][ T6194]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.740125][ T6194]  ? sigprocmask+0x15d/0x1a0
[   93.740144][ T6194]  jffs2_garbage_collect_thread+0x618/0x6c0
[   93.740165][ T6194]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[   93.740184][ T6194]  ? __kthread_parkme+0x7b/0x200
[   93.740196][ T6194]  ? __kthread_parkme+0x1a1/0x200
[   93.740209][ T6194]  kthread+0x711/0x8a0
[   93.740223][ T6194]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[   93.740239][ T6194]  ? __pfx_kthread+0x10/0x10
[   93.740252][ T6194]  ? __pfx_kthread+0x10/0x10
[   93.740264][ T6194]  ? _raw_spin_unlock_irq+0x23/0x50
[   93.740276][ T6194]  ? lockdep_hardirqs_on+0x9c/0x150
[   93.740290][ T6194]  ? __pfx_kthread+0x10/0x10
[   93.740302][ T6194]  ret_from_fork+0x4b/0x80
[   93.740314][ T6194]  ? __pfx_kthread+0x10/0x10
[   93.740326][ T6194]  ret_from_fork_asm+0x1a/0x30
[   93.740348][ T6194]  </TASK>
[   93.740352][ T6194] 
[   93.985571][ T6194] Allocated by task 6193:
[   93.989887][ T6194]  kasan_save_track+0x3e/0x80
[   93.994571][ T6194]  __kasan_kmalloc+0x93/0xb0
[   93.999151][ T6194]  __kmalloc_cache_noprof+0x230/0x3d0
[   94.004516][ T6194]  jffs2_init_fs_context+0x4f/0xc0
[   94.009617][ T6194]  alloc_fs_context+0x64e/0x7d0
[   94.014456][ T6194]  do_new_mount+0x10e/0xa40
[   94.018950][ T6194]  __se_sys_mount+0x317/0x410
[   94.023614][ T6194]  do_syscall_64+0xf6/0x210
[   94.028184][ T6194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.034339][ T6194] 
[   94.036685][ T6194] Freed by task 6138:
[   94.040663][ T6194]  kasan_save_track+0x3e/0x80
[   94.045337][ T6194]  kasan_save_free_info+0x46/0x50
[   94.050349][ T6194]  __kasan_slab_free+0x62/0x70
[   94.055202][ T6194]  kfree+0x193/0x440
[   94.059088][ T6194]  deactivate_locked_super+0xbc/0x130
[   94.064450][ T6194]  cleanup_mnt+0x425/0x4c0
[   94.068858][ T6194]  task_work_run+0x1d4/0x260
[   94.073443][ T6194]  resume_user_mode_work+0x5e/0x80
[   94.078548][ T6194]  syscall_exit_to_user_mode+0x9a/0x120
[   94.084085][ T6194]  do_syscall_64+0x103/0x210
[   94.088678][ T6194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.094582][ T6194] 
[   94.096902][ T6194] The buggy address belongs to the object at ffff8880351a0000
[   94.096902][ T6194]  which belongs to the cache kmalloc-4k of size 4096
[   94.110951][ T6194] The buggy address is located 304 bytes inside of
[   94.110951][ T6194]  freed 4096-byte region [ffff8880351a0000, ffff8880351a1000)
[   94.124828][ T6194] 
[   94.127145][ T6194] The buggy address belongs to the physical page:
[   94.133822][ T6194] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x351a0
[   94.142663][ T6194] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   94.151234][ T6194] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   94.158865][ T6194] page_type: f5(slab)
[   94.162838][ T6194] raw: 00fff00000000040 ffff88801a042140 dead000000000122 0000000000000000
[   94.171409][ T6194] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[   94.180250][ T6194] head: 00fff00000000040 ffff88801a042140 dead000000000122 0000000000000000
[   94.188914][ T6194] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[   94.197594][ T6194] head: 00fff00000000003 ffffea0000d46801 00000000ffffffff 00000000ffffffff
[   94.206337][ T6194] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   94.214993][ T6194] page dumped because: kasan: bad access detected
[   94.221500][ T6194] page_owner tracks the page as allocated
[   94.227371][ T6194] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6193, tgid 6191 (syz-executor.0), ts 93606097180, free_ts 92433379797
[   94.248986][ T6194]  post_alloc_hook+0x1d8/0x230
[   94.253740][ T6194]  get_page_from_freelist+0x21c7/0x22a0
[   94.259361][ T6194]  __alloc_frozen_pages_noprof+0x181/0x370
[   94.265155][ T6194]  alloc_pages_mpol+0x232/0x4a0
[   94.269997][ T6194]  allocate_slab+0x8a/0x3b0
[   94.274489][ T6194]  ___slab_alloc+0xbfc/0x1480
[   94.279152][ T6194]  __kmalloc_cache_noprof+0x296/0x3d0
[   94.284517][ T6194]  jffs2_init_fs_context+0x4f/0xc0
[   94.289648][ T6194]  alloc_fs_context+0x64e/0x7d0
[   94.294492][ T6194]  do_new_mount+0x10e/0xa40
[   94.298996][ T6194]  __se_sys_mount+0x317/0x410
[   94.303746][ T6194]  do_syscall_64+0xf6/0x210
[   94.308238][ T6194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.314121][ T6194] page last free pid 6157 tgid 6157 stack trace:
[   94.320445][ T6194]  __free_frozen_pages+0xb05/0xcd0
[   94.325782][ T6194]  __slab_free+0x326/0x400
[   94.330204][ T6194]  qlist_free_all+0x9a/0x140
[   94.334886][ T6194]  kasan_quarantine_reduce+0x148/0x160
[   94.340523][ T6194]  __kasan_slab_alloc+0x22/0x80
[   94.345454][ T6194]  __kmalloc_noprof+0x224/0x4f0
[   94.350298][ T6194]  tomoyo_realpath_from_path+0xe3/0x5d0
[   94.355832][ T6194]  tomoyo_path_perm+0x213/0x4b0
[   94.360678][ T6194]  security_inode_getattr+0x12f/0x330
[   94.366042][ T6194]  __x64_sys_newfstat+0xfe/0x200
[   94.370967][ T6194]  do_syscall_64+0xf6/0x210
[   94.375460][ T6194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.381346][ T6194] 
[   94.383705][ T6194] Memory state around the buggy address:
[   94.389324][ T6194]  ffff8880351a0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.397457][ T6194]  ffff8880351a0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.405505][ T6194] >ffff8880351a0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.413552][ T6194]                                      ^
[   94.419173][ T6194]  ffff8880351a0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.427571][ T6194]  ffff8880351a0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.435616][ T6194] ==================================================================
[   94.514763][ T6194] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   94.522020][ T6194] CPU: 0 UID: 0 PID: 6194 Comm: jffs2_gcd_mtd0 Not tainted 6.15.0-rc7-syzkaller-00007-g4a95bc121ccd #0 PREEMPT(full) 
[   94.534627][ T6194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   94.544783][ T6194] Call Trace:
[   94.548208][ T6194]  <TASK>
[   94.551224][ T6194]  dump_stack_lvl+0x99/0x250
[   94.555929][ T6194]  ? __asan_memcpy+0x40/0x70
[   94.560514][ T6194]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.565724][ T6194]  ? __pfx__printk+0x10/0x10
[   94.570324][ T6194]  panic+0x2db/0x790
[   94.574232][ T6194]  ? __pfx_panic+0x10/0x10
[   94.578654][ T6194]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   94.584712][ T6194]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   94.591031][ T6194]  ? print_memory_metadata+0x314/0x400
[   94.596659][ T6194]  ? __mutex_lock+0x144/0xe80
[   94.601329][ T6194]  check_panic_on_warn+0x89/0xb0
[   94.606270][ T6194]  ? __mutex_lock+0x144/0xe80
[   94.610937][ T6194]  end_report+0x78/0x160
[   94.615170][ T6194]  kasan_report+0x129/0x150
[   94.619666][ T6194]  ? __mutex_lock+0x144/0xe80
[   94.624335][ T6194]  __mutex_lock+0x144/0xe80
[   94.628845][ T6194]  ? __lock_acquire+0xaac/0xd20
[   94.633694][ T6194]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[   94.639609][ T6194]  ? __pfx___mutex_lock+0x10/0x10
[   94.644626][ T6194]  ? __free_object+0x4d4/0x6c0
[   94.649379][ T6194]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.654659][ T6194]  ? __lock_acquire+0xaac/0xd20
[   94.659515][ T6194]  jffs2_garbage_collect_pass+0xad/0x20e0
[   94.665275][ T6194]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   94.670640][ T6194]  ? _raw_spin_lock_irq+0xae/0xf0
[   94.675656][ T6194]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[   94.681192][ T6194]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[   94.687446][ T6194]  ? _raw_spin_unlock_irq+0x23/0x50
[   94.692636][ T6194]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.697833][ T6194]  ? sigprocmask+0x15d/0x1a0
[   94.702424][ T6194]  jffs2_garbage_collect_thread+0x618/0x6c0
[   94.708406][ T6194]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[   94.714925][ T6194]  ? __kthread_parkme+0x7b/0x200
[   94.719870][ T6194]  ? __kthread_parkme+0x1a1/0x200
[   94.724884][ T6194]  kthread+0x711/0x8a0
[   94.728944][ T6194]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[   94.735355][ T6194]  ? __pfx_kthread+0x10/0x10
[   94.740217][ T6194]  ? __pfx_kthread+0x10/0x10
[   94.744811][ T6194]  ? _raw_spin_unlock_irq+0x23/0x50
[   94.750001][ T6194]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.755211][ T6194]  ? __pfx_kthread+0x10/0x10
[   94.759792][ T6194]  ret_from_fork+0x4b/0x80
[   94.764208][ T6194]  ? __pfx_kthread+0x10/0x10
[   94.768914][ T6194]  ret_from_fork_asm+0x1a/0x30
[   94.773722][ T6194]  </TASK>
[   94.776998][ T6194] Kernel Offset: disabled
[   94.781327][ T6194] Rebooting in 86400 seconds..