Warning: Permanently added '10.128.10.15' (ED25519) to the list of known hosts. 1970/01/01 00:00:46 ignoring optional flag "type"="gce" 1970/01/01 00:00:46 parsed 1 programs [ 46.800884][ T6731] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS 1970/01/01 00:00:46 executed programs: 0 [ 46.816211][ T6136] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 46.818795][ T6136] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 46.820457][ T6136] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 46.822172][ T6136] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 46.823632][ T6136] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 46.873590][ T6737] chnl_net:caif_netlink_parms(): no params data found [ 46.895161][ T6737] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.895234][ T6737] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.895287][ T6737] bridge_slave_0: entered allmulticast mode [ 46.895694][ T6737] bridge_slave_0: entered promiscuous mode [ 46.896413][ T6737] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.896458][ T6737] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.896508][ T6737] bridge_slave_1: entered allmulticast mode [ 46.896904][ T6737] bridge_slave_1: entered promiscuous mode [ 46.907754][ T6737] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.908694][ T6737] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.915795][ T6737] team0: Port device team_slave_0 added [ 46.916440][ T6737] team0: Port device team_slave_1 added [ 46.923451][ T6737] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.923471][ T6737] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.923487][ T6737] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.923984][ T6737] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.923990][ T6737] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.923999][ T6737] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.942157][ T6737] hsr_slave_0: entered promiscuous mode [ 46.942420][ T6737] hsr_slave_1: entered promiscuous mode [ 47.206457][ T6737] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.209175][ T6737] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.213193][ T6737] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.216504][ T6737] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.226688][ T6737] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.226741][ T6737] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.226819][ T6737] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.226846][ T6737] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.246699][ T6737] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.253413][ T282] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.254869][ T282] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.259683][ T6737] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.264658][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.264695][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.269804][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.269844][ T282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.326838][ T6737] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.343858][ T6737] veth0_vlan: entered promiscuous mode [ 47.347232][ T6737] veth1_vlan: entered promiscuous mode [ 47.357173][ T6737] veth0_macvtap: entered promiscuous mode [ 47.359892][ T6737] veth1_macvtap: entered promiscuous mode [ 47.367193][ T6737] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 47.371223][ T6737] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 47.376166][ T4769] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.376450][ T4769] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.376471][ T4769] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.376483][ T4769] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.427406][ T6815] jffs2: notice: (6815) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 47.450218][ T6820] jffs2: notice: (6820) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 47.469004][ T6825] jffs2: notice: (6825) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 47.489106][ T6831] jffs2: notice: (6831) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 47.493116][ T6816] ================================================================== [ 47.493124][ T6816] BUG: KASAN: slab-use-after-free in __mutex_lock_common+0x144/0x2678 [ 47.493142][ T6816] Read of size 8 at addr ffff0000d485e130 by task jffs2_gcd_mtd0/6816 [ 47.493147][ T6816] [ 47.493151][ T6816] CPU: 0 UID: 0 PID: 6816 Comm: jffs2_gcd_mtd0 Not tainted syzkaller #0 PREEMPT [ 47.493158][ T6816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 47.493162][ T6816] Call trace: [ 47.493164][ T6816] show_stack+0x2c/0x3c (C) [ 47.493173][ T6816] __dump_stack+0x30/0x40 [ 47.493180][ T6816] dump_stack_lvl+0xd8/0x12c [ 47.493185][ T6816] print_address_description+0xa8/0x238 [ 47.493191][ T6816] print_report+0x68/0x84 [ 47.493196][ T6816] kasan_report+0xb0/0x110 [ 47.493203][ T6816] __asan_report_load8_noabort+0x20/0x2c [ 47.493208][ T6816] __mutex_lock_common+0x144/0x2678 [ 47.493215][ T6816] mutex_lock_interruptible_nested+0x2c/0x38 [ 47.493221][ T6816] jffs2_garbage_collect_pass+0xa0/0x19c0 [ 47.493227][ T6816] jffs2_garbage_collect_thread+0x3c0/0x430 [ 47.493232][ T6816] kthread+0x5fc/0x75c [ 47.493237][ T6816] ret_from_fork+0x10/0x20 [ 47.493244][ T6816] [ 47.493245][ T6816] Allocated by task 6815: [ 47.493248][ T6816] kasan_save_track+0x40/0x78 [ 47.493254][ T6816] kasan_save_alloc_info+0x44/0x54 [ 47.493258][ T6816] __kasan_kmalloc+0x9c/0xb4 [ 47.493263][ T6816] __kmalloc_cache_noprof+0x2a4/0x3fc [ 47.493270][ T6816] jffs2_init_fs_context+0x58/0xc0 [ 47.493274][ T6816] alloc_fs_context+0x538/0x76c [ 47.493279][ T6816] fs_context_for_mount+0x34/0x44 [ 47.493284][ T6816] do_new_mount+0x140/0x7f4 [ 47.493289][ T6816] path_mount+0x5b4/0xde0 [ 47.493293][ T6816] __arm64_sys_mount+0x3e8/0x468 [ 47.493298][ T6816] invoke_syscall+0x98/0x254 [ 47.493303][ T6816] el0_svc_common+0x130/0x23c [ 47.493308][ T6816] do_el0_svc+0x48/0x58 [ 47.493312][ T6816] el0_svc+0x5c/0x254 [ 47.493316][ T6816] el0t_64_sync_handler+0x84/0x12c [ 47.493320][ T6816] el0t_64_s ** replaying previous printk message ** [ 47.493320][ T6816] el0t_64_sync+0x198/0x19c [ 47.493325][ T6816] [ 47.493326][ T6816] Freed by task 6737: [ 47.493328][ T6816] kasan_save_track+0x40/0x78 [ 47.493334][ T6816] kasan_save_free_info+0x58/0x70 [ 47.493338][ T6816] __kasan_slab_free+0x74/0x98 [ 47.493343][ T6816] kfree+0x17c/0x474 [ 47.493348][ T6816] jffs2_kill_sb+0x9c/0xb0 [ 47.493352][ T6816] deactivate_locked_super+0xc4/0x12c [ 47.493357][ T6816] deactivate_super+0xe0/0x100 [ 47.493361][ T6816] cleanup_mnt+0x31c/0x3ac [ 47.493365][ T6816] __cleanup_mnt+0x20/0x30 [ 47.493370][ T6816] task_work_run+0x1dc/0x260 [ 47.493375][ T6816] exit_to_user_mode_loop+0xfc/0x168 [ 47.493382][ T6816] el0_svc+0x170/0x254 [ 47.493385][ T6816] el0t_64_sync_handler+0x84/0x12c [ 47.493389][ T6816] el0t_64_sync+0x198/0x19c [ 47.493393][ T6816] [ 47.493394][ T6816] The buggy address belongs to the object at ffff0000d485e000 [ 47.493394][ T6816] which belongs to the cache kmalloc-4k of size 4096 [ 47.493398][ T6816] The buggy address is located 304 bytes inside of [ 47.493398][ T6816] freed 4096-byte region [ffff0000d485e000, ffff0000d485f000) [ 47.493404][ T6816] [ 47.493405][ T6816] The buggy address belongs to the physical page: [ 47.493409][ T6816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114858 [ 47.493414][ T6816] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 47.493418][ T6816] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 47.493424][ T6816] page_type: f5(slab) [ 47.493429][ T6816] raw: 05ffc00000000040 ffff0000c0002140 dead000000000122 0000000000000000 [ 47.493433][ T6816] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 47.493437][ T6816] head: 05ffc00000000040 ffff0000c0002140 dead000000000122 0000000000000000 [ 47.493441][ T6816] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 47.493445][ T6816] head: 05ffc00000000003 fffffdffc3521601 00000000ffffffff 00000000ffffffff [ 47.493449][ T6816] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 47.493451][ T6816] page dumped because: kasan: bad access detected [ 47.493453][ T6816] [ 47.493454][ T6816] Memory state around the buggy address: [ 47.493457][ T6816] ffff0000d485e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.493460][ T6816] ffff0000d485e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.493464][ T6816] >ffff0000d485e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.493466][ T6816] ^ [ 47.493469][ T6816] ffff0000d485e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.493471][ T6816] ffff0000d485e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.493474][ T6816] ================================================================== [ 47.523762][ T6821] jffs2: Erase at 0x0001e000 failed immediately: errno -524 [ 47.523804][ T6821] jffs2: Erase at 0x0001d000 failed immediately: errno -524 [ 47.523815][ T6821] jffs2: Erase at 0x0001c000 failed immediately: errno -524 [ 47.523825][ T6821] jffs2: Erase at 0x0001b000 failed immediately: errno -524 [ 47.523835][ T6821] jffs2: Erase at 0x0001a000 failed immediately: errno -524 [ 47.523845][ T6821] jffs2: Erase at 0x00019000 failed immediately: errno -524 [ 47.523854][ T6821] jffs2: Erase at 0x00018000 failed immediately: errno -524 [ 47.523864][ T6821] jffs2: Erase at 0x00017000 failed immediately: errno -524 [ 47.523874][ T6821] jffs2: Erase at 0x00016000 failed immediately: errno -524 [ 47.523883][ T6821] jffs2: Erase at 0x00015000 failed immediately: errno -524 [ 47.523898][ T6821] jffs2: Erase at 0x00014000 failed immediately: errno -524 [ 47.523908][ T6821] jffs2: Erase at 0x00013000 failed immediately: errno -524 [ 47.523918][ T6821] jffs2: Erase at 0x00012000 failed immediately: errno -524 [ 47.523929][ T6821] jffs2: Erase at 0x00011000 failed immediately: errno -524 [ 47.523939][ T6821] jffs2: Erase at 0x00010000 failed immediately: errno -524 [ 47.523949][ T6821] jffs2: Erase at 0x0000f000 failed immediately: errno -524 [ 47.523958][ T6821] jffs2: Erase at 0x0000e000 failed immediately: errno -524 [ 47.523968][ T6821] jffs2: Erase at 0x0000d000 failed immediately: errno -524 [ 47.523977][ T6821] jffs2: Erase at 0x0000c000 failed immediately: errno -524 [ 47.523986][ T6821] jffs2: Erase at 0x0000b000 failed immediately: errno -524 [ 47.523996][ T6821] jffs2: Erase at 0x0000a000 failed immediately: errno -524 [ 47.524007][ T6821] jffs2: Erase at 0x00009000 failed immediately: errno -524 [ 47.524017][ T6821] jffs2: Erase at 0x00008000 failed immediately: errno -524 [ 47.524026][ T6821] jffs2: Erase at 0x00007000 failed immediately: errno -524 [ 47.524036][ T6821] jffs2: Erase at 0x00006000 failed immediately: errno -524 [ 47.524045][ T6821] jffs2: Erase at 0x00005000 failed immediately: errno -524 [ 47.524054][ T6821] jffs2: Erase at 0x00004000 failed immediately: errno -524 [ 47.524063][ T6821] jffs2: Erase at 0x00003000 failed immediately: errno -524 [ 47.524073][ T6821] jffs2: Erase at 0x00002000 failed immediately: errno -524 [ 47.524081][ T6821] slab kmalloc-4k start ffff0000dbed4000 pointer offset 0 size 4096 [ 47.524096][ T6821] list_del corruption. next->prev should be ffff0000dbed4048, but was 07ac03c000001a51. (next=ffff0000dbed4000) [ 47.524236][ T6821] ------------[ cut here ]------------ [ 47.524238][ T6821] kernel BUG at lib/list_debug.c:67! [ 47.524260][ T6821] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 47.599985][ T6821] Modules linked in: [ 47.600583][ T6821] CPU: 1 UID: 0 PID: 6821 Comm: jffs2_gcd_mtd0 Not tainted syzkaller #0 PREEMPT [ 47.600594][ T6816] jffs2: Erase at 0x0001e000 failed immediately: errno -524 [ 47.603063][ T6821] Tainted: [B]=BAD_PAGE [ 47.603066][ T6816] jffs2: Erase at 0x0001d000 failed immediately: errno -524 [ 47.604905][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 [ 47.604911][ T6816] jffs2: Erase at 0x0001c000 failed immediately: errno -524 [ ** replaying previous printk message ** [ 47.607681][ T6816] jffs2: Erase at 0x0001b000 failed immediately: errno -524 [ 47.607676][ T6821] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 47.610575][ T6821] pc : __list_del_entry_valid_or_report+0x1b0/0x1b4 ** replaying previous printk message ** [ 47.610604][ T6816] jffs2: Erase at 0x0001a000 failed immediately: errno -524 [ 47.613140][ T6821] lr : __list_del_entry_valid_or_report+0x1b0/0x1b4 [ 47.613151][ T6816] jffs2: Erase at 0x00019000 failed immediately: errno -524 [ 47.615326][ T6821] sp : ffff8000a53a78a0 ** replaying previous printk message ** [ 47.615334][ T6816] jffs2: Erase at 0x00018000 failed immediately: errno -524 [ 47.617563][ T6821] x29: ffff8000a53a78a0 [ 47.617570][ T6816] jffs2: Erase at 0x00017000 failed immediately: errno -524 [ 47.619232][ T6821] x28: ffff0000dbed4048 [ 47.619238][ T6816] jffs2: Erase at 0x00016000 failed immediately: errno -524 [ 47.620969][ T6821] x27: ffff0000c27c0238 [ 47.620975][ T6816] jffs2: Erase at 0x00015000 failed immediately: errno -524 [ 47.622637][ T6821] ** replaying previous printk message ** [ 47.622644][ T6816] jffs2: Erase at 0x00014000 failed immediately: errno -524 [ 47.624470][ T6821] x26: ffff0000c27c0208 [ 47.624475][ T6816] jffs2: Erase at 0x00013000 failed immediately: errno -524 [ 47.626180][ T6821] x25: ffff0000c27c0228 [ 47.626186][ T6816] jffs2: Erase at 0x00012000 failed immediately: errno -524 [ 47.627995][ T6821] x24: dfff800000000000 [ 47.628001][ T6816] jffs2: Erase at 0x00011000 failed immediately: errno -524 [ 47.629556][ T6821] ** replaying previous printk message ** [ 47.629561][ T6816] jffs2: Erase at 0x00010000 failed immediately: errno -524 [ 47.631461][ T6821] x23: 1fffe0001b7da801 x22: dfff800000000000 x21: ffff0000dbed4008 [ 47.631503][ T6827] Unable to handle kernel paging request at virtual address dfff800000000109 [ 47.631514][ T6827] KASAN: null-ptr-deref in range [0x0000000000000848-0x000000000000084f] [ 47.631521][ T6827] Mem abort info: [ 47.631525][ T6827] ESR = 0x0000000096000005 [ 47.631530][ T6827] EC = 0x25: DABT (current EL), IL = 32 bits [ 47.631536][ T6827] SET = 0, FnV = 0 [ 47.631541][ T6827] EA = 0, S1PTW = 0 [ 47.631546][ T6827] FSC = 0x05: level 1 translation fault [ 47.631552][ T6827] Data abort info: [ 47.631556][ T6827] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 47.631561][ T6827] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 47.631567][ T6827] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 47.631573][ T6827] [dfff800000000109] address between user and kernel address ranges [ 47.643885][ T6821] x20: ffff0000dbed4000 x19: ffff0000dbed4048 x18: 00000000ffffffff [ 47.645159][ T6821] x17: 20747562202c3834 x16: ffff80008b065ce0 x15: 0000000000000001 [ 47.646366][ T6821] x14: 1ffff00014a74e50 x13: 0000000000000000 x12: 0000000000000000 [ 47.647615][ T6821] x11: 00000000e75a0dea x10: 0000000000ff0100 x9 : 64c1cb5006a0c400 [ 47.648992][ T6821] x8 : 64c1cb5006a0c400 x7 : ffff80008056636c x6 : 0000000000000000 [ 47.650343][ T6821] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 [ 47.651593][ T6821] x2 : 0000000000000002 x1 : 0000000100000001 x0 : 000000000000006d [ 47.652875][ T6821] Call trace: [ 47.653385][ T6821] __list_del_entry_valid_or_report+0x1b0/0x1b4 (P) [ 47.654465][ T6821] jffs2_erase_pending_blocks+0x2e0/0x1cd4 [ 47.655338][ T6821] jffs2_garbage_collect_pass+0x524/0x19c0 [ 47.656220][ T6821] jffs2_garbage_collect_thread+0x3c0/0x430 [ 47.657157][ T6821] kthread+0x5fc/0x75c [ 47.657718][ T6821] ret_from_fork+0x10/0x20 [ 47.658430][ T6821] Code: 91370000 aa1303e1 aa1403e3 973fd941 (d4210000) [ 47.659447][ T6821] ---[ end trace 0000000000000000 ]--- [ 47.911362][ T6821] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 47.912335][ T6821] SMP: stopping secondary CPUs [ 48.978116][ T6821] SMP: failed to stop secondary CPUs 0 [ 48.978917][ T6821] Kernel Offset: disabled [ 48.979576][ T6821] CPU features: 0x080000,0000f000,21381141,5427fea7 [ 48.980535][ T6821] Memory Limit: none [ 49.198255][ T6821] Rebooting in 86400 seconds..