Warning: Permanently added '10.128.0.109' (ED25519) to the list of known hosts. 1970/01/01 00:00:45 ignoring optional flag "type"="gce" 1970/01/01 00:00:45 parsed 1 programs 1970/01/01 00:00:45 executed programs: 0 [ 45.565402][ T6722] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 45.582380][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.582786][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.583015][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.583342][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.583538][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.629891][ T6728] chnl_net:caif_netlink_parms(): no params data found [ 45.649093][ T6728] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.649153][ T6728] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.649218][ T6728] bridge_slave_0: entered allmulticast mode [ 45.649616][ T6728] bridge_slave_0: entered promiscuous mode [ 45.650178][ T6728] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.650203][ T6728] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.650238][ T6728] bridge_slave_1: entered allmulticast mode [ 45.650616][ T6728] bridge_slave_1: entered promiscuous mode [ 45.660039][ T6728] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 45.660940][ T6728] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 45.668402][ T6728] team0: Port device team_slave_0 added [ 45.669094][ T6728] team0: Port device team_slave_1 added [ 45.677481][ T6728] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 45.677504][ T6728] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.677519][ T6728] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 45.677985][ T6728] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 45.677992][ T6728] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 45.678004][ T6728] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 45.693769][ T6728] hsr_slave_0: entered promiscuous mode [ 45.694037][ T6728] hsr_slave_1: entered promiscuous mode [ 45.943746][ T6728] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 45.946222][ T6728] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 45.951685][ T6728] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 45.953684][ T6728] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 45.965729][ T6728] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.965776][ T6728] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.965854][ T6728] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.965883][ T6728] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.978334][ T6728] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.981557][ T4779] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.983121][ T4779] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.989781][ T6728] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.994605][ T1621] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.994654][ T1621] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.995416][ T1621] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.995434][ T1621] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.002194][ T6728] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 46.002209][ T6728] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.052488][ T6728] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.064582][ T6728] veth0_vlan: entered promiscuous mode [ 46.069897][ T6728] veth1_vlan: entered promiscuous mode [ 46.078280][ T6728] veth0_macvtap: entered promiscuous mode [ 46.086264][ T6728] veth1_macvtap: entered promiscuous mode [ 46.093128][ T6728] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 46.096803][ T6728] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 46.100011][ T274] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.100058][ T274] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.100077][ T274] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.100092][ T274] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.163405][ T6802] loop0: detected capacity change from 0 to 2048 [ 46.178761][ T6802] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 46.188481][ T6802] jffs2: notice: (6802) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 46.215738][ T6808] loop0: detected capacity change from 0 to 2048 [ 46.239342][ T6808] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 46.247694][ T6806] ================================================================== [ 46.247711][ T6806] BUG: KASAN: slab-use-after-free in __mutex_lock_common+0x144/0x2678 [ 46.247733][ T6806] Read of size 8 at addr ffff0000c1ea8130 by task jffs2_gcd_mtd0/6806 [ 46.247742][ T6806] [ 46.247747][ T6806] CPU: 0 UID: 0 PID: 6806 Comm: jffs2_gcd_mtd0 Not tainted syzkaller #0 PREEMPT [ 46.247758][ T6806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 46.247762][ T6806] Call trace: [ 46.247764][ T6806] show_stack+0x2c/0x3c (C) [ 46.247773][ T6806] __dump_stack+0x30/0x40 [ 46.247779][ T6806] dump_stack_lvl+0xd8/0x12c [ 46.247784][ T6806] print_address_description+0xa8/0x238 [ 46.247792][ T6806] print_report+0x68/0x84 [ 46.247798][ T6806] kasan_report+0xb0/0x110 [ 46.247806][ T6806] __asan_report_load8_noabort+0x20/0x2c [ 46.247812][ T6806] __mutex_lock_common+0x144/0x2678 [ 46.247818][ T6806] mutex_lock_interruptible_nested+0x2c/0x38 [ 46.247825][ T6806] jffs2_garbage_collect_pass+0xa0/0x19c0 [ 46.247832][ T6806] jffs2_garbage_collect_thread+0x3c0/0x430 [ 46.247839][ T6806] kthread+0x5fc/0x75c [ 46.247846][ T6806] ret_from_fork+0x10/0x20 [ 46.247852][ T6806] [ 46.247853][ T6806] Allocated by task 6802: [ 46.247857][ T6806] kasan_save_track+0x40/0x78 [ 46.247863][ T6806] kasan_save_alloc_info+0x44/0x54 [ 46.247867][ T6806] __kasan_kmalloc+0x9c/0xb4 [ 46.247873][ T6806] __kmalloc_cache_noprof+0x2a4/0x3fc [ 46.247879][ T6806] jffs2_init_fs_context+0x58/0xc0 [ 46.247885][ T6806] alloc_fs_context+0x538/0x76c [ 46.247890][ T6806] fs_context_for_mount+0x34/0x44 [ 46.247895][ T6806] do_new_mount+0x140/0x7f4 [ 46.247899][ T6806] path_mount+0x5b4/0xde0 [ 46.247903][ T6806] __arm64_sys_mount+0x3e8/0x468 [ 46.247907][ T6806] invoke_syscall+0x98/0x254 [ 46.247911][ T6806] el0_svc_common+0x130/0x23c [ 46.247915][ T6806] do_el0_svc+0x48/0x58 [ 46.247919][ T6806] el0_svc+0x5c/0x254 [ 46.247925][ T6806] el0t_64_sync_handler+0x84/0x12c [ 46.247931][ T6806] el0t_64_sync+0x198/0x19c [ 46.247936][ T6806] [ 46.247937][ T6806] Freed by task 6728: [ 46.247940][ T6806] kasan_save_track+0x40/0x78 [ 46.247945][ T6806] kasan_save_free_info+0x58/0x70 [ 46.247949][ T6806] __kasan_slab_free+0x74/0x98 [ 46.247955][ T6806] kfree+0x17c/0x474 [ 46.247960][ T6806] jffs2_kill_sb+0x9c/0xb0 [ 46.247966][ T6806] deactivate_locked_super+0xc4/0x12c [ 46.247970][ T6806] deactivate_super+0xe0/0x100 [ 46.247974][ T6806] cleanup_mnt+0x31c/0x3ac [ 46.247978][ T6806] __cleanup_mnt+0x20/0x30 [ 46.247982][ T6806] task_work_run+0x1dc/0x260 [ 46.247987][ T6806] exit_to_user_mode_loop+0xfc/0x168 [ 46.247993][ T6806] el0_svc+0x170/0x254 [ 46.247998][ T6806] el0t_64_sync_handler+0x84/0x12c [ 46.248004][ T6806] el0t_64_sync+0x198/0x19c [ 46.248008][ T6806] [ 46.248009][ T6806] The buggy address belongs to the object at ffff0000c1ea8000 [ 46.248009][ T6806] which belongs to the cache kmalloc-4k of size 4096 [ 46.248014][ T6806] The buggy address is located 304 bytes inside of [ 46.248014][ T6806] freed 4096-byte region [ffff0000c1ea8000, ffff0000c1ea9000) [ 46.248019][ T6806] [ 46.248021][ T6806] The buggy address belongs to the physical page: [ 46.248024][ T6806] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ea8 [ 46.248030][ T6806] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 46.248034][ T6806] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 46.248040][ T6806] page_type: f5(slab) [ 46.248046][ T6806] raw: 05ffc00000000040 ffff0000c0002140 dead000000000100 dead000000000122 [ 46.248050][ T6806] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 46.248054][ T6806] head: 05ffc00000000040 ffff0000c0002140 dead000000000100 dead000000000122 [ 46.248058][ T6806] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 46.248062][ T6806] head: 05ffc00000000003 fffffdffc307aa01 00000000ffffffff 00000000ffffffff [ 46.248066][ T6806] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 46.248069][ T6806] page dumped because: kasan: bad access detected [ 46.248071][ T6806] [ 46.248072][ T6806] Memory state around the buggy address: [ 46.248075][ T6806] ffff0000c1ea8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.248079][ T6806] ffff0000c1ea8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.248082][ T6806] >ffff0000c1ea8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.248084][ T6806] ^ [ 46.248087][ T6806] ffff0000c1ea8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.248090][ T6806] ffff0000c1ea8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.248093][ T6806] ================================================================== [ 46.248103][ T6806] Disabling lock debugging due to kernel taint [ 46.248122][ T6806] Unable to handle kernel paging request at virtual address 001feafed5204cc8 [ 46.248130][ T6806] Mem abort info: [ 46.248135][ T6806] ESR = 0x0000000096000004 [ 46.248141][ T6806] EC = 0x25: DABT (current EL), IL = 32 bits [ 46.248148][ T6806] SET = 0, FnV = 0 [ 46.248153][ T6806] EA = 0, S1PTW = 0 [ 46.248158][ T6806] FSC = 0x04: level 0 translation fault [ 46.248164][ T6806] Data abort info: [ 46.248168][ T6806] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 46.248174][ T6806] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 46.248180][ T6806] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 46.248187][ T6806] [001feafed5204cc8] address between user and kernel address ranges [ 46.248194][ T6806] Internal error: Oops: 0000000096000004 [#1] SMP ** replaying previous printk message ** [ 46.255185][ T6808] jffs2: notice: (6808) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 46.337514][ T6806] Modules linked in: [ 46.338204][ T6806] CPU: 0 UID: 0 PID: 6806 Comm: jffs2_gcd_mtd0 Tainted: G B syzkaller #0 PREEMPT [ 46.339998][ T6806] Tainted: [B]=BAD_PAGE [ 46.340668][ T6806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 46.342137][ T6806] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 46.343383][ T6806] pc : mtd_erase+0x94/0x56c [ 46.344049][ T6806] lr : mtd_erase+0xb0/0x56c [ 46.344722][ T6806] sp : ffff8000a2257780 [ 46.345334][ T6806] x29: ffff8000a2257880 x28: ffff0000da382870 x27: ffff8000a2257800 [ 46.346562][ T6806] x26: dfff800000000000 x25: ffff70001444af00 x24: dfff800000000000 [ 46.347873][ T6806] x23: ffff0000da382878 x22: ffff0000c8ad00c0 x21: ffff0000c9756d00 [ 46.349118][ T6806] x20: a90357f6a9026640 x19: a90357f6a9025ff8 x18: 1fffe0003378f088 [ 46.350307][ T6806] x17: ffff80008045443c x16: ffff8000802192dc x15: 0000000000000001 [ 46.351442][ T6806] x14: 1ffff0001202cd3e x13: 0000000000000000 x12: 0000000000000000 [ 46.352677][ T6806] x11: ffff70001202cd3f x10: 0000000000ff0100 x9 : 0000000000000000 [ 46.354003][ T6806] x8 : 15206afed5204cc8 x7 : ffff800080c70844 x6 : ffff800080c6cc44 [ 46.355337][ T6806] x5 : ffff0000c8436d48 x4 : ffff8000a2257628 x3 : ffff8000851bda68 [ 46.356718][ T6806] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000 [ 46.358030][ T6806] Call trace: [ 46.358561][ T6806] mtd_erase+0x94/0x56c (P) [ 46.359258][ T6806] jffs2_erase_pending_blocks+0x97c/0x1cd4 [ 46.360178][ T6806] jffs2_garbage_collect_pass+0x524/0x19c0 [ 46.361053][ T6806] jffs2_garbage_collect_thread+0x3c0/0x430 [ 46.361963][ T6806] kthread+0x5fc/0x75c [ 46.362621][ T6806] ret_from_fork+0x10/0x20 [ 46.363346][ T6806] Code: 96d5cf8a aa1503f3 91192274 d343fe88 (387a6908) [ 46.364443][ T6806] ---[ end trace 0000000000000000 ]--- [ 46.641143][ T6806] Kernel panic - not syncing: Oops: Fatal exception [ 46.642079][ T6806] SMP: stopping secondary CPUs [ 46.642835][ T6806] Kernel Offset: disabled [ 46.643521][ T6806] CPU features: 0x080000,0000f000,21381141,5427fea7 [ 46.644548][ T6806] Memory Limit: none [ 46.904185][ T6806] Rebooting in 86400 seconds..