Warning: Permanently added '10.128.0.185' (ED25519) to the list of known hosts.
2026/02/05 07:34:59 ignoring optional flag "type"="gce"
2026/02/05 07:35:00 parsed 1 programs
2026/02/05 07:35:02 executed programs: 0
[   96.985169][ T5939] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   97.087597][   T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   97.099165][   T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   97.107803][   T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   97.110248][   T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   97.120580][   T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   97.424461][ T5966] chnl_net:caif_netlink_parms(): no params data found
[   97.791887][ T5966] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.792086][ T5966] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.792242][ T5966] bridge_slave_0: entered allmulticast mode
[   97.794815][ T5966] bridge_slave_0: entered promiscuous mode
[   97.798190][ T5966] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.798385][ T5966] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.798527][ T5966] bridge_slave_1: entered allmulticast mode
[   97.803447][ T5966] bridge_slave_1: entered promiscuous mode
[   98.023518][ T5966] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.025884][ T5966] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.192680][ T5966] team0: Port device team_slave_0 added
[   98.194631][ T5966] team0: Port device team_slave_1 added
[   98.322081][ T5966] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.322096][ T5966] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   98.322118][ T5966] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.324131][ T5966] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.324143][ T5966] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   98.324165][ T5966] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.715656][ T5966] hsr_slave_0: entered promiscuous mode
[   98.716365][ T5966] hsr_slave_1: entered promiscuous mode
[   99.179970][ T5125] Bluetooth: hci0: command tx timeout
[  100.210118][ T5966] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  100.270662][ T5966] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  100.323863][ T5966] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  100.357029][ T5966] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  100.552424][ T5966] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.579590][ T5966] 8021q: adding VLAN 0 to HW filter on device team0
[  100.589230][  T159] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.589442][  T159] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.598933][ T1289] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.599150][ T1289] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.945692][ T5966] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.996635][ T5966] veth0_vlan: entered promiscuous mode
[  101.005167][ T5966] veth1_vlan: entered promiscuous mode
[  101.046977][ T5966] veth0_macvtap: entered promiscuous mode
[  101.054553][ T5966] veth1_macvtap: entered promiscuous mode
[  101.079191][ T5966] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.092784][ T5966] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.103806][ T1289] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.104497][ T1289] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.104533][ T1289] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.104565][ T1289] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.260006][ T5125] Bluetooth: hci0: command tx timeout
[  101.379115][ T6085] loop0: detected capacity change from 0 to 2048
[  101.402339][ T6085] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  101.475248][ T6085] jffs2: notice: (6085) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[  101.559955][ T6088] ==================================================================
[  101.559971][ T6088] BUG: KASAN: slab-use-after-free in mutex_lock_interruptible_nested+0x5a/0x1d0
[  101.560013][ T6088] Read of size 1 at addr ffff888033ff2128 by task jffs2_gcd_mtd0/6088
[  101.560026][ T6088] 
[  101.560047][ T6088] CPU: 1 UID: 0 PID: 6088 Comm: jffs2_gcd_mtd0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  101.560063][ T6088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  101.560078][ T6088] Call Trace:
[  101.560085][ T6088]  <TASK>
[  101.560096][ T6088]  dump_stack_lvl+0xe8/0x150
[  101.560117][ T6088]  print_report+0xba/0x230
[  101.560135][ T6088]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  101.560152][ T6088]  kasan_report+0x117/0x150
[  101.560189][ T6088]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  101.560207][ T6088]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  101.560228][ T6088]  __kasan_check_byte+0x2a/0x40
[  101.560246][ T6088]  lock_acquire+0x84/0x330
[  101.560262][ T6088]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  101.560283][ T6088]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  101.560303][ T6088]  mutex_lock_interruptible_nested+0x5a/0x1d0
[  101.560320][ T6088]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  101.560341][ T6088]  ? do_raw_spin_lock+0x12b/0x2f0
[  101.560365][ T6088]  jffs2_garbage_collect_pass+0xb0/0x2150
[  101.560392][ T6088]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  101.560414][ T6088]  ? lockdep_hardirqs_on+0x7a/0x110
[  101.560431][ T6088]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  101.560449][ T6088]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  101.560463][ T6088]  ? rt_spin_lock+0x1e0/0x400
[  101.560477][ T6088]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[  101.560498][ T6088]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  101.560516][ T6088]  ? rt_spin_unlock+0x160/0x200
[  101.560534][ T6088]  ? sigprocmask+0x15c/0x1a0
[  101.560549][ T6088]  jffs2_garbage_collect_thread+0x67c/0x710
[  101.560576][ T6088]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  101.560598][ T6088]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  101.560619][ T6088]  ? __kthread_parkme+0x7a/0x1f0
[  101.560634][ T6088]  ? __kthread_parkme+0x19c/0x1f0
[  101.560648][ T6088]  kthread+0x726/0x8b0
[  101.560666][ T6088]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  101.560688][ T6088]  ? __pfx_kthread+0x10/0x10
[  101.560705][ T6088]  ? rt_spin_unlock+0x14f/0x200
[  101.560721][ T6088]  ? rt_spin_unlock+0x160/0x200
[  101.560735][ T6088]  ? __pfx_kthread+0x10/0x10
[  101.560752][ T6088]  ret_from_fork+0x51b/0xa40
[  101.560767][ T6088]  ? __pfx_ret_from_fork+0x10/0x10
[  101.560782][ T6088]  ? __switch_to+0xc82/0x1410
[  101.560805][ T6088]  ? __pfx_kthread+0x10/0x10
[  101.560823][ T6088]  ret_from_fork_asm+0x1a/0x30
[  101.560851][ T6088]  </TASK>
[  101.560857][ T6088] 
[  101.560867][ T6088] Allocated by task 6085:
[  101.560875][ T6088]  kasan_save_track+0x3e/0x80
[  101.560895][ T6088]  __kasan_kmalloc+0x93/0xb0
[  101.560913][ T6088]  __kmalloc_cache_noprof+0x1f2/0x6b0
[  101.560931][ T6088]  jffs2_init_fs_context+0x4f/0xc0
[  101.560943][ T6088]  alloc_fs_context+0x9e3/0xd60
[  101.560956][ T6088]  do_new_mount+0x179/0xa50
[  101.560973][ T6088]  __se_sys_mount+0x31d/0x420
[  101.560991][ T6088]  do_syscall_64+0xe2/0xf80
[  101.561008][ T6088]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.561022][ T6088] 
[  101.561025][ T6088] Freed by task 5966:
[  101.561032][ T6088]  kasan_save_track+0x3e/0x80
[  101.561046][ T6088]  kasan_save_free_info+0x46/0x50
[  101.561058][ T6088]  __kasan_slab_free+0x5c/0x80
[  101.561074][ T6088]  kfree+0x1bb/0x8f0
[  101.561088][ T6088]  deactivate_locked_super+0xbc/0x130
[  101.561103][ T6088]  cleanup_mnt+0x437/0x4d0
[  101.561116][ T6088]  task_work_run+0x1d9/0x270
[  101.561133][ T6088]  exit_to_user_mode_loop+0xed/0x480
[  101.561147][ T6088]  do_syscall_64+0x2b7/0xf80
[  101.561163][ T6088]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.561183][ T6088] 
[  101.561187][ T6088] The buggy address belongs to the object at ffff888033ff2000
[  101.561187][ T6088]  which belongs to the cache kmalloc-4k of size 4096
[  101.561200][ T6088] The buggy address is located 296 bytes inside of
[  101.561200][ T6088]  freed 4096-byte region [ffff888033ff2000, ffff888033ff3000)
[  101.561215][ T6088] 
[  101.561219][ T6088] The buggy address belongs to the physical page:
[  101.561232][ T6088] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33ff0
[  101.561251][ T6088] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  101.561264][ T6088] flags: 0x80000000000040(head|node=0|zone=1)
[  101.561279][ T6088] page_type: f5(slab)
[  101.561293][ T6088] raw: 0080000000000040 ffff88813fe27140 ffffea0000cf9200 dead000000000002
[  101.561307][ T6088] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  101.561322][ T6088] head: 0080000000000040 ffff88813fe27140 ffffea0000cf9200 dead000000000002
[  101.561336][ T6088] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  101.561350][ T6088] head: 0080000000000003 ffffea0000cffc01 00000000ffffffff 00000000ffffffff
[  101.561364][ T6088] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  101.561372][ T6088] page dumped because: kasan: bad access detected
[  101.561385][ T6088] page_owner tracks the page as allocated
[  101.561390][ T6088] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 18914495823, free_ts 0
[  101.561416][ T6088]  post_alloc_hook+0x228/0x280
[  101.561439][ T6088]  get_page_from_freelist+0x28bb/0x2950
[  101.561454][ T6088]  __alloc_frozen_pages_noprof+0x18d/0x380
[  101.561469][ T6088]  alloc_pages_mpol+0xd1/0x380
[  101.561491][ T6088]  allocate_slab+0x86/0x3a0
[  101.561507][ T6088]  ___slab_alloc+0xaf8/0x13d0
[  101.561520][ T6088]  __slab_alloc+0xc5/0x1f0
[  101.561534][ T6088]  __kmalloc_cache_noprof+0x100/0x6b0
[  101.561555][ T6088]  kobject_uevent_env+0x28f/0x9e0
[  101.561567][ T6088]  kernel_add_sysfs_param+0xb1/0xe0
[  101.561586][ T6088]  param_sysfs_builtin+0x199/0x250
[  101.561603][ T6088]  param_sysfs_builtin_init+0x23/0x30
[  101.561620][ T6088]  do_one_initcall+0x250/0x840
[  101.561636][ T6088]  do_initcall_level+0x104/0x190
[  101.561649][ T6088]  do_initcalls+0x59/0xa0
[  101.561661][ T6088]  kernel_init_freeable+0x2a6/0x3d0
[  101.561673][ T6088] page_owner free stack trace missing
[  101.561678][ T6088] 
[  101.561682][ T6088] Memory state around the buggy address:
[  101.561691][ T6088]  ffff888033ff2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.561702][ T6088]  ffff888033ff2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.561711][ T6088] >ffff888033ff2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.561719][ T6088]                                   ^
[  101.561726][ T6088]  ffff888033ff2180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.561736][ T6088]  ffff888033ff2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.561744][ T6088] ==================================================================
[  101.561755][ T6088] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  101.561776][ T6088] CPU: 1 UID: 0 PID: 6088 Comm: jffs2_gcd_mtd0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  101.561795][ T6088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  101.561804][ T6088] Call Trace:
[  101.561810][ T6088]  <TASK>
[  101.561815][ T6088]  vpanic+0x1e0/0x670
[  101.561837][ T6088]  panic+0xc5/0xd0
[  101.561854][ T6088]  ? __pfx_panic+0x10/0x10
[  101.561872][ T6088]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  101.561888][ T6088]  ? rcu_is_watching+0x15/0xb0
[  101.561911][ T6088]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  101.561929][ T6088]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  101.561944][ T6088]  check_panic_on_warn+0x89/0xb0
[  101.561963][ T6088]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  101.561977][ T6088]  end_report+0x6f/0x140
[  101.561996][ T6088]  kasan_report+0x128/0x150
[  101.562017][ T6088]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  101.562036][ T6088]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  101.562060][ T6088]  __kasan_check_byte+0x2a/0x40
[  101.562082][ T6088]  lock_acquire+0x84/0x330
[  101.562098][ T6088]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  101.562119][ T6088]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  101.562138][ T6088]  mutex_lock_interruptible_nested+0x5a/0x1d0
[  101.562155][ T6088]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  101.562204][ T6088]  ? do_raw_spin_lock+0x12b/0x2f0
[  101.562226][ T6088]  jffs2_garbage_collect_pass+0xb0/0x2150
[  101.562248][ T6088]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  101.562266][ T6088]  ? lockdep_hardirqs_on+0x7a/0x110
[  101.562286][ T6088]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  101.562306][ T6088]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  101.562321][ T6088]  ? rt_spin_lock+0x1e0/0x400
[  101.562338][ T6088]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[  101.562362][ T6088]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  101.562382][ T6088]  ? rt_spin_unlock+0x160/0x200
[  101.562396][ T6088]  ? sigprocmask+0x15c/0x1a0
[  101.562411][ T6088]  jffs2_garbage_collect_thread+0x67c/0x710
[  101.562437][ T6088]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  101.562460][ T6088]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  101.562479][ T6088]  ? __kthread_parkme+0x7a/0x1f0
[  101.562497][ T6088]  ? __kthread_parkme+0x19c/0x1f0
[  101.562516][ T6088]  kthread+0x726/0x8b0
[  101.562534][ T6088]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  101.562554][ T6088]  ? __pfx_kthread+0x10/0x10
[  101.562568][ T6088]  ? rt_spin_unlock+0x14f/0x200
[  101.562583][ T6088]  ? rt_spin_unlock+0x160/0x200
[  101.562597][ T6088]  ? __pfx_kthread+0x10/0x10
[  101.562613][ T6088]  ret_from_fork+0x51b/0xa40
[  101.562631][ T6088]  ? __pfx_ret_from_fork+0x10/0x10
[  101.562646][ T6088]  ? __switch_to+0xc82/0x1410
[  101.562669][ T6088]  ? __pfx_kthread+0x10/0x10
[  101.562689][ T6088]  ret_from_fork_asm+0x1a/0x30
[  101.562717][ T6088]  </TASK>
[  101.563497][ T6088] Kernel Offset: disabled